Stash Single Sign-on Plugin

At my company we have a custom Jira plugin based on Seraph. I'd like to use the same plugin or a variation of it, with Stash. Is that possible or can Seraph only be used with Jira or Confluence?

If the Seraph approach can't work with Stash is there any other options for a custom SSO plugin?

4 answers

0 vote

Hi Dan,

Stash does not use Seraph (it uses Spring Security instead), so you can't use the same plugin for Stash. I am currently working on a new plugin point for Stash to allow you to hook into Stash's authentication without having to modify any of core Stash. This will allow you to implement your SSO integration as a plugin.

I'd be interested in your requirements to ensure that the plugin point provides all the necessary hooks. Feel free to email me directly at mheemskerk [at]



Thanks Michael, I'm planning to contact you to discuss the details of the plugin approach but wanted to talk to the person in my company that wrote our Jira plugin first and I haven't had a chance to do that yet.

In the mean time, I've been assuming I could use an SSO approach via Apache. For our internal Fisheye instance we use an Apache web-agent (OpenSSO) via the ajp13 bind setting. For Stash I don't see any reference to ajp13 in the admin interface. Does that mean the Apache web-agent opensso approach won't work either?

In our case we implemented a Stash authentication plugin that takes the REMOTE_USER (set by our SSO system) variable via AJP (JkEnv) and a request property. Is such a common scenario that I am a bit surprised that it is not provided out of the box by Stash.

We had to do the same for JIRA, Confluence and Bamboo with Seraph, but in this case is less convenient, because you can not do it as a plugin AFAIK and have to change the seraph config file.


We are in the process of setting up Stash in our SSO environment as well. I've written a SSO plugin for Jira as well and it integrated nicely with Jira and the Seraph configs. Were you able to do something similar with Stash? It sounds like you were able to send an authenticated user value of some sort to Stash to effect a login. It this the case?


Thanks for that Daniel,

I'll look into adding builtin support for container-provided authentication, which is what your SSO integration is doing.

@Evan, could be a starting point for your plugin, all you'd need to do is get the username from request.getRemoteUser() and use that to pre-authenticate.


On the topic of container-provided authentication: I am in an Active Directory environment. I developed a JSR-196 compliant module that runs in our glassfish container to do Kerberos SSO (with an ldap fallback and pre-emptive BASIC support) for our internally developed java apps. I currently use LDAP in our atlassian products. If Stash (or other atlassian apps) could support container-managed authentication, we could use our module to authenticate. I just thought I'd throw this use case out there in case you are considering something similar to this.

I've created to track adding support for container-managed authentication to Stash.

Thanks Michael, that would be a very welcome feature. Could you please post here the relevant JIRA issue when/if it gets created? Any chance of convincing the JIRA/Confluence guys to do the same ;-) ?

Evan, yes we managed to do it for Stash alright. Our code is very similar to the example linked by Michael but with the addition of:

- Automatic logout if the current cached user was authenticated from SSO and the SSO credential disappears.

- Skipping any further processing if the current user and the one in SSO are already the same


Hi Daniel Varela Santoalla & Michael Heemskerk [Atlassian]

How to Implemet SSO with Apache and how to configure Apache request.

Suggest an answer

Log in or Join to answer
Community showcase
Jason Wong
Published Tuesday in Agility Beta

Welcome to agility

Every team in the world is unique, and so   Atlassian believes   that each and every team's best way of working  needs to  be molded to their unique circumstances  – ...

430 views 6 16
Read article

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you
Atlassian Team Tour

Join us on the Team Tour

We're bringing product updates and pro tips on teamwork to ten cities around the world.

Save your spot