Migrating between Environments

Frequently asked questions

If you do not find the answer to your issue on this page, we recommend seeing if it is covered by our FAQ which can be found here: https://kantega-sso.atlassian.net/wiki/spaces/KSE/pages/1802357/FAQ+-+Frequently+Asked+Questions#What-do-I-have-to-do-to-move-my-Kantega-SSO-installation-from-Server-to-Data-Center%3F. If you do not find a solution there either, you can raise a ticket in our help desk https://kantega-sso.atlassian.net/servicedesk/customer/portal/3, and our support team will help you find a solution as soon as possible.

Migrating from server to data center

A guide for migrating between server and data center can be found on our website: https://www.kantega-sso.com/articles/migrate-kantega-single-sign-on-from-server-to-data-center-how-to-0. This covers how to migrate single node and cluster setups.

Changing URL

Kerberos

When changing URL, Kerberos will be affected if you change the canonical name. In this case, the easiest solution is to run the Kerberos setup wizard again and use the new canonical name. If the canonical name did not change, i.e. you only configured an alias for the new URL, then Kerberos should work without any other configuration.

SAML and OIDC

When changing URLs for your Atlassian applications, Kantega SSO will stop working since the identity provider will attempt to redirect users to the old URL. This can be solved in two ways:

  1. Configure the identity provider from scratch with our setup guides: https://kantega-sso.atlassian.net/wiki/spaces/KSE/pages/1867992

  2. Manually change the outdated fields for the identity provider.

Which fields you need to change in the configuration of your identity provider will depend on the exact configuration of your system.

SAML

For SAML, all the updated values can be found by visiting Kantega SSO → Identity providers → your SAML IDP → URLs and cert for IdP setup as shown in the navigation guide below.

image-20240112-084820.png
Navigating to Kantega SSO
image-20240112-085201.png
Navigating to your identity provider
image-20240112-085105.png
Navigating to URLs and cert for IdP setup

 

Once you are at URLs and cert for IdP setup, you will be presented with multiple values as shown in the picture below:

image-20240112-085701.png

The fields within the red box contain the same URL. This is the URL the identity provider will send users to after they authenticate at the identity provider and will therefore have to be provided to your identity provider to get the SSO to work again.

The field within the blue box contains the Service Provider Logout URL. This is field is used to offer the Single Logout Service if Single Logout is enabled. If this feature is being used, the identity provider will also require this new URL to be updated on their end.

Exactly how to update these values will vary between the identity providers. For more information about how to configure the external part of the identity providers, please see Step 3 of the setup guide for your identity provider: https://kantega-sso.atlassian.net/wiki/spaces/KSE/pages/1867992. If you require more help regarding this, please see the example for Entra ID (Azure AD) below or contact us through our help desk: https://kantega-sso.atlassian.net/servicedesk/customer/portal/3.

image-20240112-093307.png
Navigate to Enterprise Applications from the Microsoft Azure homepage
image-20240112-093640.png
Find your Kantega SSO application.
image-20240112-093804.png
Go to the Single sign-on page and edit the Basic SAML Configuration.
image-20240112-095555.png
Return to Kantega SSO and copy the ACS URL. If you use Single Logout, copy the SP Logout URL after you have pasted the ACS URL in the next step.
image-20240115-143837.png
Return to Microsoft Azure, and paste the ACS URL into the Identifier and Reply URL fields. If you use single logout, paste the new SP Logout URL into the Logout Url field. After updating the fields, save your configuration.

Your identity provider should now be updated with all the necessary information to work properly with your new URL. To be sure that everything works correctly, you should test the identity provider: https://kantega-sso.atlassian.net/wiki/spaces/KSE/pages/1736904.

OIDC

For OIDC, the updated values can be found by visiting Kantega SSO → Identity providers → your OIDC IDP IdP integration as shown in the navigation guide below:

image-20240112-084820.png
Navigating to Kantega SSO
image-20240112-114117.png
Navigating to your identity provider
image-20240112-114209.png
Navigating to IdP integration

 

Once you are at IdP integration, you will be presented with multiple values as shown in the picture below:

image-20240112-115745.png

The important field for this use case is the Callback URL which specifies where the identity provider should redirect users after authenticating. To get single sign-on to work properly, the new Callback URL must be provided to the identity provider.

Exactly how to update the Callback URL will vary between the identity providers. For more information about how to configure the external part of the identity providers, please see Step 3 of the setup guide for your identity provider: https://kantega-sso.atlassian.net/wiki/spaces/KSE/pages/1867992. If you require more help regarding this, please see the example for Entra ID (Azure AD) below or contact us through our help desk: https://kantega-sso.atlassian.net/servicedesk/customer/portal/3.

image-20240112-122220.png
Navigate to app registrations from the Microsoft Azure homepage.
image-20240112-122258.png
Find your application.
image-20240112-122339.png
Go to the Authentication page.
image-20240112-122440.png
Return to Kantega SSO and copy the Callback URL.
image-20240112-123719.png
Return to Microsoft Azure and paste the Callback URL into the Redirect URI field. Press Save afterwards.

Your identity provider should now be updated with all the necessary information to work properly with your new URL. To be sure that everything works correctly, you should test the identity provider: https://kantega-sso.atlassian.net/wiki/spaces/KSE/pages/1736904.