I am trying to integrate stash with our OAuth2 solution.
I have successfully accomplished this with Jira and Confluence by having the login.url and link.login.url in seraph-config.xml point to our OAuth2 server and implementing a plugin/servlet.
seraph isn't used in stash so I can't change the login url as I did with Jira and Confluence. I also can't redirect to our OAuth2 server from a HttpAuthenticationHandler implementation (seems to be a spring mvc limitation).
Is there any other method of integrating with our OAuth2 server that I have missed?
Thanks
Community moderators have prevented the ability to post new answers.
Michael and I have discussed this further and it's not possible to use HttpAuthenticationFailureHandler for this.
What you need to do is add a before-login plugin servlet filter for the url /mvc/login and from there redirect to your OAuth2 SSO page (and then from there do the OAuth redirect dance back to your plugin's servlet in Stash).
great. thanks for the info. I will give that a shot and let you guys know.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Thanks to both Michaels! That did the trick.
I created a stash plugin that contained both a servlet filter (which was configured as a before-login servlet filter) and a servlet to handle the return processing of the OAuth 2.
The servlet uses the UserProfile from SAL and gets the uid. Then the servlet sets the session attributes STASH_SECURITY_CONTEXT to the SAL uid and the stash.cached-username to the SAL user name.
This seems to work. Is there anything I missed? Thanks again,
Lloyd
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Lloyd,
You should be able to do the redirect from a HttpAuthenticationFailureHandler. That way you only redirect when authentication is required.
Hope that helps!
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Is the right direction to add the spring-security-oauth to our project and configure OAuth2 that way?
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.