Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

JIRA + Crowd Rest Authentication

aram.dermenjian
aram.dermenjian
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
April 10, 2014

Setup: So our system comprises of Jira, Crowd and a third party system. We use Crowd for user authentication for both Jira and our third party system. We use an alternative method for authenticating users in our third party app and then use that authentication to allow the user to automatically log into crowd.

Issue: We're able to use REST to authenticate into crowd using only a username as is provided by the REST API of crowd, but I can't see anyway to get the same result for Jira as I want them to also be automatically signed into Jira. In particular I need the Jira token in order to be able to have the user make changes in Jira using our application.

Additional Info: I have single sign-on already enabled (so if I log into crowd directly using username/password I get logged into Jira as well), so it's not a problem with single sign-on from what I can tell.

Is there any way to do that? Is there any detail I need to get this working?

Answer
Watch
Like Be the first to like this
953 views

1 answer

1 vote
Tiago Comasseto
Tiago Comasseto
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
April 10, 2014

Hi Aram,

The SSO in Atlassian applications works based on cookies, what I believe that may be happening is that your third-party app is not generating the Crowd cookie, or is not generating it with the right information.

You can check the Crowd cookie in your browser as in this screenshot.

All Applications need to prove that the exact same user is trying to access them. They should all provide the exact same Validation Factors:

<th>
The same computer is being used Machine IP
The same user name is provided User Name
The same session token is provided Current Crowd Session token stored in the local browser cookie
The same browser is being used to access all applications (not used by 2.0.4 and newer versions) HTTP User-Agent
The user can be found in the same Crowd Directory Directory ID

Also, in case you see that the cookie does not contain the same information when logging with your app comparing to JIRA, the following questions usually help to identify what's wrong:

  1. What are the URLs being used to access each application?
  2. What is the SSO Domain value stored in Crowd?
  3. Are both applications using the Crowd authenticator at their WEB-INF/classes/seraph-config.xml files? Are all the configuration inside crowd.properties correct?
  4. How many Directories are assigned to each application in Crowd? If more than one, are
  5. they in the exact same order?
  6. Are proxy servers being used between Crowd and the applications? If so, please add their IP addresses to the Trusted Proxy Servers list in Crowd.

Additionally, you can check the logs with debug enabled to get more information about this issue:

  1. Under Admin -> Logging & Profiling in Crowd, change the com.atlassian.crowd package to DEBUG.
  2. Replicate the problem you are having (Logoff from all the apps; Login to your third-party and then try to access JIRA; Logoff again from all the apps; Login to JIRA and then try to access your third-party app).
  3. Check the results into atlassian-crowd.log file.

I hope this helps

Cheers

Reply

Suggest an answer

Log in or Sign up to answer
Jira
Jira Software
TAGS
AUG Leaders

Atlassian Community Events

    See all events