Uploaded image for project: 'Identity'
  1. Identity
  2. ID-6196

Cloud User is logged out of unrelated session after doing a Basic Auth call

XMLWordPrintable

      Steps to reproduce:

      Mobile App

      • Log into JIRA Mobile app
      • Do a Basic Auth request from your desktop
      • Go back to JIRA Mobile app

      Expected: You are still logged in to JIRA Mobile app
      Actual: You are logged out (the SSO token is invalid)

      Note that the mobile app only stores the studio.crowd.tokenkey SSO token.

      Web App

      • Log into JIRA Web app
      • Do a Basic Auth request
      • Go back to JIRA Web app 10 mins later

      Expected: You are still logged in to JIRA Web app
      Actual: You are logged out (the SSO token is invalid)

      Note that the JIRA Web app also uses a JIRA-specific JSESSIONID token and IIUC does some caching of the validity of the SSO token.

            [ID-6196] Cloud User is logged out of unrelated session after doing a Basic Auth call

            Michael Andreacchio made changes -
            Workflow Original: reviewflow [ 1405208 ] New: JAC Bug Workflow v3 [ 3257913 ]
            SidneyThePerson (Inactive) made changes -
            Resolution New: Cannot Reproduce [ 5 ]
            Status Original: Open [ 1 ] New: Closed [ 6 ]

            SidneyThePerson (Inactive) added a comment - - edited

            Could not reproduce this. I suspect this was an issue pre-Identity Platform when session management was quite different.

            SidneyThePerson (Inactive) added a comment - - edited Could not reproduce this. I suspect this was an issue pre-Identity Platform when session management was quite different.
            Eric S (Inactive) made changes -
            Component/s New: API authentication [ 48703 ]
            vkharisma made changes -
            Link New: This issue causes JRACLOUD-61293 [ JRACLOUD-61293 ]
            justin (Inactive) made changes -
            Link New: This issue was cloned as ID-6197 [ ID-6197 ]
            Dat Nguyen (Inactive) made changes -
            Remote Link New: This issue links to "MOB-2256 (JDOG - JIRA Team Dogfood)" [ 179616 ]

            Mark Lassau (Inactive) added a comment -

            Here is another test scenario to show the problem using an instance with both JIRA and Confluence.

            1)

            • Log in to JIRA through web client
            • now browse to /wiki

            You are automatically logged in to Confluence too (SSO)

            2)

            • Log in to JIRA through web client
            • Hit a JIRA REST resource with Basic Auth (same username)
            • now browse to /wiki ...

            Expected: You are automatically logged in to Confluence too (SSO) - just like above.
            Actual: Your session has expired

            Mark Lassau (Inactive) added a comment - Here is another test scenario to show the problem using an instance with both JIRA and Confluence. 1) Log in to JIRA through web client now browse to /wiki You are automatically logged in to Confluence too (SSO) 2) Log in to JIRA through web client Hit a JIRA REST resource with Basic Auth (same username) now browse to /wiki ... Expected: You are automatically logged in to Confluence too (SSO) - just like above. Actual: Your session has expired
            Mark Lassau (Inactive) made changes -
            Priority Original: Minor [ 4 ] New: Critical [ 2 ]
            Mark Lassau (Inactive) made changes -
            Link New: This issue causes JRA-61293 [ JRA-61293 ]

              Unassigned Unassigned
              mlassau Mark Lassau (Inactive)
              Affected customers:
              0 This affects my team
              Watchers:
              4 Start watching this issue

                Created:
                Updated:
                Resolved: