Atlassian

Configuring PingFederate for mutual SSL authentication

Steps

  1. Configure a secondary SSL port. See the property pf.secondary.https.port in the table under Configuring PingFederate properties.

  2. Import the SSL Certificate of your Atlassian server into PingFederate. See Manage trusted certificate authorities in the PingFederate documentation. If you do not have an SSL certificate for the Atlassian server you can use PingFederate’s Client Key/Certificate Utility to create one:

    1. From PingFederate’s Admin Page go to: Server Configuration > Certificate Management > SSL Client Keys & Certificates:

      nru1563995135636

    2. Click Create New.

    3. For Common Name, enter the domain of your Atlassian server.

    4. Input a value for Organization.

    5. Optionally fill out the remaining fields.

      jte1563995136151

    6. Click Next.

    7. Click Done.

    8. From the list of certificates click Export on your new certificate:

      lfj1563995136832

    9. Choose Certificate and private key.

      This creates a PKCS 12 certificate file (p12 extension), which will be used later in this guide.

    10. Click Previous and Export once again but this time choose Certificate.

      This will export the certificate file (crt extension).

    11. Import this certificate into PingFederate as a Trusted CA (Server Configuration > Certificate Management > Trusted CAs).

      See Manage trusted certificate authorities in the PingFederate documentation for more information.

  3. Create an instance of Reference ID SP Adapter.

    For a complete guide, see Configuring a Reference ID SP Adapter instance in the Agentless Integration Kit documentation.

    1. Clear the User Name and Pass Phrase fields.

    2. Input a value for Allowed Subject DN. For example, for the certificate shown in section 2.h. above, the DN would be: CN=jira-server.com, O=ACME Inc., C=US.

    3. From the Transport Mode list, select Query Parameter.