Make requests to JIRA from external application (like create or update transition)

Harinath T December 27, 2017

I am able to create/update issue transitions with JIRA REST API using Basic Authentication and OAuth. Below are the issues which I am facing: 

Basic Authentication requires JIRA credentials to be sent by external application to make requests/transitions. This approach is not friendly because JIRA API requires username/password and some how external application should be able to pass these credentials.

2. And with OAuth, able to perform actions by using OAuth token, here token is specific to user registration. So here requirement is to know who is performing the action (transitions and updations) and it will be difficult to ask individual users to register their own tokens. Is there a way to identify each user even by sharing a single token, to precise this I will maintain the same user names in JIRA and in my external application database, by identifying the username actions should be registered on the user who sent request rather than the user generated the token. 

Otherwise is there way to create OAuth tokens whenever the external app makes a request to JIRA( like on demand). 

finally my expectation is "External application to make requests to JIRA" with logged-in users and actions should be logged on user who makes a request (like update on transition actions).

Thanks in advance.

 

 

 

 

 

 

 

 

 

 

 

1 answer

0 votes
Alexey Matveev
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
December 27, 2017

Hello,

Let s move our discusstion here. As I mentioned earlier. You need to use SSO to connect to Jira. 

I personally used Kerberos. You log in to Windows once and then in your external appication you get authentication tickets from the key distributor system. Everything is hidden by the kerberos api which you will use. You do not need provide a username or password.

Harinath T December 27, 2017

Hi Alexey Matveev

I don't have any knowledge on kerberos, does it require any Active Directory? my external application built with j_security_check and doesn't have any active directory.

Can you please provide me the document references to implement Kerberos authentication on windows. 

Thank you

Alexey Matveev
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
December 27, 2017

It requires Active Directory. You can read more here

https://discuss.pivotal.io/hc/en-us/articles/115008269167-How-to-setup-Kerberos-authentication-with-Windows-Active-Directory-in-HDB

I am not aware if Active Directory can be changed to something else.

Also you need to install an add-on on Jira. You were offered Kantega add-on. That is exactly what we used. If you call a rest service using the add-on there is an option in the add-on which you have to check if you want Kerberos authentication using REST API

Harinath T December 27, 2017

Thanks a lot,
Is there any alternate solution for us without Active Directory help.

To make SSO does it require Active Directory?

Please don't mind I am very new to SSO implementation.

Alexey Matveev
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
December 27, 2017

First you have to look at the plugins which are available for Jira. For example, I found this one

https://marketplace.atlassian.com/plugins/com.resolution.atlasplugins.samlsso.Jira/server/overview

This plugin supports 

  • Business class support for Microsoft ADFS, Azure AD, GSuite
  • Standards based compatiblity with Shibboleth, Onelogin, Ping, Okta, OpenAM, WSO2, NetIQ, Keycloak

Then choose the system you like from the list above. Install the system, install the trial version of the add-on and try to write an external app. 

Also think on how a user will authenticate in the system first. When using Kerberos a user authenticates on login (that is where the user provides the password). The problem is that the user at least once must authenticate with the system. I guess the best way is on logon to the pc. Try to find information if it is possible with the systems.

Suggest an answer

Log in or Sign up to answer