Uploaded image for project: 'Jira Data Center'
  1. Jira Data Center
  2. JRASERVER-25470

REST auth method does not supply enough data to authenticate to SSO-connected instances

    XMLWordPrintable

Details

    • Bug
    • Resolution: Timed out
    • Medium
    • None
    • 4.3, 4.4
    • REST API

    • JIRA 4.4 in Studio August release

    • 4.03
    • Severity 2 - Major
    • Hide
      Atlassian Update – 04 December 2017

      Hi everyone,

      We have recently reviewed this issue and the overall interest in the problem. As the issue hasn't collect votes, watchers, comments, or support cases from many customers during its lifetime, it's very low on our priority list, and will not be fixed in the foreseeable future. That's why we've decided to resolve it as Time Out.

      Although we're aware the issue is still important to those of you who were involved in the conversations around it, we want to be clear in managing your expectations. The Jira team is focusing on issues that have broad impact and high value, reflected by the number of comments, votes, support cases, and customers interested. Please consult the Atlassian Bugfix Policy for more details.

      We understand how disappointing this decision may be, but we hope you'll appreciate our transparent approach and communication.

      Atlassian will continue to watch this issue for further updates, so please feel free to share your thoughts in the comments.

      Thank you,
      Ignat Alexeyenko
      Jira Bugmaster

      Show
      Atlassian Update – 04 December 2017 Hi everyone, We have recently reviewed this issue and the overall interest in the problem. As the issue hasn't collect votes, watchers, comments, or support cases from many customers during its lifetime, it's very low on our priority list, and will not be fixed in the foreseeable future. That's why we've decided to resolve it as Time Out . Although we're aware the issue is still important to those of you who were involved in the conversations around it, we want to be clear in managing your expectations. The Jira team is focusing on issues that have broad impact and high value, reflected by the number of comments, votes, support cases, and customers interested. Please consult the Atlassian Bugfix Policy for more details. We understand how disappointing this decision may be, but we hope you'll appreciate our transparent approach and communication. Atlassian will continue to watch this issue for further updates, so please feel free to share your thoughts in the comments. Thank you, Ignat Alexeyenko Jira Bugmaster

    Description

      When logging in via REST, (as per http://confluence.atlassian.com/display/JIRADEV/JIRA+REST+API+%28Alpha%29+Tutorial#JIRARESTAPI%28Alpha%29Tutorial-UserAuthentication ), clients call the http://hostname/rest/auth/ resource. They then take the JSESSIONID from the response body and use it for authentication on subsequent calls.

      However, when authenticating to a JIRA instance that is using Crowd SSO (e.g. JIRA inside Studio), JESSSIONID is not enough - they also need to have the Crowd token in order to correctly authenticate. This means that a REST client tested against a normal JIRA instance will fail against SSO-enabled instances.

      I think we should either modify the auth method to return SSO cookies as well, or remove the JSESSIONID from the body and force clients to pick up all cookies from the header.

      Attachments

        Activity

          People

            Unassigned Unassigned
            pwyatt Penny Wyatt (On Leave to July 2021)
            Votes:
            1 Vote for this issue
            Watchers:
            8 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: