How can I use custom authentication while still getting crowd groups in Fisheye

We have developed our own custom authenticator. The back-end is still Crowd but we wanted things different from username/password. We have it working correctly however by doing this we are unable to bring in CROWD groups. In the AuthToken I do not see anything relating a user to groups. Is there any way to get this relationship in? Fisheye only allows for one authentication method but the groups are linked to that authentication only? How would a custom authenticator manage groups?

6 answers

1 accepted

This widget could not be displayed.
This widget could not be displayed.

Hi, we are facing a related issue that you seem to have already solved. Could you please advise?

We wrote a custom authenticator, Fisheye is configured to use it, I can test it using the interface and the *.log file also displays the expected messages. The user exists and is also configured to use custom authentication.

The custom authenticator overwrites the checkRequest method and it returns, as needed, a non null token. But, although the custom authenticator is called and it returns a token, Fisheye still displays the login screen.

Please advise on what else prevents the user from being logged in.

I extended the AbstractFishEyeAuthenticator, re-implemented checkRequest and hasPermissionToAccess. In addition recreateAuth and checkRequest, both needed to return my own implementation of AuthToken.

The shortcoming with custom authentication is if you use Fisheye with Crowd to manage the groups. Fisheye currently has no way to have a custom authentication and manage groups from within Crowd like JIRA and Confluence offers.

HUGE shortcoming for us... made the custom authenticator useless for us until Atlassian decides to either open it up in the plugin code so that we can do it ourselves or they do it so that groups and authentications aren't mixed together.

This widget could not be displayed.

This is currently not possible. There is a ticket to make this possible

This widget could not be displayed.

public class CasFishEyeHttpAuthenticator extends AbstractFishEyeAuthenticator
{
private static class ExampleAuthToken
implements AuthToken
{

public String getUsername()
{
System.out.println("ExampleAuthToken.getUsername():"+name);
return name;
}

public String getEmail()
{
System.out.println("ExampleAuthToken.getEmail()");
return (new StringBuilder()).append(name).append("@email").toString();
}

public String getDisplayName()
{
System.out.println("ExampleAuthToken.getDisplayName()");
return (new StringBuilder()).append(name.substring(0, 1).toUpperCase()).append(name.substring(1)).toString();
}

private final String name;

public ExampleAuthToken(String name)
{
this.name = name;
}
}


public CasFishEyeHttpAuthenticator()
{
}

public AuthToken checkRequest(HttpServletRequest request)
{
String username = null;
final HttpSession session = request.getSession();
final Assertion assertion = (Assertion) session.getAttribute(AbstractCasFilter.CONST_CAS_ASSERTION);

if (assertion != null)
username = assertion.getPrincipal().getName();

System.out.println("Alin---get cas assertion:"+username);
if(username != null){
System.out.println("Alin--returning an object");
return new ExampleAuthToken(username);
}
else{
System.out.println("Alin--returning null");
return null;
}

}

public boolean isRequestUserStillValid(String username, HttpServletRequest req)
{
return true;
}

public void init(Properties cfg)
throws Exception
{
System.out.println((new StringBuilder()).append("init(").append(cfg).append(")").toString());
// String property = cfg.getProperty("allow.from");
// remoteAddrs = property == null ? ((Set) (new HashSet())) : ((Set) (new HashSet(Arrays.asList(property.split(",")))));
}

public void close()
{
System.out.println("close()");
}

public AuthToken checkPassword(String username, String password)
{
System.out.println((new StringBuilder()).append("checkPassword(").append(username).append(", ").append(password).append(")").toString());
return new ExampleAuthToken(username);
}

public AuthToken recreateAuth(String username)
{
System.out.println((new StringBuilder()).append("recreateAuth(").append(username).append(")").toString());
return new ExampleAuthToken(username);
}

public boolean hasPermissionToAccess(AuthToken tok, String repname, String constraint)
{
System.out.println((new StringBuilder()).append("hasPermissionToAccess(").append(tok).append(", ").append(repname).append(", ").append(constraint).append(")").toString());
return true;
}





}

This widget could not be displayed.

Could you please take a look at what we have?

It looks pretty straightforward.

Are we missing anything? Are we doing something different than what is needed?

This widget could not be displayed.

We do not use crowd so no groups is not a deal breaker for us.

Suggest an answer

Log in or Sign up to answer
Community showcase
Posted yesterday in Jira

What modern development practices are at the heart of how your team delivers software?

Hey Community mates! Claire here from the Software Product Marketing team. We all know software development changes rapidly, and it's often tough to keep up. But from our research, we've found the h...

40 views 0 1
Join discussion

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you