Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

stash integration with OAuth2

Lloyd Meinholz
Lloyd Meinholz April 3, 2014

I am trying to integrate stash with our OAuth2 solution.

I have successfully accomplished this with Jira and Confluence by having the login.url and link.login.url in seraph-config.xml point to our OAuth2 server and implementing a plugin/servlet.

seraph isn't used in stash so I can't change the login url as I did with Jira and Confluence. I also can't redirect to our OAuth2 server from a HttpAuthenticationHandler implementation (seems to be a spring mvc limitation).

Is there any other method of integrating with our OAuth2 server that I have missed?

Thanks

Watch
Like Be the first to like this
505 views

3 answers

1 accepted

Comments for this post are closed

Community moderators have prevented the ability to post new answers.

Post a new question

1 vote
Answer accepted
mstudman
mstudman
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
April 9, 2014

Michael and I have discussed this further and it's not possible to use HttpAuthenticationFailureHandler for this.

What you need to do is add a before-login plugin servlet filter for the url /mvc/login and from there redirect to your OAuth2 SSO page (and then from there do the OAuth redirect dance back to your plugin's servlet in Stash).

View More Comments
Lloyd Meinholz
Lloyd Meinholz April 9, 2014

great. thanks for the info. I will give that a shot and let you guys know.

Like
Lloyd Meinholz
Lloyd Meinholz April 14, 2014

Thanks to both Michaels! That did the trick.

I created a stash plugin that contained both a servlet filter (which was configured as a before-login servlet filter) and a servlet to handle the return processing of the OAuth 2.

The servlet uses the UserProfile from SAL and gets the uid. Then the servlet sets the session attributes STASH_SECURITY_CONTEXT to the SAL uid and the stash.cached-username to the SAL user name.

This seems to work. Is there anything I missed? Thanks again,

Lloyd

Like
Reply
1 vote
Michael Heemskerk
Michael Heemskerk
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
April 9, 2014

Hi Lloyd,

You should be able to do the redirect from a HttpAuthenticationFailureHandler. That way you only redirect when authentication is required.

Hope that helps!

Reply
0 votes
Lloyd Meinholz
Lloyd Meinholz April 4, 2014

Is the right direction to add the spring-security-oauth to our project and configure OAuth2 that way?

Reply
Atlassian logo
Answers Developer Questions
TAGS
AUG Leaders

Atlassian Community Events

    See all events