Unable to establish an application link between when Jira and Fisheye are in different domains

XMLWordPrintable

    • Minor

      Issue Summary

      This happens once Fisheye/Crucible is upgraded to 4.8.15 version. In that version more strict cookie policy has been implemented (see FE-7515).

      When Jira and Fisheye/Crucible are located on servers in different domains, configuration of the application link between them cannot be completed.

      For an already established link, following links from the Jira dev panel to Fisheye redirects to the login screen. 

      Steps to Reproduce

      0. Ensure logged in on both Fisheye and Jira Cloud
      1. Go to Repositories admin
      2. Select wheel icon | Application Links
      3. Select Add Link | Jira - proddev (Jira)
      4. On Authorization required popup, select Authorize
      5. on Welcome to Jira redirect page, select Allow
      Result is the following error page:

      "Authentication failed! You have to be logged in to complete OAuth authentication. This may occur as a result if you have actually logged out or the session has expired."

      Expected Results

      Jira to Fisheye application link setup should be completed after redirects.

      Actual Results

      Jira to Fisheye application link cannot be created.

      Workaround

      1. SSH to the Fisheye instance
      2. Open file $FISHEYE_HOME/content/WEB-INF/web.xml
      3. Replace 

      __SAME_SITE_STRICT__

      to 

      __SAME_SITE_LAX__

      in cookie config:

              <cookie-config>
            <name>FESESSIONID</name>
            <http-only>true</http-only>
            <comment>__SAME_SITE_LAX__</comment>
        </cookie-config>

       4. Restart Fisheye.

      5. apply a byteman script

      RULE newRememberMeHttpCookieLax
CLASS com.cenqua.fisheye.user.DefaultUserManager
METHOD newRememberMeHttpCookie
AT ENTRY
BIND
 ctxPath:java.lang.String = $1.getContextPath() == 0 ? "/" : req.getContextPath();
 c:javax.servlet.http.Cookie = new javax.servlet.http.Cookie("remember");
IF TRUE
DO
 c.setValue($2);
 c.setHttpOnly(true);
 c.setComment("__SAME_SITE_LAX__");
 c.setSecure($1.isSecure());
 c.setPath(ctxPath);
 return c;
ENDRULE

      to enable Byteman refer to Enable Byteman for additional logging in Fisheye and Crucible

      References

      See similar issue FE-7538 related with session cookies and application server's context path.

            Assignee:
            Bohdan Hravchenko (Inactive)
            Reporter:
            Bohdan Hravchenko (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            8 Start watching this issue

              Created:
              Updated:
              Resolved:

                Estimated:
                Original Estimate - Not Specified
                Not Specified
                Remaining:
                Remaining Estimate - Not Specified
                Not Specified
                Logged:
                Time Spent - 0.1h
                0.1h