Problem authenticating Jira with Crowd with customer Authenticator

We would like to use passwordless authentication when authenticating Jira with Crowd. Our project has followed the steps listed here to set up the two applications; the only difference being that we are using our customer authenticator in place of 'com.atlassian.jira.security.login.SSOSeraphAuthenticator".

While tailing the Crowd logs and accessing JIRA we can see that the custom authenticator is accessing Crowd. The user being passed to Crowd is set up as having accesing to JIRA inside of the Crowd. Crowd reports that it recognizes the user and that the user has access to JIRA. A problem occurs when Crowd tries to update its database and we see the below errors:

Could not synchronize database state with session: org.hibernate.StaleStateException: Batch update returned unexcepted row count from update [0]; actual row count: 0; expected: 1

java.sql.BatchUpdateException: Duplicate entry 'XXXXXX' for key 'identifier_hash'

I'm simply paraphrasing the stack trace here; the original stacktrace is on a seperate system than I can't transfer over and upload.

The username is set in the HTTPRequest by a Tomcat Filter before reaching the custom Authenticator.

The custom authenticator extends 'com.atlassian.crowd.integration.seraph.v25.CrowdAuthenticator'

Below is the authenticator code:

public class CustomCrowdAuthenticator extends CrowdAuthenticator{

public CustomCrowdAuthenticator(){
   this(RestCrowdHttpAuthenticationFactory.getAuthenticator());
}

public CustomCrowdAuthentictor(CrowdHttpAuthenticator crwodHttpAuthenticator){
   super(crowdHttpAuthenticator);
}

public Principal getUser(HttpServletRequest request, HttpServletResponse response){
   Principal user = super.getUser(request,response);
   if(user == null){
     String username = //get user name out of request
     try{
     passwordlessLogin(request,response,username,true);
     user = getUserFromSession(request);
     catch(AuthenciationException e){
       //log error
     }
   }

   return user;
}

private boolean passwordlessLogin(HttpServletRequest request, HttpServletResponse response, String username, boolean cookie) throws AuthenticatorException{

  boolean authenticated = false;
  try{
     logout(request,response);
     request.setAttribute(LoginReason.REQUEST_ATTR_NAME,null);
crowdHttpAuthenticator.authenticateWithoutValidatingPassword(request,response,username);
authenticated = true;
   }catch(Exception e){
   //log exception
   }

  String fakePassword = authenticated ? CORRECT_PASSWORD : INCORRECT_PASSWORD;

  authenticated = ((DefaultAuthenticator)this).login(request,response,username,fakePassword,cookie);

return authenticated;

}


2 answers

It should be noted that we are using Jira version 5.0.2 and Crowd version 2.4.1. I was looking inside both of these and noticed that they both use the following jars:

crowd-integration-client-common

crowd-integration-api

crowd-integration-client-rest

Jira uses version 2.3.6 of these jars, while Crowd uses 2.4.1. Does this pose a problem?

I also noticed the following:

Within firefox I'm seeing the following cookies added when I attempt to login to Jira using the customer authenticator:

crowd.token_key

Multiple instances of this cookie are inside of my browser (one login attempt produces 35 differnt cookies). Is this the token that is supplied to me by Crowd?

Suggest an answer

Log in or Sign up to answer
Community showcase
Posted Sep 25, 2018 in Jira

Atlassian Research Workshop opportunity on Sep. 28th in Austin, TX

We're looking for participants for a workshop at Atlassian! We need Jira admins who have interesting custom workflows, issue views, or boards. Think you have a story to sha...

450 views 7 5
Join discussion

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you