Details
-
Suggestion
-
Resolution: Answered
-
None
Description
NOTE: This suggestion is for Confluence Server. Using Confluence Cloud? See the corresponding suggestion.
The rest calls for the JIRA issues macro are not properly following 302 redirects. When returning from a shibboleth authenticator you are also forwarding shibboleth cookie data. The JIRA issues macro is parse the 302 response which is invalid data. Preferred behavior is to test for the 302 redirect and if it exists redirect the call back to the original REST api call. this will ensure the the proper JSON output
[~]$ openssl s_client -CAfile AddTrustExternalCARoot.crt -connect jira.xxxx.com:443 CONNECTED(00000003) depth=2 /C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust External CA Root verify return:1 depth=1 /C=US/O=Internet2/OU=InCommon/CN=InCommon Server CA verify return:1 depth=0 /C=US/2.5.4.17=53706/ST=ST/L=City/2.5.4.9=1234 Main Street/O=Organization/OU=Operational Unit/CN=jira.xxxx.com verify return:1 --- Certificate chain 0 s:/C=US/2.5.4.17=53706/ST=ST/L=City/2.5.4.9=1234 Main Street/O=Organization/OU=Operational Unit/CN=jira.xxxx.com i:/C=US/O=Internet2/OU=InCommon/CN=InCommon Server CA 1 s:/C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust External CA Root i:/C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust External CA Root 2 s:/C=US/O=Internet2/OU=InCommon/CN=InCommon Server CA i:/C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust External CA Root 3 s:/C=US/2.5.4.17=53706/ST=ST/L=City/2.5.4.9=1234 Main Street/O=Organization/OU=Operational Unit/CN=jira.xxxx.com i:/C=US/O=Internet2/OU=InCommon/CN=InCommon Server CA --- Server certificate -----BEGIN CERTIFICATE----- I assure you I am a certificate -----END CERTIFICATE----- subject=/C=US/2.5.4.17=53706/ST=ST/L=City/2.5.4.9=1234 Main Street/O=Organization/OU=Operational Unit/CN=jira.xxxx.com issuer=/C=US/O=Internet2/OU=InCommon/CN=InCommon Server CA --- No client certificate CA names sent --- SSL handshake has read 5713 bytes and written 343 bytes --- New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA Server public key is 2048 bit Secure Renegotiation IS supported SSL-Session: Protocol : TLSv1 Cipher : DHE-RSA-AES256-SHA Session-ID: Session-ID Session-ID-ctx: Master-Key: I assure you I am key Key-Arg : None Krb5 Principal: None Start Time: 1347681912 Timeout : 300 (sec) Verify return code: 0 (ok) --- GET https://jira.xxxx.com/jira/sr/jira.issueviews:searchrequest-rss/12456/SearchRequest-12456.xml?tempMax=1000 <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>302 Found</title> </head><body> <h1>Found</h1> <p>The document has moved <a href="https://confluence.xxxx.com/DS/WAYF?entityID=https%3A%2F%2Fjira.xxxx.com%2Fshibboleth&return=https%3A%2F%2Fjira.xxxx.comhttps%3A%2FShibboleth.sso%2FDS%3FSAMLDS%3D1%26target%3Dss%253Amem%253A61c65287d6bd8695b4fb73b7de01681ab016837d">here</a>.</p> </body></html> closed
Improvement Request
The decision not to follow redirects is valid for Confluence, and Atlassian products. However it has an unintended side-effect when used with the Shibboleth Authenticator Plugin, so the behaviour could be improved.
Attachments
Issue Links
- relates to
-
- Closed
- mentioned in
-
Page Loading...