• Icon: Suggestion Suggestion
    • Resolution: Duplicate
    • 2.0
    • None
    • N/A
    • We collect Confluence feedback from various sources, and we evaluate what we've collected when planning our product roadmap. To understand how this piece of feedback will be reviewed, see our Implementation of New Features Policy.

      Confluence uses cookies for authentication – well and good. But, I really really find it useful to track wikis using news aggregators via a wiki's RSS feed(s). Did I mention really useful.

      There are plenty of news aggregators out there that can handle http authentication, either in the url or not. My favorite (sharpreader) does, newsgator, etc.

      None that I know of are equiped to use cookies at all. While I think it wouldn't be hard to add something like this (esp. for aggregators that integrate the browser somehow), they have argued that it doesn't make sense for RSS feeds to use cookie authentication. That makes sense – there is no need to remember session/state information with an RSS feed, which is the point of cookies in my understanding.

      Can JIRA be tailored to use HTTP authentication for for the RSS feeds, when those feeds originate from spaces that require authentication? I realize that spaces can be tailored so that non-authenticated users can read them, but we just can't go that way, I'm told.

            [CONFSERVER-593] Use HTTP authentication for RSS feeds

            One problem we have with the os_username... solution is that all our passwords end up in the http logs

            Robert Castaneda[ServiceRocket] added a comment - One problem we have with the os_username... solution is that all our passwords end up in the http logs

            Jason Shao added a comment -

            As a CAS single-signon institution, I know I for one would like hooks to be able to plug-in a proxy-ticket so that a portal or JIRA could transparently authenticate on behalf of a user. Any thoughts on how that might be accomplished?

            Jason Shao added a comment - As a CAS single-signon institution, I know I for one would like hooks to be able to plug-in a proxy-ticket so that a portal or JIRA could transparently authenticate on behalf of a user. Any thoughts on how that might be accomplished?

            jens added a comment -

            Linked it to CONF-593 as duplicate.

            jens added a comment - Linked it to CONF-593 as duplicate.

            We could also clone the way FishEye does this, it's quite neat. They have an authtoken applied to each URL instead of username/password (stored in a table I presume, keyed by username) and then a function to purge all old tokens.

            m

            Mike Cannon-Brookes added a comment - We could also clone the way FishEye does this, it's quite neat. They have an authtoken applied to each URL instead of username/password (stored in a table I presume, keyed by username) and then a function to purge all old tokens. m

            Tim Dawson added a comment -

            this obviously isn't an ideal solution, all the newsreaders out there direct you to HTTP authentication, which our users have tried and given up on, and we've had trouble with internal adoption.

            now that I know this is a possibility, maybe they will start again, but I know at least some will object to putting their password in cleartext in the URL. Seraph should be modified to be able to read and use the basic authentication http header.

            at a minimum, the page displayed by the listrssfeeds action should include this information - as I said we've had trouble getting other projects in our organization to start using Confluence because they didn't think it could be done.

            Tim Dawson added a comment - this obviously isn't an ideal solution, all the newsreaders out there direct you to HTTP authentication, which our users have tried and given up on, and we've had trouble with internal adoption. now that I know this is a possibility, maybe they will start again, but I know at least some will object to putting their password in cleartext in the URL. Seraph should be modified to be able to read and use the basic authentication http header. at a minimum, the page displayed by the listrssfeeds action should include this information - as I said we've had trouble getting other projects in our organization to start using Confluence because they didn't think it could be done.

            EXTERNAL MESSAGE:
            SUBJECT: Re: [JIRA] Commented: (CONF-593) Use HTTP authentication for RSS
            feeds

            Excellent!! Sorry about not making particular sense...

            =================================-=
            Nathaniel Titterton nate@socrates.berkeley.edu
            CITRIS PostDoc 510-643-4685
            275 Hearst Mining U.C. Berkeley, Berkeley, CA 94720

            On Fri, 30 Jan 2004 jira@atlassian.com wrote:

            Nathaniel Titterton added a comment - EXTERNAL MESSAGE: SUBJECT: Re: [JIRA] Commented: ( CONF-593 ) Use HTTP authentication for RSS feeds Excellent!! Sorry about not making particular sense... = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =-= Nathaniel Titterton nate@socrates.berkeley.edu CITRIS PostDoc 510-643-4685 275 Hearst Mining U.C. Berkeley, Berkeley, CA 94720 On Fri, 30 Jan 2004 jira@atlassian.com wrote:

            Nathaniel,

            You can already do this (if I understand you correctly).

            You should be able to append &os_username=username&os_password=password to any URL and it will log you in transparently (gotta love Seraph!). If you do this to the RSS URL in your news aggregator, it will return you the RSS feed as if you were logged in.

            Does that work for you? Or do you need something more?

            Cheers,
            Mike

            Mike Cannon-Brookes added a comment - Nathaniel, You can already do this (if I understand you correctly). You should be able to append &os_username=username&os_password=password to any URL and it will log you in transparently (gotta love Seraph!). If you do this to the RSS URL in your news aggregator, it will return you the RSS feed as if you were logged in. Does that work for you? Or do you need something more? Cheers, Mike

              jens@atlassian.com jens
              3e4b86e43306 Nathaniel Titterton
              Votes:
              3 Vote for this issue
              Watchers:
              1 Start watching this issue

                Created:
                Updated:
                Resolved: