Online Help

SafeNet Trusted Access for Bitbucket

Overview

Configuring SafeNet Trusted Access for Bitbucket is a three-step process:

1.Bitbucket setup

2.SafeNet Trusted Access setup

3.Verify Authentication

Bitbucket Setup

As prerequisites,

Download the Identity Provider metadata from the SafeNet Trusted Access console by clicking the Download metadata file button. You will need this metadata in one of the steps below.

Download the SAML single sign-on plugin from Atlassian to delegate user authentication from Bitbucket to the SAML Identity Provider. The SAML single sign-on plugin can be downloaded using the following URL:

https://marketplace.atlassian.com/apps/1217045/saml-single-sign-on-sso-bitbucket?hosting=server&tab=overview

Perform the following steps to configure SafeNet Trusted Access as your Identity Provider in Bitbucket:

1.Log in to Bitbucket as an administrator.

2.On the Bitbucket dashboard, click Bitbucket Administration.

3.On the Administration window, in the left pane, under ADD-ONS, click Manage apps, and in the right pane, click Upload app.

4.On the Upload app window, click Choose File to search and select the SAML sign-on add-on JAR file, and click Upload.

5.After the add-on is successfully installed, a confirmation message is displayed. Click Close.

6.In the right pane, under User-installed apps, click SAML SingleSignOn for Bitbucket > Configure.

7.A wizard opens that enables you to connect your Identity Provider (IdP) to the Bitbucket installation. Click Add new IdP.

8.On the Choose your SAML Identity Provider page, complete the following steps:

a.In the IdP Type field, select Import Metadata from XML.

b.In the Name field, enter a name for the IdP (for example, sfntIdP).

c.Click Next.

9.On the Import SAML IdP Metadata window, perform the following steps:

a.Click Load File to search and select the idp metadata that you downloaded earlier from the SafeNet Trusted Access console.

b.Click Import.

c.Click Next.

10.Under User ID attribute and transformation, in the Authentication Attribute field, select EMAIL and Click Next.

11.Click Save & Next.

12.On the Identity provider configuration page, click on the Metadata URL link to open the Bitbucket metadata. Save the metadata on your local machine and click Next

Note:  You should configure Bitbucket in SafeNet Trusted Access before proceeding to the next step. Refer to SafeNet Trusted Access Setup to configure Bitbucket in SafeNet Trusted Access.

13.On the Test your settings page, click Start test.

You will get a link to test the settings.

14.On an Incognito/Private browser, enter the link, you will be redirected to the SafeNet Trusted Access sign-in page. Enter your primary directory login information, approve the two-factor authentication, the Status will be changed to SUCCESS.

15. Click Next.

16.On the Redirection options page, click Save & Close.

SafeNet Trusted Access Setup

After completing the first step of configuring SafeNet Trusted Access in Bitbucket, the second step is to activate the Bitbucket application in SafeNet Trusted Access by performing the following steps:

1.In the Applications pane, the Bitbucket application you added earlier is in the inactive state by default. To configure and activate this application, click the application (for example, Bitbucket) and proceed to the next step.

2.Under STA Setup, click Upload Bitbucket Metadata.

3.On the metadata upload window, click Browse and select the Bitbucket metadata that you downloaded in step 12 of the Bitbucket Setup.

The service provider metadata is displayed in the Account Details section.

4.Under Advanced Settings, in the IDP INITIATED SSO RELAY STATE field, enter the relay state value if your application requires a unique relay state. In rest of the fields, modify the default values as per your preferred configuration.

5.Click Save Configuration to save the details and activate the Bitbucket application in SafeNet Trusted Access.

Verify Authentication

Using STA Console

Navigate to the Bitbucket login URL, http://<Domain Name or IP Address>:<Port>, where, <Domain Name or IP Address> is the domain name or IP address that you entered while deploying Bitbucket on your local machine.

For example: http://10.164.44.159:7990

You will be redirected to your SafeNet Trusted Access sign-in page. Enter your primary directory login information, approve the two-factor authentication, and you should be redirected to the Bitbucket user portal after authentication.

Using STA User Portal

Navigate to the User Portal URL to log in to the STA User Portal dashboard. On the dashboard, you will see a list of applications to which you have access. Click the Bitbucket application icon. You should be successfully logged in to the Bitbucket user portal after authentication.

 

© 2019 SafeNet Trusted Access. Various trademarks held by their respective owners.