Hello Team,
I had done some research and found the below details,
To authenticate the Crowd + Jira environment using cookie based authentication i need to have cookie.token_key & JSEESIONID token.
My main goal is use the cookies to access Jira which is integrated with crowd using REST calls.
* crowd.token_key - I could not find any source how to retrieve it using REST api
* In POSTMAN (Rest client) to login to the crowd server as ex:
http://serverip:8095/crowd/rest/usermanagement/latest/session?validate-password=true
with POST body username.... pwd ... in JSON format..
Jira app name & pwd using basic authentication if we provide then it works.
If I do as above it returns the JSESSIONID token but I could not retrieve the crowd token.
I am not sure the above way is proper or not.
I have few questions.
* How to retrieve crowd.token_key and its value using REST APi's
* How to get the JSESSIONID token
* How to pass these session tokens to retrieve any datas from jira server. Ex: issues , users ...
NOTE: Please do not post the way using crowd libraries. like CrowdClient API's
Thanks in advance.
Hi @Shan
You don't need to request Crowd to get a crowd.token_key cookie. A simple request to Jira is enough. This is a better approach as you won't need to expose jira's application name and password.
Here is the workflow:
1. Request the login URL of Jira (with username and password in basic authentication).
You will get a crowd.token_key cookie, a JSESSIONID cookie and an atlassian.xsrf.token cookie.
For instance:
curl -X GET -u "username:password" --silent --output /dev/null -c - 'http://jira.company.com:8080/login.jsp'
Will return:
# Netscape HTTP Cookie File
# https://curl.haxx.se/docs/http-cookies.html
# This file was generated by libcurl! Edit at your own risk.
#HttpOnly_jira.company.com FALSE / FALSE 0 JSESSIONID ABC*****************************
#HttpOnly_jira.company.com FALSE / FALSE 0 crowd.token_key"123*****************************"
jira.company.com FALSE / FALSE 0 atlassian.xsrf.token XYZ*****************************
2. Now, send whatever request you want to Jira by adding all 3 cookies.
For instance:
curl -X GET -H "Accept: application/json" -b "JSESSIONID=ABC*****************************;crowd.token_key=123*****************************;atlassian.xsrf.token=XYZ*****************************" 'http://jira.cleito.com:8080/rest/api/2/myself'
Will return your user profile in JSON format.
Hello Bruno,
Thanks a lot for your reply.
Using curl I did not get any response in the command prompt. It was just blank.
I had tried as you mentioned in the first step using POSTMAN Rest client,
as "http://Serverip:9090/login" with my user name & pwd using basic authentication.
It did not work, and return 404, i feel the url is wrong.
Normally we will use the url as
"http://serverip:9090/jira/rest/auth/1/session" along with body of credentials with POST.
Correct me if I am wrong.
One more point to note that I did not configure a domain for Jira as i am using as localhost/server ip directly.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi @Shan
The URI should be /login.jsp not /login 😉
But it does not really matter, you can use any valid Jira URL. Since the first time you send your username and password in basic authentication, you will always get a response embedding the 3 cookies that you need to use afterwards.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hello Bruno,
Sorry, there was a typo in the above reply.
I had tried with the working URL only, when I try it in the browser it pops up login window and works as expected when credentials provided.
But via POSTMAN with basic auth it returns 200 but no info about cookies. I previewed it and it's nothing but a login window.
Response is ex:
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<meta http-equiv="X-UA-Compatible" content="IE=Edge"/>
......... etc
In CURL there is no response.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Can you show me the exact curl command you typed please?
(please blur the username and password)
Are you running Linux/macOS or Windows?
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi @Shan
The syntax is different on Windows:
curl -X GET -u "username:password" --silent --output NUL -c - "http://jira.company.com:8080/login.jsp"
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Bruno,
In the curl command I can able to use the cookies and fetch the user details as well.
I have tried to implement the approach using Java (Jersey api).
PFB code is,
Client client = Client.create(); --> instance INS
client.addFilter(new HTTPBasicAuthFilter(crowdUserName, crowdUserPassword)); --> This is equivalent to curl -u username:password ******
Using this I can able to fetch the cookie details as like in curl command.
Passing these cookies in further calls/requests without the filter (i.e no user name & password, so only Client client = Client.create();) similar to curl command
Without adding the filter the further calls are not working (returns 401 unauthortised error) --> Q1
So I thought to pass the filter with credentials for further calls or use the above mentioned client instance INS along with/without cookies (I am aware that this is wrong, reason is its basic auth, not using cookies)
It works but it is creating multiple sessions in JIRA. --> Q2
Can you please let me know solutions for any of the below.
Q1 -> Is there any api or way to resolve the 401 error?
Q2 -> Is there any possibility to avoid creating multiple sessions in jira?
Thanks in advance.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi @Shan
The way to go is what I described in my first post (this is basically what you called Q1):
1. the first request with the username and password in the basic auth header to get the cookies
2. the second request without the basic auth header but embedding the cookies you got in the response to your first request.
If it works with curl/postman/whatever http client, it will work with any code sending http requests. So if it is not working now, that means that there is something wrong in your Java code.
I suggest that you enable DEBUG logging on 'com.atlassian.crowd' in Jira to understand why the request you're sending ends up in 401.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
I hope you can help me, I should retrieve the crowd.token_key from java code
{code}
con = (HttpURLConnection) url.openConnection();
con.setRequestMethod("GET");
con.setRequestProperty("Authorization", "Basic " + encoding);
final int resp = con.getResponseCode();
if (resp != 200) {
throw new Exception("Target Response : " + resp);
}
con.getContent();
final String cookieValue = "";
final List<HttpCookie> cookies = cookieManager.getCookieStore().getCookies();
for (final HttpCookie cookie : cookies) {
log.debug(cookie.getDomain());
log.debug(cookie.getName());
log.debug(cookie.getValue());
}
{code}
But I receive the JSESSIONID as the only cookie, some idea ?
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Does it work in Postman/curl?
I guess you should first make sure that Crowd SSO is enabled in Jira
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi @Bruno Vincent , I'm trying to do the same, but against web SSO (id.atlassian.com) for CLOUD VERSION, since I need to get the cookie--> cloud.session.token in order to download some attachments from confluence.
I tried this:
curl -X GET -u "USERNAME:PASSWORD" --output /dev/null -c - 'https://id.atlassian.com/login'
And I'm getting cloud.session.token ---> DELETED, not even sure if login is working in this way, I doubt it.Any Idea if login through SSO using Curl or WGET is even possible nowadays?
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi @[deleted]
Cookie-based authentication has been deprecated in Atlassian Cloud. You should now use API tokens instead: https://confluence.atlassian.com/cloud/api-tokens-938839638.html
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Thank you so much! Worked like a charm!
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
@Bruno Vincent , let me know if you need to create another question for this, but I'd like to bypass SSO for Jira as well when I try to hit the login page, but for server. I keep getting redirected even with the JSESSIONID. Any idea on how to bypass this? Thanks!
curl --cookie 'JSESSIONID=<cookie>' https://<base_url>/login.jsp -I
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.