Hi,
We have the following business requirement:
"If a login user is part of a "group" and he is part of range of IP address, then the user able to proceed login successfully.
But if the user is not part of the group and IP address, then the user should not be able to login at all."
I understand that this can be achieve via modification through Seraph, but due to I'm new into JIRA programming, I do not know how to begin with. I was referring to this site. https://docs.atlassian.com/atlassian-seraph/latest/sso.html
It would be very helpful if you could provide me step by step on how can i achieve this.
From my understanding, is this the right step to begin with?
1. Create a empty plugin from "atlas-create-jira-plugin" command
2. Create a java file and write custom authentication by extending "DefaultAuthenticator"
3. Import JIRA Seraph dependencies into pom.xml file
3. Compile and Package the plugin as JAR
4. Copy and Paste the compile JAR file into C:\Program Files\Atlassian\JIRA\atlassian-jira\WEB-INF\lib
5. Start JIRA
Please advice.
Thanks.
Community moderators have prevented the ability to post new answers.
For a situation like this, you could use a proxy that redirects the unallowed IPs to anywhere but Jira. Its pretty easy to setup in linux with iptables, and most proxies have restrictions built in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Nic,
i got 2 questions:
Thx.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Mostly the right steps, yes. You're missing:
4.5 Amend the seraph-properties.xml to stop using the built-in authenticator and point to the one in your .jar
(You might have some "fun" with the ip address part of it too - ip addresses are easy to spoof, but also, you won't be able to get them in your code if there's any form of proxying happening)
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Community moderators have prevented the ability to post new answers.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.