@Trevan Householder_Isos-Tech-Consulting_ I didn't learn the topic very well, but what do you say about it:

Writing a custom authenticator

Jira and Confluence integrate with SSO system Seraph, the Atlassian authentication library. Seraph is a very simple, pluggable J2EE web application security framework developed by Atlassian and used in our products.

Seraph allows you to write custom authenticators that will accept the login credentials of your existing single sign-on system.

A few tips for writing your own custom authenticator for Confluence:

• For Confluence 2.2 and above you must extend com.atlassian.confluence.user.ConfluenceAuthenticator instead of the Seraph DefaultAuthenticator.
• The authenticator should not be a plugin. It should be placed in the class path by putting it in WEB-INF/classes or as a jar in WEB-INF/lib
• The authenticator should have a public constructor that takes no arguments.
• Dependency injection via setters or auto-wiring by name is not available to authenticators. Use ContainerManager.getInstance(...) instead.
• The authenticators are constructed before beans are available via ContainerManager.getInstance(...), so the getInstance method needs to be called at runtime and not in the constructor.

These same restrictions apply for JIRA as well, except that:

• The base class to use is com.atlassian.jira.security.login.JiraSeraphAuthenticator
• Components are obtained with ComponentAccessor.getComponent(...).

Check out these examples:

• CAS for Confluence, contributed by Carl Harris at Virginia Tech.
• CAS for JIRA, contributed by Carl Harris at Virginia Tech.
• Siteminder for Confluence, contributed by Ricardo Sueiras

There has been a discussion of integrating with Siteminder on the mailing list that may be applied to Jira integration. All third-party code must be treated with caution - always backup your Confluence instance before use. If you create a custom SSO plugin and would like to contribute it to the user community, please let us know on a support ticket. You can also browse the Seraph Discussion Forums.

Is it worth digging into this subject or will it be useless?

That is essentially "how to write your own 3rd party application".  If you're willing to do that just to avoid using someone else's app, then yes, it's a good place to start.

It would be worth weighing up the reasons for not wanting a 3rd party app - if it's purely cost for example, then you are probably going to find it more expensive to employ a team to write and support this than it is to buy a 3rd party app.

Thanks for your clarification. I was hoping that such a solution as SSO will be available to JSD for free or will be integrated into the product.

There are too many ways to do SSO at the moment, it's not (economically) possible to code for everything as part of the core product.

Atlassian have done what everyone else has done - built in as much as they can that is standard, and then relied on the vendors of SSO products to do the rest.  (Although, yes, I would totally agree if you were to say that they've done the absolute minimum to enable it)

The machine I use for work currently has almost 30 ways to identify me to various organisations, and most of them provide SSO as an adjunct.

SSO is not a single thing you can just do.  Every way to do it depends on your service providers.

The market is still in a huge state of flux.  Some providers are (or were) emerging as the leaders in the field, but then Google announces that they're killing off most of the methods they use in the world's most popular browser, and so there's more turmoil.

There's no way to "integrate SSO into the product" until the world has settled on a single standard way to do it.  I'm middle-aged, but close to "old".  But I don't expect this to be done in my lifetime unless the AIs take over.

Time will tell.

Thank you! It's a sad thing that Crowd is chargeable. It looked to me that such a simple solution as SSO will be available for JSD.

Crowd works great, but you'll need to know that JSD customers added to Crowd consume a Crowd license (not a JSD license, but a Crowd license). 

https://community.atlassian.com/t5/Crowd-questions/JSD-customers-are-counted-for-crowd-licensing-during-SSO/qaq-p/805133

https://jira.atlassian.com/browse/CWD-4116?_ga=2.234719194.590685323.1597185092-1551811082.1597088881

For this reason, some companies use Okta so they don't have to pay for Crowd licenses for Customers.

@Trevan Householder_Isos-Tech-Consulting_could you give me a quick link to Okta? Is it an app or something else?

@Thomas Okta isn't an Atlassian product but it's a popular tool for SSO:

https://www.okta.com/products/single-sign-on/

Even with Okta you will still need a plugin like I mentioned above to connect Okta to Jira (and another plugin to connect confluence).

@Trevan Householder_Isos-Tech-Consulting_, thank you very much for the consultation.