Crowd Event Listener Question

Sam Tse January 13, 2013

I'm currently evaluating Crowd and there is one specific functionality that I need - I would like to setup an event listener that will get called during an authentication (from ANY application as setup in Crowd) and use the corresponding username and password for further processing. I noticed there is an event in Crowd called UserAthenticationSuceededEvent (http://docs.atlassian.com/atlassian-crowd/latest/com/atlassian/crowd/event/user/UserAuthenticationSucceededEvent.html) but it does not seem to provide the username and password. Any advice is appreciated.

Thank you.

2 answers

0 votes
Sam Tse January 13, 2013

Thanks for your quick reply. Unfortunately, the product that I am trying to integrate does not support (Crowd) SSO out-of-the-box and I have no access to its source code (a third-party product). It does provide a REST API for authentication but requires both the username and password. The only workaround that I could think of is to have Crowd authenticates behalf of the user when the user authenticate via crowd, which at that point I could forward both the username and password into the product for authentication behalf of the user. However, this requires Crowd to provide both username and password via its event. I'm running out of idea, any suggestions?

Sam Tse January 20, 2013

Any comments or suggestions?

0 votes
Yilin
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
January 13, 2013

Since the event is fired after the authentication is done, it will just return the token to let the client to keep login with the applicaiton. But it will at least return the user. Having password insde should be less secure, isn't it?

Sam Tse January 13, 2013

Thanks for your quick reply. Unfortunately, the product that I am trying to integrate does not support (Crowd) SSO out-of-the-box and I have no access to its source code (a third-party product). It does provide a REST API for authentication but requires both the username and password. The only workaround that I could think of is to have Crowd authenticates behalf of the user when the user authenticate via crowd, which at that point I could forward both the username and password into the product for authentication behalf of the user. However, this requires Crowd to provide both username and password via its event. I'm running out of idea, any suggestions?

Suggest an answer

Log in or Sign up to answer
TAGS
AUG Leaders

Atlassian Community Events