Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

JIRA - LDAP delegated auth (sso) - First time user login

meena radhakris
meena radhakrishnan
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
May 2, 2012

For the LDAP delegated auth directory I have setup the default group membership as 'jira-users' ie..

Default Group Memberships
When a user in this directory authenticates successfully for the first time, they will be automatically added to the following groups:
jira-users (remove)

When a new user logs into JIRA, they get the message "Sorry, your username and password are incorrect - please try again."

but in the Crowd's log I see messages of successful group imports
2012-05-03 09:15:32,540 http-8095-3 INFO [atlassian.crowd.directory.DelegatedAuthenticationDirectory] Imported user "xyz's membership of remote group "DD_MP" to directory "Delegated Authentication Directory".
...
....

After a manual synch on the Crowd directory from within JIRA the user is able to get in.

How do I set this up so that the first time user is able to get in successfully as jira-user?

Answer
Watch
Like Be the first to like this
785 views

3 answers

0 votes
Colin Goudie
Colin Goudie
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
June 25, 2012

There is a JIRA ticket open for this so VOTE it up!!

https://jira.atlassian.com/browse/JRA-26882

I got this ticket off Shihab after discussing this with him @ Summit

For a client I get around it a little bit doing it this way (By no means perfect)

Set JIRA to low sync time (1-5 minutes)

Modified Crowd so that on User Import (from one directory to another) it runs the code to add new users to the default groups

Setup 2 directories in crowd, 1 delegated and the other a normal LDAP connection that ISN'T used in any applications. You then can manually source the users into the delegated directory by doing the User Import between the 2 directories and the new users get added to the default groups.

When JIRA syncs it gets them.

Not perfect but if done as a procedure daily or whatever then the user accounts are generally ready for any new user to come along and their account is present and in the right groups.

Reply
0 votes
Aiping Zhang
Aiping Zhang June 24, 2012

i'm trying to do the same but not having any luck yet.

Reply
0 votes
meena radhakris
meena radhakrishnan
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
May 8, 2012

I got reply back from Atlassian's support saying that this is the expected behavior.

Is anyone using delegated auth? If you are, any recommendation on how to handle the above?

I would like to see the first time users being able to login to JIRA as a 'jira-users'.

thanks

Reply

Suggest an answer

Log in or Sign up to answer
Jira
Jira Software
TAGS
AUG Leaders

Atlassian Community Events

    See all events