authelia/docs/community/using-remote-user-header-for-sso-with-jira.md
James Elliott 08e674b62f
docs: refactor several areas of documentation (#1726)
Updated all links to use https://www.authelia.com/docs/.
Removed all comment sections from documented configuration on the documentation site and replaced them with their own sections.
Made all documentation inside config.template.yml double hashes, and made all commented configuration sections single quoted.
Added .yamllint.yaml to express our desired YAML styles.
Added a style guide.
Refactored many documentation areas to be 120 char widths where possible. It's by no means exhaustive but is a large start.
Added a statelessness guide for the pending Kubernetes chart introduction.
Added labels to configuration documentation and made many areas uniform.
2021-04-11 21:25:03 +10:00

1.4 KiB

layout title parent nav_order
default Using Remote-User header for SSO with Jira Community 2

Using Remote-User header for SSO with Jira

You can make Jira auto-login to the user that is currently logged in to authelia. I say "auto-login" as I couldn't find any plugin to actually be authentication provider through HTTP headers only - LDAP though seems to have support.

So this guide is targeted to authelia users that don't use any other authentication backend.

I'm using traefik with docker as an example, but any proxy that can forward authelia Remote-User header is fine.

First of all, users should exist on both Authelia and Jira, and have the same username for this to work. Also you will have to pay for a plugin.

After both steps are done:

  • Add traefik.http.middlewares.authelia.forwardauth.authResponseHeaders=Remote-User in the labels of authelia
  • Add traefik.http.routers.jira.middlewares=authelia@docker in the labels of Jira (to actually enable Authelia for the Jira instance)
  • Install EasySSO in Jira
  • Go to EasySSO preferences and add the "Remote-User" header under HTTP and tick the "Username" checkbox.
  • Save

Other Systems

While this guide is tailored for Jira, you can use a similar method with many other services like Jenkins and Grafana.