Uploaded image for project: 'Crowd'
  1. Crowd
  2. CWD-5582

As an admin, I wish to avoid Atlassian Application from sending SSO tokens in Basic Auth requests

    XMLWordPrintable

    Details

    • Feedback Policy:

      Our product teams collect and evaluate feedback from a number of different sources. To learn more about how we use customer feedback in the planning process, check out our new feature policy.

      Description

      Problem Definition

      For example, when a REST API call is made to Atlassian application (Confluence, Jira, BB), it'll return a token. In possession of this token, a user can use it in a browser and access Crowd's applications via Web UI.

      If I have a central authentication server in my infrastructure (which enables 2FA, for example), that will handle requests made to my applications (Crowd included), then having this SSO token allowing UI access due to a REST call will bypass my 2FA auth app, which is not desirable.

        Attachments

          Activity

            People

            Assignee:
            Unassigned
            Reporter:
            omedeiros@atlassian.com Osimar Medeiros
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Dates

              Created:
              Updated: