-
Suggestion
-
Resolution: Fixed
-
None
-
None
-
FishEye and/or Crucible, All Versions, All JDKs
-
5
-
Please provide a way to enable SSL, at least for the FishEye/Crucible login page.
Thank you.
- relates to
-
- Closed
[FE-212] Provide SSL Support
Jay Compton
added a comment - Another vote for full SSL support. 
Matt Block
added a comment - I would also really like to see this feature. Not being able to truly support SSL is causing problems. I had an Apache proxy which was providing SSL, but then crowd SSO wasn't working and I have a feeling it's due to the fact that the embedded webserver isn't using SSL and my CROWD cookies are all using the secure attribute. It would be GREAT if it used tomcat so the configuration was consistent with the rest of the Atlassian tools. I have JIRA/Confluence down to a science now. Is there not ANY way this can be done? What embedded browser is it using? Maybe someone in the community can figure it out.
Matt Block
added a comment - I would also really like to see this feature. Not being able to truly support SSL is causing problems. I had an Apache proxy which was providing SSL, but then crowd SSO wasn't working and I have a feeling it's due to the fact that the embedded webserver isn't using SSL and my CROWD cookies are all using the secure attribute. It would be GREAT if it used tomcat so the configuration was consistent with the rest of the Atlassian tools. I have JIRA/Confluence down to a science now. Is there not ANY way this can be done? What embedded browser is it using? Maybe someone in the community can figure it out. 
Dmitriy V. Kazimirov (OLD account - account system is stupid)
added a comment - Hi,
Please make at least Crowd (and better Crowd/JIRA too,at least old Confluence was good at this) works correctly with apache as reverse ssl proxy or at least publish manual how to setup SSL using their embedded Tomcat's?(or using WAR versions of them)
For example when I tried to setup 'apache-as-reverse-proxy-for-ssl'(each tool on separate IP,with names like jira.domain.com,id.domain.com(crowd),wiki.domain.com
but basically 'Dragon's quest' configuration) mode for our use,here are some of issues I found:
- Crowd - ProxyPreserveHost has to be set off or Crow will redirects to non-ssl mode. and without it - SSO hasn't any chance to work(Crowd says about invalid domain 127.0.0.1 in logs)
- JIRA - problem with gadgets (for example https://support.atlassian.com/browse/JSP-46113) which make ProxyPreserveHost required option and http://confluence.atlassian.com/display/JIRA/Integrating+JIRA+with+Apache+using+SSL doesn't describe how to work out situation with 'dual-proxy setup' where you arleady have certificate and key for apache (it is not possible to use JDK standard tools to import them in Tomcat's store).
Even after that - it doesn't fully work. Looks like communication with Crowd over https works sometimes
Dmitriy V. Kazimirov (OLD account - account system is stupid)
added a comment - Hi,
Please make at least Crowd (and better Crowd/JIRA too,at least old Confluence was good at this) works correctly with apache as reverse ssl proxy or at least publish manual how to setup SSL using their embedded Tomcat's?(or using WAR versions of them)
For example when I tried to setup 'apache-as-reverse-proxy-for-ssl'(each tool on separate IP,with names like jira.domain.com,id.domain.com(crowd),wiki.domain.com
but basically 'Dragon's quest' configuration) mode for our use,here are some of issues I found:
Crowd - ProxyPreserveHost has to be set off or Crow will redirects to non-ssl mode. and without it - SSO hasn't any chance to work(Crowd says about invalid domain 127.0.0.1 in logs)
JIRA - problem with gadgets (for example https://support.atlassian.com/browse/JSP-46113 ) which make ProxyPreserveHost required option and http://confluence.atlassian.com/display/JIRA/Integrating+JIRA+with+Apache+using+SSL doesn't describe how to work out situation with 'dual-proxy setup' where you arleady have certificate and key for apache (it is not possible to use JDK standard tools to import them in Tomcat's store).
Even after that - it doesn't fully work. Looks like communication with Crowd over https works sometimes
Brendan Lawlor
added a comment - I strongly support this ticket. In my case, we want to integrate with Active Directory but can't allow unencrypted passing of Windows credentials to FE. By adding this feature you'll unlock the AD integration for us, and I imagine a lot of security-conscious FE users.
Brendan Lawlor
added a comment - I strongly support this ticket. In my case, we want to integrate with Active Directory but can't allow unencrypted passing of Windows credentials to FE. By adding this feature you'll unlock the AD integration for us, and I imagine a lot of security-conscious FE users. We'll look into this, David. In the meantime, you can put FishEye behind Apache and use Apache's SSL/https support.
See http://confluence.atlassian.com/display/FISHEYE/FishEye+SSL+Configuration