Hello all,
My team has a java application that makes REST api calls to our Jira instance. Very recently the Jira admins migrated to a new SSO solution; formerly we were using Crowd, now its SAML with LDAP for the IdP.
My understanding about this new setup was that although we were handling the front-end users differently, the apis would still work with basic http auth:
https://confluence.atlassian.com/adminjiraserver/saml-sso-for-jira-data-center-applications-938847031.html
- Use SAML as primary authentication – in this mode, all browser-based users will be redirected from the application's login screen to the IdP to log in. It's still possible to authenticate by:
- Basic Auth
- Form-based auth via dedicated REST endpoint
- Existing Remember Me tokens
You should only enable this mode once you've verified that SAML authentication is working as expected. |
I've verified that this is in fact how our environment is configured. However, our Java-based api calls are now returning 403s. I've looked into the steps for creating a SAML session and using the jsessionid/cookie and frankly it looks cumbersome and doesn't play nicely with java JiraRestClient library which doesn't come out the box supporting said cookie without serious customization.
Our preferred solution would be exactly as is described in the documentation above. We've verified that SAML is working as expected for front-end users, but I'd like to exclude rest calls from needing to go through SAML and simply continue using the basic auth. Any ideas as to what we're missing?
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.