Setup: So our system comprises of Jira, Crowd and a third party system. We use Crowd for user authentication for both Jira and our third party system. We use an alternative method for authenticating users in our third party app and then use that authentication to allow the user to automatically log into crowd.
Issue: We're able to use REST to authenticate into crowd using only a username as is provided by the REST API of crowd, but I can't see anyway to get the same result for Jira as I want them to also be automatically signed into Jira. In particular I need the Jira token in order to be able to have the user make changes in Jira using our application.
Additional Info: I have single sign-on already enabled (so if I log into crowd directly using username/password I get logged into Jira as well), so it's not a problem with single sign-on from what I can tell.
Is there any way to do that? Is there any detail I need to get this working?
The SSO in Atlassian applications works based on cookies, what I believe that may be happening is that your third-party app is not generating the Crowd cookie, or is not generating it with the right information.
You can check the Crowd cookie in your browser as in this screenshot.
All Applications need to prove that the exact same user is trying to access them. They should all provide the exact same Validation Factors:<th>
|The same computer is being used||Machine IP|
|The same user name is provided||User Name|
|The same session token is provided||Current Crowd Session token stored in the local browser cookie|
|The same browser is being used to access all applications (not used by 2.0.4 and newer versions)||HTTP User-Agent|
|The user can be found in the same Crowd Directory||Directory ID|
Also, in case you see that the cookie does not contain the same information when logging with your app comparing to JIRA, the following questions usually help to identify what's wrong:
What are the URLs being used to access each application?
What is the SSO Domain
value stored in Crowd?
Are both applications using the Crowd authenticator at their WEB-INF/classes/seraph-config.xml files? Are all the configuration inside crowd.properties correct?
How many Directories are assigned to each application in Crowd? If more than one, are
they in the exact same order
Are proxy servers being used between Crowd and the applications? If so, please add their IP addresses to the Trusted Proxy Servers list
Additionally, you can check the logs with debug enabled to get more information about this issue:
Under Admin -> Logging & Profiling in Crowd, change the com.atlassian.crowd
Replicate the problem you are having (Logoff from all the apps; Login to your third-party and then
to access JIRA; Logoff again from all the apps; Login to JIRA and then
to access your third-party app).
Check the results into atlassian-crowd.log
I hope this helps
The Jira Marketing team is putting together an ebook on migrating to Data Center. We're looking for pro tips on how you staffed your project team and organized your Proof of Concept. Share yo...
Connect with like-minded Atlassian users at free events near you!Find a group
Connect with like-minded Atlassian users at free events near you!
Unfortunately there are no AUG chapters near you at the moment.Start an AUG
You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs