Azure-docs: Running jira behind reverse proxy

Created on 13 Aug 2018 · 22Comments · Source: MicrosoftDocs/azure-docs

When running Jira behind a reverse proxy, the URL's for Identifier, Reply URL and Sign On URL in "Microsoft Azure Active Directory single sign-on for JIRA" gets listed in http and not https, which again cases the setup to fail in Jira due to "Invalid Reply URL".
As described on https://community.atlassian.com/t5/Answers-Developer-Questions/Connecting-JIRA-to-Azure-AD/qaq-p/573166

Please correct this. The Jira instance is running behind Apache Proxy that have https towards clients, but the proxy between Apache and Jira is http.

Document Details

⚠ Do not edit this section. It is required for docs.microsoft.com ➟ GitHub issue linking.

ID: d38cad90-6574-38c2-3262-059a9f975064
Version Independent ID: dd08d5c5-65a4-c2cc-8b51-7a35268dde68
Content: Tutorial: Azure Active Directory integration with JIRA SAML SSO by Microsoft
Content Source: articles/active-directory/saas-apps/jiramicrosoft-tutorial.md
Service: active-directory
GitHub Login: @jeevansd
Microsoft Alias: jeedes

active-directorsvc assigned-to-author doc-enhancement triaged

Source

arnrist

All 22 comments

@arnrist Thanks for the feedback ! I have assigned this issue to content author to investigate and update the document as appropriate.

SaurabhSharma-MSFT on 13 Aug 2018

We are seeing the same problem. We have JIRA behind a load balancer setup for SSL Offload. In our case, the URLs for Reply URL, Identifier, and Sign On URL are all coming up as http instead of https.

martin1856 on 17 Aug 2018

We are affected as well. Our jira instance runs behind a Traefik reverse proxy that does SSL termination and the SSO plugin's settings only show http based endpoints instead of https.

megamorf on 26 Aug 2018

@megamorf and @martin1856 We are going to provide some option as a workaround on this issue. In the next month we will provide some work around on this issue.

jeevansd on 27 Aug 2018

👍1

That’s great news! Thanks!

Dan Martin

martin1856 on 30 Aug 2018

Having exactly the same problem, Waiting for any workaround as well...

danilo-nlima on 20 Sep 2018

👍1

Same issue: tells me I have “Invalid Reply URL” and “Invalid Sign On URL”

dougcain on 19 Oct 2018

Having the same issue

jusefb on 19 Oct 2018

@dougcain and @jusefb We are working on this change and will publish the update to the plugin in a week or two. Please hold on!

jeevansd on 20 Oct 2018

👍1

@jeevansd perfect, thank you for the update

jusefb on 22 Oct 2018

Hi, it has been almost a month. Any update on the progress of this issue?

jusefb on 13 Nov 2018

@jusefb We are already trying this solution with a customer. If you want to also give a try please send us the email on [email protected] Then we can work with you.

jeevansd on 13 Nov 2018

I have sent you an email, let me know the next steps. The email would be from [email protected]

jusefb on 14 Nov 2018

@jusefb Done already. Please check the email.

jeevansd on 14 Nov 2018

Hi, thanks for this. We have decided to go with Jira cloud so will not be needing this solution anymore I guess. Thank you for all your help

jusefb on 23 Nov 2018

@jusefb In that case you should be using the Atlassian Cloud app from Azure AD app gallery. The cloud version comes with the built in SAML support.

jeevansd on 25 Nov 2018

Hi @jeevansd, we would love to help test the solution with you as this issue is blocking a jira rollout for us at the moment. I emailed about 2 weeks ago, but can email again if you like?

tico24 on 26 Nov 2018

@tico24 The doc should get updated by today sometime. So please check the doc tomorrow and you should see the instructions on how to configure this.

jeevansd on 27 Nov 2018

I've updated my XML file as described in step 9 a on the new docs, and can confirm that the setup is now working! After XML update, the Reply and SignOn URL is listed with https.

Thank you for presenting the solution.

arnrist on 28 Nov 2018

This worked for us as well. Any way to default login to use the Azure SSO, instead of forcing the user to click the button for Azure to login?

martin1856 on 28 Nov 2018

@martin1856 and @arnrist Thanks for the confirmation.
For forcing the Azure AD login I can take this as a feature request to our plugin. Thanks for your input.

jeevansd on 28 Nov 2018

Document is updated now.