Create
cancel
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in

It's not the same without you

Join the community to find out what other Atlassian users are discussing, debating and creating.

Atlassian Community Hero Image Collage

How can I use custom authentication while still getting crowd groups in Fisheye

We have developed our own custom authenticator. The back-end is still Crowd but we wanted things different from username/password. We have it working correctly however by doing this we are unable to bring in CROWD groups. In the AuthToken I do not see anything relating a user to groups. Is there any way to get this relationship in? Fisheye only allows for one authentication method but the groups are linked to that authentication only? How would a custom authenticator manage groups?

6 answers

1 accepted

We do not use crowd so no groups is not a deal breaker for us.

Could you please take a look at what we have?

It looks pretty straightforward.

Are we missing anything? Are we doing something different than what is needed?

public class CasFishEyeHttpAuthenticator extends AbstractFishEyeAuthenticator
{
private static class ExampleAuthToken
implements AuthToken
{

public String getUsername()
{
System.out.println("ExampleAuthToken.getUsername():"+name);
return name;
}

public String getEmail()
{
System.out.println("ExampleAuthToken.getEmail()");
return (new StringBuilder()).append(name).append("@email").toString();
}

public String getDisplayName()
{
System.out.println("ExampleAuthToken.getDisplayName()");
return (new StringBuilder()).append(name.substring(0, 1).toUpperCase()).append(name.substring(1)).toString();
}

private final String name;

public ExampleAuthToken(String name)
{
this.name = name;
}
}


public CasFishEyeHttpAuthenticator()
{
}

public AuthToken checkRequest(HttpServletRequest request)
{
String username = null;
final HttpSession session = request.getSession();
final Assertion assertion = (Assertion) session.getAttribute(AbstractCasFilter.CONST_CAS_ASSERTION);

if (assertion != null)
username = assertion.getPrincipal().getName();

System.out.println("Alin---get cas assertion:"+username);
if(username != null){
System.out.println("Alin--returning an object");
return new ExampleAuthToken(username);
}
else{
System.out.println("Alin--returning null");
return null;
}

}

public boolean isRequestUserStillValid(String username, HttpServletRequest req)
{
return true;
}

public void init(Properties cfg)
throws Exception
{
System.out.println((new StringBuilder()).append("init(").append(cfg).append(")").toString());
// String property = cfg.getProperty("allow.from");
// remoteAddrs = property == null ? ((Set) (new HashSet())) : ((Set) (new HashSet(Arrays.asList(property.split(",")))));
}

public void close()
{
System.out.println("close()");
}

public AuthToken checkPassword(String username, String password)
{
System.out.println((new StringBuilder()).append("checkPassword(").append(username).append(", ").append(password).append(")").toString());
return new ExampleAuthToken(username);
}

public AuthToken recreateAuth(String username)
{
System.out.println((new StringBuilder()).append("recreateAuth(").append(username).append(")").toString());
return new ExampleAuthToken(username);
}

public boolean hasPermissionToAccess(AuthToken tok, String repname, String constraint)
{
System.out.println((new StringBuilder()).append("hasPermissionToAccess(").append(tok).append(", ").append(repname).append(", ").append(constraint).append(")").toString());
return true;
}





}

This is currently not possible. There is a ticket to make this possible

Hi, we are facing a related issue that you seem to have already solved. Could you please advise?

We wrote a custom authenticator, Fisheye is configured to use it, I can test it using the interface and the *.log file also displays the expected messages. The user exists and is also configured to use custom authentication.

The custom authenticator overwrites the checkRequest method and it returns, as needed, a non null token. But, although the custom authenticator is called and it returns a token, Fisheye still displays the login screen.

Please advise on what else prevents the user from being logged in.

I extended the AbstractFishEyeAuthenticator, re-implemented checkRequest and hasPermissionToAccess. In addition recreateAuth and checkRequest, both needed to return my own implementation of AuthToken.

The shortcoming with custom authentication is if you use Fisheye with Crowd to manage the groups. Fisheye currently has no way to have a custom authentication and manage groups from within Crowd like JIRA and Confluence offers.

HUGE shortcoming for us... made the custom authenticator useless for us until Atlassian decides to either open it up in the plugin code so that we can do it ourselves or they do it so that groups and authentications aren't mixed together.

Suggest an answer

Log in or Sign up to answer
TAGS
Community showcase
Published in Jira Service Management

Security Advisory for Jira Service Management

On October 20, 2021, Atlassian published a security advisory for Jira Service Management. The full advisory is available at this link.  We've seen a number of questions already asking for...

65 views 0 1
Read article

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you