Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Problem authenticating Jira with Crowd with customer Authenticator

Rob Gordon
Rob Gordon September 4, 2012

We would like to use passwordless authentication when authenticating Jira with Crowd. Our project has followed the steps listed here to set up the two applications; the only difference being that we are using our customer authenticator in place of 'com.atlassian.jira.security.login.SSOSeraphAuthenticator".

While tailing the Crowd logs and accessing JIRA we can see that the custom authenticator is accessing Crowd. The user being passed to Crowd is set up as having accesing to JIRA inside of the Crowd. Crowd reports that it recognizes the user and that the user has access to JIRA. A problem occurs when Crowd tries to update its database and we see the below errors:

Could not synchronize database state with session: org.hibernate.StaleStateException: Batch update returned unexcepted row count from update [0]; actual row count: 0; expected: 1

java.sql.BatchUpdateException: Duplicate entry 'XXXXXX' for key 'identifier_hash'

I'm simply paraphrasing the stack trace here; the original stacktrace is on a seperate system than I can't transfer over and upload.

The username is set in the HTTPRequest by a Tomcat Filter before reaching the custom Authenticator.

The custom authenticator extends 'com.atlassian.crowd.integration.seraph.v25.CrowdAuthenticator'

Below is the authenticator code:

public class CustomCrowdAuthenticator extends CrowdAuthenticator{

public CustomCrowdAuthenticator(){
   this(RestCrowdHttpAuthenticationFactory.getAuthenticator());
}

public CustomCrowdAuthentictor(CrowdHttpAuthenticator crwodHttpAuthenticator){
   super(crowdHttpAuthenticator);
}

public Principal getUser(HttpServletRequest request, HttpServletResponse response){
   Principal user = super.getUser(request,response);
   if(user == null){
     String username = //get user name out of request
     try{
     passwordlessLogin(request,response,username,true);
     user = getUserFromSession(request);
     catch(AuthenciationException e){
       //log error
     }
   }

   return user;
}

private boolean passwordlessLogin(HttpServletRequest request, HttpServletResponse response, String username, boolean cookie) throws AuthenticatorException{

  boolean authenticated = false;
  try{
     logout(request,response);
     request.setAttribute(LoginReason.REQUEST_ATTR_NAME,null);
crowdHttpAuthenticator.authenticateWithoutValidatingPassword(request,response,username);
authenticated = true;
   }catch(Exception e){
   //log exception
   }

  String fakePassword = authenticated ? CORRECT_PASSWORD : INCORRECT_PASSWORD;

  authenticated = ((DefaultAuthenticator)this).login(request,response,username,fakePassword,cookie);

return authenticated;

}



 


 

					
				
			
			
			
				
			
			
			
			
			
			
		

		
		
	

	
	


	

		
	
		

	
	

	
		

			
		
			
					
		
	
				
		
			
					
		
	
				
		
	
		

	
	


		

	

		

			

	
		

			
		
			
Answer
		
			

     Watch  

		
			

      Like    Be the first to like this  


		
			
    
		
			
412 views
		
	
		

	
	

	
		

			
		
			
		
	
		

	
	


		

	



		

	

	

	






		
			











  


  

    

      2 answers
    




  

  


  







      



        



	

	

	 
	
	
	 
	
	

	

	

	
		

			

			
	

	

		


	

	
		

			

				
					
		

			
 

			

				

					

		

		

		

		

		

		

		

		

		

		

		

		

		

		

		

		

		

		

		

		

		

		

		

		

		

		

		

		

		

		

		

			

	

		

			

	
		
			




 
      
 0  votes  
 
 
 
 
 
  
 
 
 
 

		
			

 
 Rob Gordon  
 
 Rob Gordon  September 4, 2012         
 

		
	
	


		

	

		

			

	
		
			

		

	
		

			
				
					
					
						
I also noticed the following:


Within firefox I'm seeing the following cookies added when I attempt to login to Jira using the customer authenticator:


crowd.token_key


Multiple instances of this cookie are inside of my browser (one login attempt produces 35 differnt cookies). Is this the token that is supplied to me by Crowd?

					
				
			
			
			
				
			
			
			
			
			
			
		

		
		
	

	
	


	

		
	
	


		

	

		

			
		

	



		

	
				

			

			
 

		

	
				
				
			

		

	

	

	



	

	


	

	
	
	

	
		

	       	
	 

	
		
	

	       	
		

	



        



    

      Reply
    

      
       



        



	

	

	 
	
	
	 
	
	

	

	

	
		

			

			
	

	

		


	

	
		

			

				
					
		

			
 

			

				

					

		

		

		

		

		

		

		

		

		

		

		

		

		

		

		

		

		

		

		

		

		

		

		

		

		

		

		

		

		

		

		

			

	

		

			

	
		
			




 
      
 0  votes  
 
 
 
 
 
  
 
 
 
 

		
			

 
 Rob Gordon  
 
 Rob Gordon  September 4, 2012         
 

		
	
	


		

	

		

			

	
		
			

		

	
		

			
				
					
					
						
It should be noted that we are using Jira version 5.0.2 and Crowd version 2.4.1. I was looking inside both of these and noticed that they both use the following jars:


crowd-integration-client-common


crowd-integration-api


crowd-integration-client-rest


Jira uses version 2.3.6 of these jars, while Crowd uses 2.4.1. Does this pose a problem?

					
				
			
			
			
				
			
			
			
			
			
			
		

		
		
	

	
	


	

		
	
	


		

	

		

			
		

	



		

	
				

			

			
 

		

	
				
				
			

		

	

	

	



	

	


	

	
	
	

	
		

	       	
	 

	
		
	

	       	
		

	



        



    

      Reply
    

      
 
  
    
  




  




 
Suggest an answer
 
 Log in or Sign up to answer 
 
  
		
			

		
			

		
	
	


		

			

	
		
			
		
			
		
			

   
 Jira 
  
 Jira Software 
  
 
TAGS
   


		
			

		
			
  
 
 
 
 AUG Leaders 
 
 
 
Atlassian Community Events
 
 
 
 
 
     
     See all events