Details
-
Suggestion
-
Resolution: Unresolved
-
None
-
None
Description
Problem Definition
For example, when a REST API call is made to Atlassian application (Confluence, Jira, BB), it'll return a token. In possession of this token, a user can use it in a browser and access Crowd's applications via Web UI.
If I have a central authentication server in my infrastructure (which enables 2FA, for example), that will handle requests made to my applications (Crowd included), then having this SSO token allowing UI access due to a REST call will bypass my 2FA auth app, which is not desirable.