Is there a URL parameter you can pass to Confluence (similar to os_user and os_password) that can pass a session token/ID/etc created by using the Confluence SOAP/JSON/API.
e.g. login using a user's credentials in a PHP script:
$token = $client->login($username, $password);
i've been scouring the documentation, but can't seem to work out if this is possible.
Community moderators have prevented the ability to post new answers.
Unfortunately no - the login tokens generated by the SOAP/XML-RPC/JSON-RPC API are only valid for use within the API.
The 'best' alternative is to manually construct a POST operation to the dologin.action and then grab the JSESSIONID cookie from the response - re-using this cookie in subsequent requests will give you an authenticated user session.
If you have the $username and $password that you used to obtain the Remote API login token, why can't you use the os_user and os_password parameters to log a user in?
Thanks Joseph - I suspected this was the case. I had seen this page, which suggested it may be possible -- but i'm guessing their custom plugin adds this extra URL variable support.
http://tinyurl.com/d67zrad (Adaptavist Pseudo SSO)
This was part of a pre-investigation to a more complete SSO solution I was checking feasibility of:
Ultimately I was looking to see if there was a way for users to login and create an account using their Facebook details; to encourage more people to become registered users of the site.
I had imagined providing a 'Log in with Facebook' button on the screen which used PHP to authenticate and get their user object. Then using the API, create the user account from those details (perhaps using their Facebook ID as the username) and then redirect them to the Confluence pages. I'd imagined the password would be set to some random value; which the user never new -- with re-authentication handled by the facebook script.
I'm not a Java programmer, more of a scripter -- and didn't want to go too deep into the seraph/Crowd/etc approach. But maybe there's an easy way someone knows of which could do this.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Ah, I see - yes, that probably is something specific to the Adaptavist implementation. However, I guess the fact that they have proven it's possible is a good sign :-)
Unfortunately there's no way to really achieve this kind of integration without getting your hands a little bit dirty with Java :-)
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Joseph,
I understand your line of thinking but my question is how do you present that JSESSIONID cookie from the dologin.action with subsequent page requests?
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You just need to use a HTTP client that understands cookies and sends them back to the server in the appropriate manner (just like a web browser would). Most HTTP client libraries would support this. Failing that, you would need to add a cookie header to your outbound HTTP request.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
For anyone else reading this post, I thought I'd share the PHP hacks that I recently created to do what Joseph pointed out:
It's a very simply PHP script and Apache RewriteRule that hijacks the Confluence login urls and lets you create your own custom screen, and in our case we ask for the user's email address instead of username. The "login_action.php" script shows the basic nuts and bolts which people can adapt for their own purposes.
I'd still love to see Atlassian provide a way to generate some unique login token via the API -- while this works, I hate doing screen-scraping -- it's too easily broken. But this is pretty simple, so at least debugging a change should be easy.
/Mark
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Mark,
I tried using your method, however I keep getting this response, no matter what I have tried.Can you suggest what can I do to achieve this.
HTTP/1.1 200 X-AREQUESTID: 764x2747058x1 X-ASEN: SEN-9946202 X-Seraph-LoginReason: AUTHENTICATED_FAILED Set-Cookie: atlassian.xsrf.token=B14C-DO7S-H15N-QIBR|f967b90c5ce97c6ec121ee12be6be2c23c1db8c0|lout;path=/ X-AUSERNAME: anonymous Cache-Control: no-cache, no-store, no-transform X-Content-Type-Options: nosniff Content-Type: application/json;charset=UTF-8 Content-Length: 191 Date: Tue, 09 Jan 2018 12:44:19 GMT {"loginSucceeded":false,"loginError":false,"communicationError":false,"elevatedSecurityCheckShown":false,"captchaFailure":false,"loginFailedByPermissions":false,"passwordResetRequired":false}
,
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.