Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

How can i integrate SSO with Stash application?

Kashif Inam
Kashif Inam December 19, 2014

Currently, we have a stash application configured with LDAP authentication. We wanted to integrate our stash application with inter SSO service. Please advise

Watch
Like Martin__SCM_Support likes this
668 views

4 answers

1 accepted

Comments for this post are closed

Community moderators have prevented the ability to post new answers.

Post a new question

0 votes
Answer accepted
Michael Heemskerk
Michael Heemskerk
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
December 19, 2014

Hi Kashif,

Stash has plugin points that allow you to provide a custom plugin that participates in the authentication process. We bundle an SSO plugin for Crowd SSO that you can use if you're using Crowd for your SSO. It sounds like you're using a different SSO system, in which case you'll have to provide a custom plugin. 

You can find documentation here: https://developer.atlassian.com/stash/docs/latest/reference/plugin-module-types/http-authentication-handler.html

Or have a look at an example implementation: https://bitbucket.org/mheemskerk/stash-auth-plugin-example/src. This example provides an authentication handler for container based authentication. If your SSO system provides integration for Tomcat, you could set that up and use the example plugin to have Stash accept the authenticated user provided by Tomcat.

Cheers,

Michael

 

View More Comments
Kashif Inam
Kashif Inam December 19, 2014

Thanks Michael, I have seen the code, it make sense to me. One thing is not clear about calling this handler. For example, user hits my Stash application, SSO will intercept (if no session ), and after successful user authentication, it will redirect to my custom page, which will store user into Container, so how to invoke this handler, Please correct me if my understanding is wrong, Thanks

Like
Michael Heemskerk
Michael Heemskerk
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
December 21, 2014

It all depends on how your SSO solution works. If your SSO solution provides integration with Tomcat, you'll have to follow its installation instructions, which will most likely involve adding a <Valve ..> element to your server.xml. The valve then performs authentication when required and sets the remoteUser on the HttpServletRequest, which the example plugin then uses to authenticate the user in Stash. If your SSO solution does not provide Tomcat integration, you'll have to write your own solution and you can use the example plugin as a starting point. However, instead of looking at the remoteUser on the request, you'd probably: * check the request for a token that has been set by your SSO server (typically a request header or a cookie) * send a request to the SSO server to validate the token and retrieve the username * look up the user in Stash by username and return that as the authenticated user. To redirect the user to your SSO's login screen, you should also provide a HttpAuthenticationFailureHandler and redirect in the onAuthenticationFailure method. Jozef has kindly provided a link below to his Jasig CAS SSO plugin that does exactly that.

Like
Kashif Inam
Kashif Inam January 5, 2015

hi Michael, I am redirecting to SSO login page on failure, but when i hit my app URL its shows Stash default login page, if i enter wrong password then it takes me to SSO login page, but does not show first time, Please advise, thanks

Like
Reply
1 vote
Monika Turska [
Monika Turska [Adaptavist] December 22, 2014

Hi Kashif, 

Take a look at the Umbrella SSO by Adaptavist which provides a Single Sign-On for all Atlassian server applications, including Stash, and integrates with your existing infrastructure i.e. covers Kerberos, SAML and more. Get in touch with our team for more details via the contact form or contact me directly

Thanks,

Monika

Product Manager at Adaptavist

Reply
1 vote
Justin Justin7
Justin Justin December 21, 2014

Hi Kashif:

AppFusion's SSO Authenticator for AD/LDAP and Atlassian Servers (via Kerberos) solution now supports Stash too. info@appfusions.com if interested.

Reply
0 votes
Jozef Kotlár
Jozef Kotlár
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
December 21, 2014

As MIchael wrote, Stash is extensible for custom authentication - I have implemented integration with Jasig CAS SSO. Sources are available at BitBucket.

I would recommend to let the decision (whether to authenticate) on Stash and only if needed redirect to SSO.

View More Comments
Kashif Inam
Kashif Inam December 29, 2014

Hi, I have trying your plugin with stash 3.5.0, i am not able to locate stash-config.properties. is it available in 3.5.0, Please advise, thanks

Like
Michael Heemskerk
Michael Heemskerk
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
January 4, 2015

It should be in STASH_HOME/shared/stash-config.properties. However, if you're using the in-memory database, that file may not exist and you can create it.

Like
Reply

Comments for this post are closed

Community moderators have prevented the ability to post new answers.

Post a new question

Atlassian logo
Answers Developer Questions
TAGS
AUG Leaders

Atlassian Community Events

    See all events