Redirect question in confluence using custom authenticator

How do you set up that parameter? using a request.SetAttribute("","")? Can you point to me to a piece of code?

Thanks,

GMC

never mind i found out how

Cool :-) It can be either a query parameter on the URL or a parameter in the request body.

So How does it redirect out of the app, specially before the user has been authenticated?

Sorry, I don't understand the question - the os_destination query parameter is only for redirecting within the app. Isn't the initial redirect to the remote authentication system handled by your custom code?

Right but the issue is that it iterates multiple times into the custom authenticator, in another post you mentioned that it should go only once thru that process but it doesn't, see piece of log:

1: /display/ds/Creating+a+Page

1: /display/ds/Creating+a+Page

1: /display/ds/Creating+a+Page

6-1: /pages/viewpage.action

6-1: /pages/viewpage.action

6-1: /onelogin.jsp

6-1: /onelogin.jsp

As you can see it goes multiple times, now my question is: could it be because in the section where I deal with creating the authentication request I go to other classes (custom ones), see code:

AppSettings appSettings = new AppSettings();

appSettings.setAssertionConsumerServiceUrl("http://localhost:8090/dashboard.action");

appSettings.setIssuer("http://localhost:8090/dashboard.action");

AccountSettings accSettings = new AccountSettings();

accSettings.setIdpSsoTargetUrl("XXXXXXXXXXX");

AuthRequest authReq = new AuthRequest(appSettings, accSettings);

Any help would be greatly appreciated

GMC

Actually is not the custom authenticator going to other classes, I took them out and the CA still iterates many times, some more pieces to the puzzle:

1. If I try to get into confluence thru the email link I get the iterations you see in the comment above

2. If I try to get into confluence using http://localhost8090/dashboard.action as my point of entry I get this:

6-1: /dashboard.action

6-1: /dashboard.action

6-1: /dashboard.action

6-1: /dashboard.action

6-1: /dashboard.action

6-1: /onelogin.jsp

6-1: /onelogin.jsp

3. If I try get into confluence using http://localhost:8090 I get this:

6-1: /

6-1: /

6-1: /homepage.action

6-1: /homepage.action

6-1: /homepage.action

6-1: /homepage.action

6-1: /homepage.action

6-1: /onelogin.jsp

6-1: /onelogin.jsp

I also have a screenshot of a Fiddler session, where shows that the process goes to multiple URIs

Hi Matt I hope you can throw some light in this behavior from Jira, I understand when you say that login.jsp deals with the authentication and I'm using it in the seraph.xml passing the os_destination, however when it always presents me with the login pageant doesn't go to the authentication source. I have no problem sending you code or screen shots to show you my dilemma, at the end it might be something son simple that I'm probably missing. Is there a way I can communicate with you directly? Please let me know

Giovanni, I think you need to follow the steps I posted on your other question.

You need to put your external IDP URL in seraph-config.xml, _not_ the JIRA login.jsp URL.

Then your IDP configuration needs to redirect back to the JIRA login.jsp with an "os_destination" parameter. It should include enough information in the request for your custom authenticator to verify the request in the login() and getUser() methods.

I've asked Brad to help you out, because he has done a lot of work with JIRA authentication. I'm also happy to help out further if necessary - matt@atlassian.com.

these are the different options I tried with the login.url:

<param-name>login.url</param-name>

1. <!--<param-value>/login.action?os_destination=${originalurl}</param-value>-->

2. <!--<param-value>/onelogin.jsp</param-value>-->

3. <!--<param-value>https://app.onelogin.com/saml/signon/38600?SAMLRequest=${os_destination}</param-value>-->

4. <param-value>/onelogin.jsp?os_destination=${originalurl}</param-value>

Ok, I got the Custom Authenticator working the way I wanted in Confluence, however now I have to do the same for JIRA, questions:

1. How do you redirect internally in JIRA? In Confluence you can use os_destination but you need the LoginAction class to set the OS_DESTINATION, How do you do it in JIRA? What is the class you use to replace LoginAction?

2. Related to 1, I also need to get the Original URL once comes back, I'm using this:

String originalURL1 = (String) request.getAttribute(SecurityFilter.ORIGINAL_URL);

Here the SecurityFilter is needed, Can I use the same in JIRA? if Not How is the way to get that value?

Any help woud be appreciated.

GMC

This sounds like a misunderstanding about how custom authentication works in Confluence. The basic steps are:

1. Change seraph-config.xml to customise the "login.url" property to point to the external authentication site.
2. Make sure the external authentication site redirects back to Confluence after authentication, usually by customising the request parameters in the "login.url".
3. Write a custom authenticator class, which is a subclass of ConfluenceAuthenticator, that overrides the getUser(Request,Response) method to verify the credentials in the request passed by the external authentication service.
4. Drop the compiled class file in WEB-INF/classes/ and update seraph-config.xml to reference the custom authenticator.

It sounds like you've got steps #3 and #4 sorted out, but haven't taken care of #1 or #2 yet.