In our organization, most of the applications (3rd party) are executed via SSO. We usually fallow below steps to access an application (which are at cloud).
1.Create a preferred DSN (e.g. http://jira.ncr.com) and click in that URL.
2.NCR production server (e.g. susday4523) will redirect to the location where the SSO is resides for that application (e.g. http://susday4523.corp.ncr.com:81/portfolio_management/BISession/ncrAuthentication.jsp).
3.NCR SSO authenticates the user via Active-X control and gets the QLID (User Id) from network.
4.NCR SSO will send QLID, KEY, and Other ID to application web server to get the session token. Usually this is done via socket programming.
5.Application will return back the session token after getting the correct Key and other information through XML format. Finally, NCR SSO will retrieve information from ldap server by anonymous binding.
6.After getting the session token, NCR SSO will redirect to application with session token /Login/body.asp?token=<session_token>.
7.Target: target URL is the page where user wants to land directly. For example, the attached links in the email or in any document are called Target URL. Those links usually used to land a user in particular page. If application support target URL, then we will send an additional parameter (Target) with redirect URL.
But JIRA will not be at cloud. JIRA application (code base) will be at our (NCR) end. So I think step 4 to step 6 will not be necessary for JIRA SSO.
Our configuration steps are as below… (our requirment)
1.Click on the link http://jira.ncr.com. User will be at NCR domain (LAN).
2.Request will be redirected to a jsp page where LAN authentication is done by Active X control.
3.If user is a valid user Active X controller will return his user id.
4.After getting the user id, jsp page will redirect the request to JIRA application.
5.Getting the user id and valid reference server (from where redirect the request) by JIRA, user will be park into the appropriate JIRA page with user user access right.
1.How can we enter JIRA entry point from JSP?
2.Is there any other API for above functionality?
3.If you have any example please let us know.
As Tom suggested, this is done in a seraph authenticator. Requests to JIRA go through this component and you have access to the users id/password when that is required in the authentication lifecycle.
Generally you would build this up a standard java jar and place it in JIRA's WEB-INF/lib directory and modify the seraph-config.xml file in JIRA to use your authenticator instead of JIRA's default.
How to develop this component is probably too specific and detailed to comment here though. Feel free to contact AppFusions directly if you require this an can't do it in house.
What ever credentials are estblablished via the jsp and ActiveX control, these need to be made available back to JIRA. This is where the Seraph code comes in. You would need to write a custom Seraph Authenticator class that could understand the credentials esablished and hence tell JIRA how the user in play is.
Others have done exactly this to get their own SSO solutions working on JIRA.
Its not a simple task (its not hard either just not simple) however and an Atlassian partner like AppFusions can help you write this.
when you want to integrate a SSO solution, please take a look at the Atlassian Seraph project (http://docs.atlassian.com/atlassian-seraph/latest/ ). You can develop your own Seraph authentication client and enable this method in your Jira environment.
I can recommend to take a look at the Jira source code to get help for the implementation, the basic docs are quite hard to use as a solid base.
We want to authenticate the user via active X which will retrieve the user ID from LAN. Once getting this user ID, user will be landed on the desire page. I think, we need to modify on existing piece of code where user id and password is verified. Please let me know if we can do that.
As I have gone through the Seraph document, I did not get where I exactly need to change to execute our jsp (authentication.jsp) where active x controller will be run and extract the user id from LAN. Our steps are as below..
1. Run the active x controller via jsp and extract the user id.
2. Redirect to JIRA with extracted user id.
3. If JIRA receive user id from that particular page, JIRA will not verify the password and land the user on JIRA page.
Please let me know the steps to modify in the Seraph module to achieve above requirement.
Calling all Community members from the Washington D.C. area! Atlassian’s Team Tour is heading to your city to host a Government Symposium on May 1st. Join our team and other government agencies to le...
Connect with like-minded Atlassian users at free events near you!Find a group
Connect with like-minded Atlassian users at free events near you!
Unfortunately there are no AUG chapters near you at the moment.Start an AUG
You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs