Make requests to JIRA from external application (like create or update transition)

I am able to create/update issue transitions with JIRA REST API using Basic Authentication and OAuth. Below are the issues which I am facing: 

Basic Authentication requires JIRA credentials to be sent by external application to make requests/transitions. This approach is not friendly because JIRA API requires username/password and some how external application should be able to pass these credentials.

2. And with OAuth, able to perform actions by using OAuth token, here token is specific to user registration. So here requirement is to know who is performing the action (transitions and updations) and it will be difficult to ask individual users to register their own tokens. Is there a way to identify each user even by sharing a single token, to precise this I will maintain the same user names in JIRA and in my external application database, by identifying the username actions should be registered on the user who sent request rather than the user generated the token. 

Otherwise is there way to create OAuth tokens whenever the external app makes a request to JIRA( like on demand). 

finally my expectation is "External application to make requests to JIRA" with logged-in users and actions should be logged on user who makes a request (like update on transition actions).

Thanks in advance.

 

 

 

 

 

 

 

 

 

 

 

1 answer

0 vote
Alexey Matveev Community Champion Dec 27, 2017

Hello,

Let s move our discusstion here. As I mentioned earlier. You need to use SSO to connect to Jira. 

I personally used Kerberos. You log in to Windows once and then in your external appication you get authentication tickets from the key distributor system. Everything is hidden by the kerberos api which you will use. You do not need provide a username or password.

Hi Alexey Matveev

I don't have any knowledge on kerberos, does it require any Active Directory? my external application built with j_security_check and doesn't have any active directory.

Can you please provide me the document references to implement Kerberos authentication on windows. 

Thank you

Alexey Matveev Community Champion Dec 27, 2017

It requires Active Directory. You can read more here

https://discuss.pivotal.io/hc/en-us/articles/115008269167-How-to-setup-Kerberos-authentication-with-Windows-Active-Directory-in-HDB

I am not aware if Active Directory can be changed to something else.

Also you need to install an add-on on Jira. You were offered Kantega add-on. That is exactly what we used. If you call a rest service using the add-on there is an option in the add-on which you have to check if you want Kerberos authentication using REST API

Thanks a lot,
Is there any alternate solution for us without Active Directory help.

To make SSO does it require Active Directory?

Please don't mind I am very new to SSO implementation.

Alexey Matveev Community Champion Dec 27, 2017

First you have to look at the plugins which are available for Jira. For example, I found this one

https://marketplace.atlassian.com/plugins/com.resolution.atlasplugins.samlsso.Jira/server/overview

This plugin supports 

  • Business class support for Microsoft ADFS, Azure AD, GSuite
  • Standards based compatiblity with Shibboleth, Onelogin, Ping, Okta, OpenAM, WSO2, NetIQ, Keycloak

Then choose the system you like from the list above. Install the system, install the trial version of the add-on and try to write an external app. 

Also think on how a user will authenticate in the system first. When using Kerberos a user authenticates on login (that is where the user provides the password). The problem is that the user at least once must authenticate with the system. I guess the best way is on logon to the pc. Try to find information if it is possible with the systems.

Suggest an answer

Log in or Join to answer
Community showcase
Sarah Schuster
Posted Jan 29, 2018 in Jira

What are common themes you've seen across successful & failed Jira Software implementations?

Hey everyone! My name is Sarah Schuster, and I'm a Customer Success Manager in Atlassian specializing in Jira Software Cloud. Over the next few weeks I will be posting discussion topics (8 total) to ...

3,327 views 14 20
Join discussion

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you
Atlassian Team Tour

Join us on the Team Tour

We're bringing product updates and pro tips on teamwork to ten cities around the world.

Save your spot