Migrating between Environments
Frequently asked questions
If you do not find the answer to your issue on this page, we recommend seeing if it is covered by our FAQ which can be found here: https://kantega-sso.atlassian.net/wiki/spaces/KSE/pages/1802357/FAQ+-+Frequently+Asked+Questions#What-do-I-have-to-do-to-move-my-Kantega-SSO-installation-from-Server-to-Data-Center%3F. If you do not find a solution there either, you can raise a ticket in our help desk https://kantega-sso.atlassian.net/servicedesk/customer/portal/3, and our support team will help you find a solution as soon as possible.
Migrating from server to data center
A guide for migrating between server and data center can be found on our website: https://www.kantega-sso.com/articles/migrate-kantega-single-sign-on-from-server-to-data-center-how-to-0. This covers how to migrate single node and cluster setups.
Changing URL
Kerberos
When changing URL, Kerberos will be affected if you change the canonical name. In this case, the easiest solution is to run the Kerberos setup wizard again and use the new canonical name. If the canonical name did not change, i.e. you only configured an alias for the new URL, then Kerberos should work without any other configuration.
SAML and OIDC
When changing URLs for your Atlassian applications, Kantega SSO will stop working since the identity provider will attempt to redirect users to the old URL. This can be solved in two ways:
Configure the identity provider from scratch with our setup guides:
Manually change the outdated fields for the identity provider.
Which fields you need to change in the configuration of your identity provider will depend on the exact configuration of your system.
SAML
For SAML, all the updated values can be found by visiting Kantega SSO → Identity providers → your SAML IDP → URLs and cert for IdP setup as shown in the navigation guide below.
Once you are at URLs and cert for IdP setup, you will be presented with multiple values as shown in the picture below:
The fields within the red box contain the same URL. This is the URL the identity provider will send users to after they authenticate at the identity provider and will therefore have to be provided to your identity provider to get the SSO to work again.
The field within the blue box contains the Service Provider Logout URL. This is field is used to offer the Single Logout Service if Single Logout is enabled. If this feature is being used, the identity provider will also require this new URL to be updated on their end.
Exactly how to update these values will vary between the identity providers. For more information about how to configure the external part of the identity providers, please see Step 3 of the setup guide for your identity provider: . If you require more help regarding this, please see the example for Entra ID (Azure AD) below or contact us through our help desk: .
OIDC
For OIDC, the updated values can be found by visiting Kantega SSO → Identity providers → your OIDC IDP → IdP integration as shown in the navigation guide below:
Once you are at IdP integration, you will be presented with multiple values as shown in the picture below:
The important field for this use case is the Callback URL which specifies where the identity provider should redirect users after authenticating. To get single sign-on to work properly, the new Callback URL must be provided to the identity provider.
Exactly how to update the Callback URL will vary between the identity providers. For more information about how to configure the external part of the identity providers, please see Step 3 of the setup guide for your identity provider: . If you require more help regarding this, please see the example for Entra ID (Azure AD) below or contact us through our help desk: .