Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

How to configure SSO with JIRA?

Sayeed Alam
Sayeed Alam June 26, 2011

In our organization, most of the applications (3rd party) are executed via SSO. We usually fallow below steps to access an application (which are at cloud).

1.Create a preferred DSN (e.g. http://jira.ncr.com) and click in that URL.
2.NCR production server (e.g. susday4523) will redirect to the location where the SSO is resides for that application (e.g. http://susday4523.corp.ncr.com:81/portfolio_management/BISession/ncrAuthentication.jsp).
3.NCR SSO authenticates the user via Active-X control and gets the QLID (User Id) from network.
4.NCR SSO will send QLID, KEY, and Other ID to application web server to get the session token. Usually this is done via socket programming.
5.Application will return back the session token after getting the correct Key and other information through XML format. Finally, NCR SSO will retrieve information from ldap server by anonymous binding.
6.After getting the session token, NCR SSO will redirect to application with session token /Login/body.asp?token=<session_token>.
7.Target: target URL is the page where user wants to land directly. For example, the attached links in the email or in any document are called Target URL. Those links usually used to land a user in particular page. If application support target URL, then we will send an additional parameter (Target) with redirect URL.

But JIRA will not be at cloud. JIRA application (code base) will be at our (NCR) end. So I think step 4 to step 6 will not be necessary for JIRA SSO.

Our configuration steps are as below… (our requirment)

1.Click on the link http://jira.ncr.com. User will be at NCR domain (LAN).
2.Request will be redirected to a jsp page where LAN authentication is done by Active X control.
3.If user is a valid user Active X controller will return his user id.
4.After getting the user id, jsp page will redirect the request to JIRA application.
5.Getting the user id and valid reference server (from where redirect the request) by JIRA, user will be park into the appropriate JIRA page with user user access right.

Question:
1.How can we enter JIRA entry point from JSP?
2.Is there any other API for above functionality?
3.If you have any example please let us know.

Regards,
Sayeed Alam
NCR Corporation

Watch
Like Be the first to like this
6234 views

8 answers

Comments for this post are closed

Community moderators have prevented the ability to post new answers.

Post a new question

2 votes
Sayeed Alam
Sayeed Alam July 3, 2011

Colin,

Please answer my above question answer. Otherwise we are unable to use JIRA in our company.

Regards,

Sayeed

View More Comments
Colin Goudie
Colin Goudie
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
July 3, 2011

Sayeed, it is a little rude to demand an answer. I hope it is just the language barrier? If you need to contact AppFusions please just click on my name and you can get to our website from there.

Thanks

Like
Sayeed Alam
Sayeed Alam July 3, 2011

Sorry for that.

Should I write a mail to info@appfusions.com regarding our SSO or you have any other email address?

Like
Colin Goudie
Colin Goudie
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
July 3, 2011

No worries mate, yep fire an email to there, that'd be fine. Mention that you found us via answers.

Like
Sayeed Alam
Sayeed Alam July 3, 2011

I have sent an email to 'info@appfusions.com'

Like
Reply
2 votes
Brad Baker [Atlassian]
Brad Baker [Atlassian]
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
June 30, 2011

What ever credentials are estblablished via the jsp and ActiveX control, these need to be made available back to JIRA. This is where the Seraph code comes in. You would need to write a custom Seraph Authenticator class that could understand the credentials esablished and hence tell JIRA how the user in play is.

Others have done exactly this to get their own SSO solutions working on JIRA.

See

http://confluence.atlassian.com/display/DEV/Single+Sign-on+Integration+with+JIRA+and+Confluence

http://docs.atlassian.com/atlassian-seraph/latest/sso.html

Its not a simple task (its not hard either just not simple) however and an Atlassian partner like AppFusions can help you write this.

Reply
2 votes
Colin Goudie
Colin Goudie
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
June 27, 2011

As Tom suggested, this is done in a seraph authenticator. Requests to JIRA go through this component and you have access to the users id/password when that is required in the authentication lifecycle.

Generally you would build this up a standard java jar and place it in JIRA's WEB-INF/lib directory and modify the seraph-config.xml file in JIRA to use your authenticator instead of JIRA's default.

How to develop this component is probably too specific and detailed to comment here though. Feel free to contact AppFusions directly if you require this an can't do it in house.

Reply
1 vote
Sayeed Alam
Sayeed Alam June 30, 2011

Dear Colin,

As I have gone through the Seraph document, I did not get where I exactly need to change to execute our jsp (authentication.jsp) where active x controller will be run and extract the user id from LAN. Our steps are as below..
1. Run the active x controller via jsp and extract the user id.
2. Redirect to JIRA with extracted user id.
3. If JIRA receive user id from that particular page, JIRA will not verify the password and land the user on JIRA page.

Please let me know the steps to modify in the Seraph module to achieve above requirement.

Regards,
Sayeed

Reply
1 vote
Sayeed Alam
Sayeed Alam June 27, 2011

Dear TOM,

We want to authenticate the user via active X which will retrieve the user ID from LAN. Once getting this user ID, user will be landed on the desire page. I think, we need to modify on existing piece of code where user id and password is verified. Please let me know if we can do that.

Regards,

Sayeed

Reply
1 vote
Tom Moors
Tom Moors
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
June 26, 2011

Hi,

when you want to integrate a SSO solution, please take a look at the Atlassian Seraph project (http://docs.atlassian.com/atlassian-seraph/latest/ ). You can develop your own Seraph authentication client and enable this method in your Jira environment.

I can recommend to take a look at the Jira source code to get help for the implementation, the basic docs are quite hard to use as a solid base.

Kind regards,

Tom Moors

Reply
0 votes
Sayeed Alam
Sayeed Alam July 3, 2011

Sorry for that!!!!

Should I write a mail to info@appfusions.com regarding our SSO or you have any other email address to contact?

Reply
0 votes
Sayeed Alam
Sayeed Alam June 30, 2011

How can we contact AppFusions? Can you provide us thier contact address?

View More Comments
Colin Goudie
Colin Goudie
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
June 30, 2011

Sayeed, click on my name, our weblink is there

Like
Reply

Comments for this post are closed

Community moderators have prevented the ability to post new answers.

Post a new question

Atlassian logo
Answers Developer Questions
TAGS
AUG Leaders

Atlassian Community Events

    See all events