Uploaded image for project: 'Crowd Data Center'
  1. Crowd Data Center
  2. CWD-523

The Confluence JIRA Issue macro currently uses the hard coded os_username and os_password properties for authentication, it would be nice to use the authenticated user in the browser.

    • Our product teams collect and evaluate feedback from a number of different sources. To learn more about how we use customer feedback in the planning process, check out our new feature policy.

      When CWD-314 was implemented we were able to meet the current functionality for JIRA & Confluence integration by having Crowd's JIRA integration (via Seraph) use the credentials present in the URL to be used for that given request; when grabbing RSS feeds from JIRA.

      To take this one step further we should now use the authenticated 'browser user' and not the credentials present in the request to authenticate the user; however we may need to keep backwards compatibility here by allowing both.

      Currently the Confluence jiraissue macro makes its request on the server side to JIRA, this means that Confluence is making the request to JIRA and not the browser, so any credentials present in the browser session are not used by Confluence for the request. We have two options (from what I can see to implement this feature):

      1. Provide a configuration item to the jiraportlet marco to tell it to grab the Crowd authentication token from the users session (cookie) and use that (assuming that we are on the same domain).
      2. Re-write the plugin as an 'ajax-based' macro so the browser makes the request and not Confluence, this would then simply use the currently authenticated Confluence user for the request on JIRA.

            [CWD-523] The Confluence JIRA Issue macro currently uses the hard coded os_username and os_password properties for authentication, it would be nice to use the authenticated user in the browser.

            Katherine Yabut made changes -
            Workflow Original: JAC Suggestion Workflow [ 3389076 ] New: JAC Suggestion Workflow 3 [ 3630908 ]
            Status Original: RESOLVED [ 5 ] New: Closed [ 6 ]
            Monique Khairuliana (Inactive) made changes -
            Workflow Original: Simplified Crowd Development Workflow v2 [ 1392966 ] New: JAC Suggestion Workflow [ 3389076 ]
            Issue Type Original: Improvement [ 4 ] New: Suggestion [ 10000 ]
            vkharisma made changes -
            Link New: This issue relates to CONFCLOUD-1595 [ CONFCLOUD-1595 ]
            Owen made changes -
            Workflow Original: Crowd Development Workflow v2 [ 272877 ] New: Simplified Crowd Development Workflow v2 [ 1392966 ]
            jawong.adm made changes -
            Workflow Original: Feature Request Workflow [ 173964 ] New: Crowd Development Workflow v2 [ 272877 ]
            Justin Koke made changes -
            Workflow Original: jira [ 86909 ] New: Feature Request Workflow [ 173964 ]
            DonnaA made changes -
            Fix Version/s Original: 1.3 - Items to Consider [ 12268 ]
            David O'Flynn [Atlassian] made changes -
            Resolution New: Fixed [ 1 ]
            Status Original: Open [ 1 ] New: Resolved [ 5 ]

            Versions of JIRA and Confluence have been released that provide Trusted Application support, allowing secure communication between the applications.

            This issue is therefore moot. If you have concerns or would like additional functionality, as always, please let us know.

            David O'Flynn [Atlassian] added a comment - Versions of JIRA and Confluence have been released that provide Trusted Application support, allowing secure communication between the applications. This issue is therefore moot. If you have concerns or would like additional functionality, as always, please let us know.

            While the PKI method sounds reasonable at the high level, I would like the individual user authentication level to apply to whatever data they are retrieving from the other system.

            While I understand creating PKI for everyone else, how about a more integrated version for those of us who DO have crowd.

            Preston Tollinger added a comment - While the PKI method sounds reasonable at the high level, I would like the individual user authentication level to apply to whatever data they are retrieving from the other system. While I understand creating PKI for everyone else, how about a more integrated version for those of us who DO have crowd.

              justen.stepka@atlassian.com Justen Stepka [Atlassian]
              justin@atlassian.com Justin Koke
              Votes:
              13 Vote for this issue
              Watchers:
              8 Start watching this issue

                Created:
                Updated:
                Resolved: