JIRA + AD + Custom SSO

J M October 14, 2013

I am working to install JIRA Service Desk using AD and a custom SSO authenticator. I don't believe my problem has anything to do with JIRA vs. JIRA service desk. I am creating a custom SSO authenticator to perform SSO based on a credential a user already has. I'm running into an interesting problem. We had JIRA already running with normal username+password authentication system against the Active Directory connection and everything works fine. When I try to add in the SSO layer, any user that already had logged in previously with username+password appears to have a normal user profile (assuming in Crowd). However for a "new" user that had not previously logged in prior to the attempted use of the SSO module has a broken profile. Upon successful login, the user only has a Dashboard link, appears to belong to no groups, and when you view the users profile is spouts Java errors. I'm thinking there is something more required to call in the SSO module against the embedded Crowd subsystem to "create" the user however I can't figure out what that is from any documentation or other publicly-available SSO source code.

I am creating the Principal object from the getUser(request,response) method via com.atlassian.jira.user.util.UserManager. For example (simplified):

// This appears within getUser(request,response)
Principal user = getUser(username.toLowerCase());
return user;

// These are based on the Atlassian JIRA sourcecode
public Principal getUser(String userid) {
  return getUserManager().getUserByName(userid);
}

private UserManager getUserManager() {
  return ComponentAccessor.getUserManager();
}

I know with various Confluence SSO modules (which seem to be more prevalent and better-documented) there are various things that can be called within Confluence's Crowd implementation that create the users internal profile details and I assume something more is needed here too. But I can't figure out what. Any guidance would be appreciated.

3 answers

1 accepted

Comments for this post are closed

Community moderators have prevented the ability to post new answers.

Post a new question

0 votes
Answer accepted
J M November 6, 2013

I realized that I have two separate problems. One is managing the session check properly to catch an already-logged-in user (which I resolved). The other is that it appears that at login, a "new" (to JIRA) user isn't added to jira-users properly.

0 votes
J M October 15, 2013

Sorry not to be clear. Crowd as a standalone service is not involved; I was referring to Crowd in the sense that Crowd is embedded within JIRA for local user management. The setup is JIRA with AD as a user directory provider in "Read Only with Local Groups".

0 votes
Tiago Comasseto
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
October 15, 2013

Hey, just to have a better undertanding of your environment, your setup is AD > Crowd > JIRA, is that right? Also, are you using a delegated directory or a connector directory?

Cheers

TAGS
AUG Leaders

Atlassian Community Events