Hello all,
My team has a java application that makes REST api calls to our Jira instance. Very recently the Jira admins migrated to a new SSO solution; formerly we were using Crowd for authentication, now its SAML with LDAP.
My hopes for this new setup was that although we were handling the front-end users different, the apis would still work with basic http auth:
https://confluence.atlassian.com/adminjiraserver/saml-sso-for-jira-data-center-applications-938847031.html
- Use SAML as primary authentication – in this mode, all browser-based users will be redirected from the application's login screen to the IdP to log in. It's still possible to authenticate by:
- Basic Auth
- Form-based auth via dedicated REST endpoint
- Existing Remember Me tokens
You should only enable this mode once you've verified that SAML authentication is working as expected. |
I've verified that this is in fact how our environment is configured. However, our Java-based api calls are now returning 403s. I've looked into the steps for starting a SAML session and using returned jsessionid/cookie to make the calls via Java and frankly it looks cumbersome and doesn't play nicely with java JiraRestClient library which doesn't come out the box supporting said cookie without significant customization.
Our preferred solution would be exactly as is described in the documentation above. We've verified that SAML is working as expected for front-end users, but I'd like to exclude rest calls from needing to go through SAML and simply continue using the basic auth. Any ideas as to what we're missing?
![Italo Qualisoni [e-Core]](https://avatar-management--avatars.us-west-2.prod.public.atl-paas.net/557058:cd14b3e1-8e99-4e8c-87ec-42dfdcdf6843/46161a7c-a806-47fa-9984-7b03963f0fdb/128 "Italo Qualisoni [e-Core]"){kind=avatar}
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.