I am attempting to write a servlet filter plugin to handle authentication for our JIRA installation with SiteMinder.
The workflow I'm hoping to achieve is:
1.User attempts to access a JIRA url. SiteMinder intercepts that request and injects http headers with values for username, email, and display name.
2.The plugin checks for the SiteMinder username header. If a JIRA user matching that name exists, log them in as that user.
3.If the JIRA user does not exist, create a user with the username, email, and display name from the SiteMinder headers.
And this is the code I'm using to accomplish that (inside a servlet filter plugin):
public void doFilter(ServletRequest req, ServletResponse resp, FilterChain chain) throws ServletException, IOException { HttpServletRequest httpReq = (HttpServletRequest) req; final JiraAuthenticationContext jiraAuthenticationContext = ComponentAccessor.getJiraAuthenticationContext(); UserUtil myUserUtil = ComponentAccessor.getUserUtil(); UserManager myUserManager = ComponentAccessor.getUserManager(); String smUserHeader = httpReq.getHeader("SM_USER"); if (myUserUtil.userExists(smUserHeader.toLowerCase())) { jiraAuthenticationContext.setLoggedInUser(myUserUtil.getUserByName(smUserHeader.toLowerCase())); } else { try { String smEmailHeader = httpReq.getHeader("SM_MAIL"); String smFullNameHeader = httpReq.getHeader("SM_CN"); String randomPassword = myUserManager.generateRandomPassword(); User aNewUser = myUserUtil.createUserNoNotification(smUserHeader.toLowerCase(), randomPassword, smEmailHeader, smFullNameHeader); jiraAuthenticationContext.setLoggedInUser(myUserUtil.getUserByKey(ComponentAccessor.getUserKeyService().getKeyForUser(aNewUser))); } catch (Throwable t) { log.debug("problem creating user"); } } chain.doFilter(req, resp); }
The problem I'm running into is that the cookies are not being set for X-AREQUESTID, X-ASESSIONID, and X-AUSERNAME, so all requests to /jira/rest and /jira/plugins are failing.
Has anyone run into this before? Am I going about the task of writing a single sign on plugin completely wrong?
Thanks in advance for any help.
Community moderators have prevented the ability to post new answers.
You might want to take a look at https://docs.atlassian.com/atlassian-seraph/latest/sso.html .
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.