How can I use custom authentication while still getting crowd groups in Fisheye

We have developed our own custom authenticator. The back-end is still Crowd but we wanted things different from username/password. We have it working correctly however by doing this we are unable to bring in CROWD groups. In the AuthToken I do not see anything relating a user to groups. Is there any way to get this relationship in? Fisheye only allows for one authentication method but the groups are linked to that authentication only? How would a custom authenticator manage groups?

6 answers

1 accepted

Hi, we are facing a related issue that you seem to have already solved. Could you please advise?

We wrote a custom authenticator, Fisheye is configured to use it, I can test it using the interface and the *.log file also displays the expected messages. The user exists and is also configured to use custom authentication.

The custom authenticator overwrites the checkRequest method and it returns, as needed, a non null token. But, although the custom authenticator is called and it returns a token, Fisheye still displays the login screen.

Please advise on what else prevents the user from being logged in.

I extended the AbstractFishEyeAuthenticator, re-implemented checkRequest and hasPermissionToAccess. In addition recreateAuth and checkRequest, both needed to return my own implementation of AuthToken.

The shortcoming with custom authentication is if you use Fisheye with Crowd to manage the groups. Fisheye currently has no way to have a custom authentication and manage groups from within Crowd like JIRA and Confluence offers.

HUGE shortcoming for us... made the custom authenticator useless for us until Atlassian decides to either open it up in the plugin code so that we can do it ourselves or they do it so that groups and authentications aren't mixed together.

This is currently not possible. There is a ticket to make this possible

public class CasFishEyeHttpAuthenticator extends AbstractFishEyeAuthenticator
{
private static class ExampleAuthToken
implements AuthToken
{

public String getUsername()
{
System.out.println("ExampleAuthToken.getUsername():"+name);
return name;
}

public String getEmail()
{
System.out.println("ExampleAuthToken.getEmail()");
return (new StringBuilder()).append(name).append("@email").toString();
}

public String getDisplayName()
{
System.out.println("ExampleAuthToken.getDisplayName()");
return (new StringBuilder()).append(name.substring(0, 1).toUpperCase()).append(name.substring(1)).toString();
}

private final String name;

public ExampleAuthToken(String name)
{
this.name = name;
}
}


public CasFishEyeHttpAuthenticator()
{
}

public AuthToken checkRequest(HttpServletRequest request)
{
String username = null;
final HttpSession session = request.getSession();
final Assertion assertion = (Assertion) session.getAttribute(AbstractCasFilter.CONST_CAS_ASSERTION);

if (assertion != null)
username = assertion.getPrincipal().getName();

System.out.println("Alin---get cas assertion:"+username);
if(username != null){
System.out.println("Alin--returning an object");
return new ExampleAuthToken(username);
}
else{
System.out.println("Alin--returning null");
return null;
}

}

public boolean isRequestUserStillValid(String username, HttpServletRequest req)
{
return true;
}

public void init(Properties cfg)
throws Exception
{
System.out.println((new StringBuilder()).append("init(").append(cfg).append(")").toString());
// String property = cfg.getProperty("allow.from");
// remoteAddrs = property == null ? ((Set) (new HashSet())) : ((Set) (new HashSet(Arrays.asList(property.split(",")))));
}

public void close()
{
System.out.println("close()");
}

public AuthToken checkPassword(String username, String password)
{
System.out.println((new StringBuilder()).append("checkPassword(").append(username).append(", ").append(password).append(")").toString());
return new ExampleAuthToken(username);
}

public AuthToken recreateAuth(String username)
{
System.out.println((new StringBuilder()).append("recreateAuth(").append(username).append(")").toString());
return new ExampleAuthToken(username);
}

public boolean hasPermissionToAccess(AuthToken tok, String repname, String constraint)
{
System.out.println((new StringBuilder()).append("hasPermissionToAccess(").append(tok).append(", ").append(repname).append(", ").append(constraint).append(")").toString());
return true;
}





}

Could you please take a look at what we have?

It looks pretty straightforward.

Are we missing anything? Are we doing something different than what is needed?

We do not use crowd so no groups is not a deal breaker for us.

Suggest an answer

Log in or Sign up to answer
How to earn badges on the Atlassian Community

How to earn badges on the Atlassian Community

Badges are a great way to show off community activity, whether you’re a newbie or a Champion.

Learn more
Community showcase
Published yesterday in Confluence

Three common content challenges + how to manage them

An efficient enterprise content management system, or ECM, is a must-have for companies that create work online (cough   cough, all companies). If content calendars, marketing plans, and bu...

67 views 0 4
Read article

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you