Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Login to Confluence (web interface) using token from SOAP API? (SSO without Crowd)

Mark Mackay
Mark Mackay June 20, 2012

Is there a URL parameter you can pass to Confluence (similar to os_user and os_password) that can pass a session token/ID/etc created by using the Confluence SOAP/JSON/API.

e.g. login using a user's credentials in a PHP script:

$token = $client->login($username, $password);

Then, using after using the API for other tasks, generate a URL which you can redirect the user to which lets the continue using confluence:

i've been scouring the documentation, but can't seem to work out if this is possible.

Watch
Like boinst likes this
2487 views

2 answers

1 accepted

Comments for this post are closed

Community moderators have prevented the ability to post new answers.

Post a new question

0 votes
Answer accepted
Joe Clark
Joe Clark
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
June 20, 2012

Unfortunately no - the login tokens generated by the SOAP/XML-RPC/JSON-RPC API are only valid for use within the API.

The 'best' alternative is to manually construct a POST operation to the dologin.action and then grab the JSESSIONID cookie from the response - re-using this cookie in subsequent requests will give you an authenticated user session.

If you have the $username and $password that you used to obtain the Remote API login token, why can't you use the os_user and os_password parameters to log a user in?

View More Comments
Mark Mackay
Mark Mackay June 20, 2012

Thanks Joseph - I suspected this was the case. I had seen this page, which suggested it may be possible -- but i'm guessing their custom plugin adds this extra URL variable support.

http://tinyurl.com/d67zrad (Adaptavist Pseudo SSO)

This was part of a pre-investigation to a more complete SSO solution I was checking feasibility of:

Ultimately I was looking to see if there was a way for users to login and create an account using their Facebook details; to encourage more people to become registered users of the site.

I had imagined providing a 'Log in with Facebook' button on the screen which used PHP to authenticate and get their user object. Then using the API, create the user account from those details (perhaps using their Facebook ID as the username) and then redirect them to the Confluence pages. I'd imagined the password would be set to some random value; which the user never new -- with re-authentication handled by the facebook script.

I'm not a Java programmer, more of a scripter -- and didn't want to go too deep into the seraph/Crowd/etc approach. But maybe there's an easy way someone knows of which could do this.

Like
Joe Clark
Joe Clark
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
June 26, 2012

Ah, I see - yes, that probably is something specific to the Adaptavist implementation. However, I guess the fact that they have proven it's possible is a good sign :-)

Unfortunately there's no way to really achieve this kind of integration without getting your hands a little bit dirty with Java :-)

Like
Rhys Jones4
Rhys Jones January 2, 2013

Hi Joseph,

I understand your line of thinking but my question is how do you present that JSESSIONID cookie from the dologin.action with subsequent page requests?

Like
Joe Clark
Joe Clark
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
January 15, 2013

You just need to use a HTTP client that understands cookies and sends them back to the server in the appropriate manner (just like a web browser would). Most HTTP client libraries would support this. Failing that, you would need to add a cookie header to your outbound HTTP request.

Like
Reply
0 votes
Mark Mackay
Mark Mackay May 13, 2014

For anyone else reading this post, I thought I'd share the PHP hacks that I recently created to do what Joseph pointed out:

It's a very simply PHP script and Apache RewriteRule that hijacks the Confluence login urls and lets you create your own custom screen, and in our case we ask for the user's email address instead of username. The "login_action.php" script shows the basic nuts and bolts which people can adapt for their own purposes.

I'd still love to see Atlassian provide a way to generate some unique login token via the API -- while this works, I hate doing screen-scraping -- it's too easily broken. But this is pretty simple, so at least debugging a change should be easy.

/Mark

View More Comments
Pragyat Srivastava
Pragyat Srivastava January 9, 2018

Hi Mark,

I tried using your method, however I keep getting this response, no matter what I have tried.Can you suggest what can I do to achieve this.

 

HTTP/1.1 200 
X-AREQUESTID: 764x2747058x1
X-ASEN: SEN-9946202
X-Seraph-LoginReason: AUTHENTICATED_FAILED
Set-Cookie: atlassian.xsrf.token=B14C-DO7S-H15N-QIBR|f967b90c5ce97c6ec121ee12be6be2c23c1db8c0|lout;path=/
X-AUSERNAME: anonymous
Cache-Control: no-cache, no-store, no-transform
X-Content-Type-Options: nosniff
Content-Type: application/json;charset=UTF-8
Content-Length: 191
Date: Tue, 09 Jan 2018 12:44:19 GMT

{"loginSucceeded":false,"loginError":false,"communicationError":false,"elevatedSecurityCheckShown":false,"captchaFailure":false,"loginFailedByPermissions":false,"passwordResetRequired":false}

Like
Reply
Atlassian logo
Answers Developer Questions
TAGS
AUG Leaders

Atlassian Community Events

    See all events