Details
-
Bug
-
Resolution: Fixed
-
High
-
5.9.8, 6.0.1, 6.0.5, 6.3.4
-
35
-
Severity 3 - Minor
-
62
-
Description
Problem:
When using an external gadget (e.g., JIRA gadget "Pie Chart") in a Confluence page, every user who views the page is prompted to "Login and approve" the gadget in JIRA before they can see the content.
This happens for every user for every gadget, meaning that if I create a Confluence page using Pie Chart, Filter Results, Average Age Chart, and Two-Dimensional Issue Statistics and send it to executives for review, every executive has to "Login and Approve" every gadget. Worse, sometimes the "approval" token doesn't stick, and a user has to go through the process again.
We have tried single sign-on, creating a trusted application link, setting up 2-way oauth with impersonation, and combinations of all of the above, to no avail.
Atlassian support has confirmed there is currently no way to bypass or automate the approval.
This is unacceptable for our 10,000 user base and makes our Confluence look unprofessional.
Please allow 2-way oauth with impersonation to automatically approve external gadgets.
Note: We never experienced this problem on Confluence 5.6. We cannot roll-back our upgrade, but we are severely regretting it.
Steps to Reproduce:
- Integrate JIRA with Confluence through Application link.
- On the create application link wizard, check the same user base option and make sure the user used for the integration is exist on Confluence.
- After it, an applicaiton link with Oauth(Impersonation) will be created.
- On JIRA Dashboard, add a new gadget to find JIRA Gadget XML e.g. Filter Result Gadget.
- Copy the XML link and navigate to Confluence General Configuration > External Gadgets.
- Add the gadget by using the XML link.
- Create a new Confluence page and add a gadget by using "Other Macros"
- Choose the newly added JIRA "Filter Results" gadget.
Expected Result:
- Just like JIRA Issue Macro, the filter will be researchable or issues for JIRA Issue Macro.
Actual Result:
- "Login & Approve" will come out and user need to authenticate to retrive filters in JIRA.
Note:
Referring to the documentation Oauth Security for Applinks that using impersonation would not be needed for the user to authenticate as long the user is not redirected to the linked information:
they're automatically authenticated on the other application and don't get asked to authorize requests.
Attachments
Issue Links
- is related to
-
CONFSERVER-52397 Team Calendar doesn't display Oauth prompt for JIRA Events
- Closed
-
CONFSERVER-52843 Application Link - Oauth impersonation doesn't work as expected
- Gathering Impact
- relates to
-
CONFSERVER-46497 Label Gadget from JIRA is not working in Confluence
- Closed
-
JRASERVER-64141 Documentation request: OAuth access doesn't expire
- Closed
-
JRASERVER-65571 JIRA gadget did not use the Oauth impersonation protocol
- Gathering Impact
-
PSR-142 Loading...
- mentioned in
-
Page Loading...
-
Page Loading...
-
Page Loading...
-
Page Loading...
-
Page Loading...
-
Page Loading...
-
Page Loading...
-
Page Loading...
-
Page Loading...
-
Page Loading...
-
Page Loading...
-
Page Loading...
-
Page Loading...
-
Page Loading...
-
Page Loading...
-
Page Loading...
-
Page Loading...
-
Page Loading...
-
Page Loading...
-
Page Loading...
-
Page Loading...
-
Page Loading...
-
Page Loading...
-
Page Loading...
-
Page Loading...
-
Page Loading...
-
Page Loading...
-
Page Loading...
-
Page Loading...
-
Page Loading...
-
Page Loading...
-
Page Loading...
-
Page Loading...
-
Page Loading...
-
Page Loading...
-
Page Loading...
-
Page Loading...
-
Page Loading...
-
Page Loading...
-
Page Loading...
-
Page Loading...
-
Page Loading...
-
Page Loading...
-
Page Loading...
-
Page Loading...
-
Page Loading...