1. We currently have fisheye fecru-3.5.2 installed and working using standard username and password authentication. We would like to write a custom authenticator to enable SSO/kerberos via an apache mod_auth_kerb+proxy module (we have successfully done this for jira)
2. Basically the apache mod_auth_kerb performs the kerberos authorization and if successful, passes the username (via a header) to the backend server -in this case Fisheye (or Jira).
3. From reading the fisheye doc below, it seems that we are able to write a custom authenticator. But can you provide guidance on which methods need to be over written? Can anyone provide a sample custom authenticator? What is the process flow for the custom authenticator?
4. I see that the "checkRequest" method says "Called to allow implementations to determine if the request is pre-authenticated, bypassing FishEye's own HTTP authentication." Is this what we would use in our custom authenticator to take the "request", then grab the username and generate an auth token to fishey?
I've uploaded two simple authenticator examples at https://bitbucket.org/lpater/fisheye-authenticator-examples, hope these will get you going.
When writing a custom authenticator you should extend AbstractFishEyeAuthenticator, instead of implementing the interface directly.
The important methods to implement are checkPassword (to verify username+passwords for users logging in), recreateAuth - to recreate tokens for previously authenticated users. Both of these return an AuthToken, which you also need to provide an implementation for - an AuthToken is a small object representing a user. See the linked examples for some more details.