Details
-
Bug
-
Resolution: Fixed
-
Low
-
3.2.0
-
None
-
None
Description
Seems like a drawback introduced by optimisation FE-4742. When customer overrides crowd cookie name in Crowd and forgets to update cookie.tokenkey property in FishEye, Fisheye would not be able to authenticate the user. This problem is difficult to investigate as most likely requires intensive communication with the customer.
Related support issue: https://support.atlassian.com/browse/FSH-12825.
Few proposal to reduce support traffic and improve user experience:
- when CrowdAuth determines the user is not logged in, could perhaps revert to old way of retrieving cookie name from crowd and ensuring Fisheye's configured token name is the same.
- if we are worried the above could generate too much traffic on negative authentications, this check could be throttled to 1 check per hour or so
- when setting up crowd server in FishEye, FishEye could retrieve the token name and store it in local properties if different from default
- Fisheye could show token name in the admin screen so it would be easier to determine if the names are different in crowd and fisheye
- token name could be compared on each crowd synchronisation and mismatch could be logged as a warning
- or perhaps FishEye could offer a function to check token name explicitely in the admin section