SSO Enabled JIRA attach screenshot no longer working...

JDeLong November 19, 2012

Not sure if anyone else has run into this...but I have enabled SSO via SPNEGO/custom authenticator and it turns out the attach screenshot is causing the client side JRE to prompt for username/pass. If you dismiss the popup it just dumps you back to the issue and this shows in Tomcat logs...

Nov 19, 2012 5:00:56 PM net.sourceforge.spnego.SpnegoAuthenticator doBasicAuth
INFO: Username is required.: Login failed. username=; password.hashCode()=0

Any thoughts on how to get around this from others that might have SSO enabled with this method? Can't figure out if I need to focus on the client side or server side...the directory where the attachments are stored has write privs for all JIRA users, there seem to (so far) be no other issues with being prompted once inside the app.

3 answers

0 votes
Higashi
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
November 27, 2012

We have the same problem, but with CAS as a SSO. I'll let you know when I get to the issue.

JDeLong November 27, 2012

Thank you...would be great to get feedback from others with the same issue. Seems our usergroup is OK with simply entering their credentials for this piece but I would LOVE to see it resolved :)

0 votes
Ed Letifov _TechTime - New Zealand_
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
November 19, 2012

Apologies, I am not sure what the exact problem is with the specific authenticator you are using. If by any change what you are trying to achieve is an auto-logon from Windows workstations using credentials of the user who is logged into domain you may want to look at our NTLM Authenticator for Jira and Confluence based on IOPlex Jespa which we distributed since 2008 for a very reasonable price of NZ$150 (+ Jespa license fees).

The reason I am metioning it here: 1) the trial is free 2) we haven't had any reports from the customers regarding issues with the attached files. Having said that if you do try and in your specific case there is a problem - I want to hear about it to improve our authenticator. While doing that we maybe able to suggest a solution for your original problem.

JDeLong November 20, 2012

At this point we have everything working BUT the attach screenshot applet, so I would prefer to try and find a fix. Seems to me that SPNEGO with Tomcat is well known enough that someone here must be using it with success. Thank you for you input.

0 votes
Yilin
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
November 19, 2012

I think the problem is that your SSO system is filtering the session ID including in the HTTP header, which makes that JIRA consider the user is not authenticated. Suggest to take a have look in your SSO setting whether it is possible to forward the session ID in the HTTP request.

JDeLong November 19, 2012

After making a few attempts at including session IDs in the HTTP header with no luck, coming close to being out of ideas. Seems the server side filter is including all .jsp/jspa which should cover this applet, yet it still does not work. Any chance there is a client side fix for this...whether in the browser OR java run time? Thanks in advance...

Suggest an answer

Log in or Sign up to answer