JIRA + Crowd Rest Authentication

Setup: So our system comprises of Jira, Crowd and a third party system. We use Crowd for user authentication for both Jira and our third party system. We use an alternative method for authenticating users in our third party app and then use that authentication to allow the user to automatically log into crowd.

Issue: We're able to use REST to authenticate into crowd using only a username as is provided by the REST API of crowd, but I can't see anyway to get the same result for Jira as I want them to also be automatically signed into Jira. In particular I need the Jira token in order to be able to have the user make changes in Jira using our application.

Additional Info: I have single sign-on already enabled (so if I log into crowd directly using username/password I get logged into Jira as well), so it's not a problem with single sign-on from what I can tell.

Is there any way to do that? Is there any detail I need to get this working?

1 answer

Hi Aram,

The SSO in Atlassian applications works based on cookies, what I believe that may be happening is that your third-party app is not generating the Crowd cookie, or is not generating it with the right information.

You can check the Crowd cookie in your browser as in this screenshot.

All Applications need to prove that the exact same user is trying to access them. They should all provide the exact same Validation Factors:

The same computer is being used Machine IP
The same user name is provided User Name
The same session token is provided Current Crowd Session token stored in the local browser cookie
The same browser is being used to access all applications (not used by 2.0.4 and newer versions) HTTP User-Agent
The user can be found in the same Crowd Directory Directory ID

Also, in case you see that the cookie does not contain the same information when logging with your app comparing to JIRA, the following questions usually help to identify what's wrong:

  1. What are the URLs being used to access each application?
  2. What is the SSO Domain value stored in Crowd?
  3. Are both applications using the Crowd authenticator at their WEB-INF/classes/seraph-config.xml files? Are all the configuration inside crowd.properties correct?
  4. How many Directories are assigned to each application in Crowd? If more than one, are
  5. they in the exact same order?
  6. Are proxy servers being used between Crowd and the applications? If so, please add their IP addresses to the Trusted Proxy Servers list in Crowd.

Additionally, you can check the logs with debug enabled to get more information about this issue:

  1. Under Admin -> Logging & Profiling in Crowd, change the com.atlassian.crowd package to DEBUG.
  2. Replicate the problem you are having (Logoff from all the apps; Login to your third-party and then try to access JIRA; Logoff again from all the apps; Login to JIRA and then try to access your third-party app).
  3. Check the results into atlassian-crowd.log file.

I hope this helps


Suggest an answer

Log in or Sign up to answer
Community showcase
Published Jan 08, 2019 in Jira

How to Jira for designers

I’m a designer on the Jira team. For a long time, I’ve fielded questions from other designers about how they should be using Jira Software with their design team. I’ve also heard feedback from other ...

965 views 3 9
Read article

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you