Loading...

XML

Word

Printable

Type: Bug
Resolution: Low Engagement
Priority: Low
Fix Version/s: None
Affects Version/s: 3.3.3, 4.2.2
Component/s: Authentication / Security
Labels:
- cleanup-seos-fy25

Support reference count:
1
Symptom Severity:
Severity 3 - Minor
UIS:
1
Bug Fix Policy:
View Atlassian Server bug fix policy

Issue Summary

CrowdAuthenticationProvider's supports() method rejects any authenticationTokens which have a non-null description. It should accept authenticationTokens that have a description (particularly UsernamePasswordAuthenticationTokens, else Username/Password authentication is never accepted by the CrowdAuthenticationProvider).

Steps to Reproduce

When debugging the auth process, inside the following method the authenticationToken.getDetails() doesn't return null, so it throws a false, which in turn causes the authenticate call to return null.

public boolean supports(AbstractAuthenticationToken authenticationToken) {
    return authenticationToken.getDetails() == null || authenticationToken.getDetails() instanceof CrowdSSOAuthenticationDetails;
}

public Authentication authenticate(Authentication authentication) throws AuthenticationException {
    if (!this.supports(authentication.getClass())) {
        return null;
    } else if (!this.supports((AbstractAuthenticationToken)authentication)) {
        return null;
    } else {
        Authentication authenticatedToken = null;
        if (authentication instanceof UsernamePasswordAuthenticationToken) {
            logger.debug("Processing a UsernamePasswordAuthenticationToken");
            authenticatedToken = this.authenticateUsernamePassword((UsernamePasswordAuthenticationToken)authentication);
        } else if (authentication instanceof CrowdSSOAuthenticationToken) {
            logger.debug("Processing a CrowdSSOAuthenticationToken");
            authenticatedToken = this.authenticateCrowdSSO((CrowdSSOAuthenticationToken)authentication);
        }

        return authenticatedToken;
    }
}

As a result the UI displays the following:

No AuthenticationProvider found for org.springframework.security.authentication.UsernamePasswordAuthenticationToken

Expected Results

CrowdAuthenticationProvider should accept UsernamePasswordAuthenticationTokens

Actual Results

CrowdAuthenticationProvider does not accept UsernamePasswordAuthenticationTokens

Workaround

Users have been able to resolve the issue by replacing the implementation with authenticationToken.getDetails() != null, which is covered in the following Community post:

Integrating Atlassian Crowd with Spring Boot 2.1.7 via Spring Security - Issues

Assignee:: Unassigned

Reporter:: Manny (Inactive)

Votes:: 1 Vote for this issue

Watchers:: 3 Start watching this issue

Created:: 26/Jan/2021 5:06 PM

Updated:: 09/Apr/2025 5:25 PM

Resolved:: 09/Apr/2025 5:25 PM

Details

Description

Issue Summary

Steps to Reproduce

Expected Results

Actual Results

Workaround

Attachments

Forms

Activity

People

Dates