Uploaded image for project: 'Jira Service Management Cloud'
  1. Jira Service Management Cloud
  2. JSDCLOUD-1025

Service Desk login does NOT respect use of custom Seraph Authenticator

    • Our product teams collect and evaluate feedback from a number of different sources. To learn more about how we use customer feedback in the planning process, check out our new feature policy.

      NOTE: This suggestion is for JIRA Service Desk Cloud. Using JIRA Service Desk Server? See the corresponding suggestion.

      We use a custom Seraph authenticator / Seraph config to authenticate users against an external Single Sign On process to log in to our JIRA instance.

      Standard pages within JIRA (e.g., browsing to a specific issue) correctly respect the Seraph config and redirect unauthenticated users according to the Seraph login.url1 parameter.

      Service Desk does not respect this parameter, and instead, prompts unauthenticated users to log in via it's own custom login page (e.g., <server>/servicedesk/customer/portal/1/user/login).

      This is problematic for us. Our users who land on the Service Desk provided login page are stuck; their accounts in JIRA do not have passwords set up, so they can never successfully login on this page.


      Steps to reproduce expected behavior:

      1. Configure JIRA to use a seraph-config.xml Seraph configuration that includes a value for the login.url parameter.
      2. Be logged OUT of JIRA.
      3. Browse to a secure page not provided by Service Desk, e.g., <server>/browse/DESK-2.
      4. Notice that JIRA redirects you to the login page provided in the Seraph configuration

      Steps to reproduce wrong behavior:

      1. Configure JIRA to use a seraph-config.xml Seraph configuration that includes a value for the login.url parameter.
      2. Be logged OUT of JIRA.
      3. Browse to a secure page provided by Service Desk, e.g., <server>/servicedesk/customer/portal/1/DESK-2.
      4. Notice that JIRA does not redirect you to the login page provided in the Seraph configuration


      Attached, please find three screenshots:

      • A snippet of our seraph-config.xml file
      • Network activity when starting un-authenticated, going to a "standard" JIRA page, and having JIRA redirect the user according to the Seraph configuration
      • Network activity when starting un-authenticated, going to a Service Desk provided page, and having JIRA (wrongly) redirect the user – not to the Seraph specified location – but to a custom Service Desk login page

            [JSDCLOUD-1025] Service Desk login does NOT respect use of custom Seraph Authenticator

            Katherine Yabut made changes -
            Workflow Original: JAC Suggestion Workflow [ 3443913 ] New: JAC Suggestion Workflow 3 [ 3695107 ]
            Status Original: RESOLVED [ 5 ] New: Closed [ 6 ]
            Monique Khairuliana (Inactive) made changes -
            Workflow Original: JSD Suggestion Workflow - TEMP [ 2319645 ] New: JAC Suggestion Workflow [ 3443913 ]
            Status Original: Closed [ 6 ] New: Resolved [ 5 ]
            Katherine Yabut made changes -
            Workflow Original: JSD Suggestion Workflow [ 2051822 ] New: JSD Suggestion Workflow - TEMP [ 2319645 ]
            Katherine Yabut made changes -
            Workflow Original: JSD Suggestion Workflow - TEMP [ 2047098 ] New: JSD Suggestion Workflow [ 2051822 ]
            Katherine Yabut made changes -
            Workflow Original: JSD Suggestion Workflow [ 1872176 ] New: JSD Suggestion Workflow - TEMP [ 2047098 ]
            jonah (Inactive) made changes -
            Description Original: We use a custom Seraph authenticator / Seraph config to authenticate users against an external Single Sign On process to log in to our JIRA instance.

            Standard pages within JIRA (e.g., browsing to a specific issue) correctly respect the Seraph config and redirect unauthenticated users according to the Seraph {{login.url}}[^1^|https://docs.atlassian.com/atlassian-seraph/latest/configuration.html|] parameter.

            Service Desk does _not_ respect this parameter, and instead, prompts unauthenticated users to log in via it's own custom login page (e.g., {{<server>/servicedesk/customer/portal/1/user/login}}).

            This is problematic for us. Our users who land on the Service Desk provided login page are stuck; their accounts in JIRA do not have passwords set up, so they can never successfully login on this page.\\
            \\
            \\
            Steps to reproduce *expected* behavior:

            1. Configure JIRA to use a {{seraph-config.xml}} Seraph configuration that includes a value for the {{login.url}} parameter.
            2. Be logged OUT of JIRA.
            3. Browse to a secure page _not_ provided by Service Desk, e.g., {{<server>/browse/DESK-2.}}
            4. Notice that JIRA redirects you to the login page provided in the Seraph configuration


            Steps to reproduce *wrong* behavior:

            1. Configure JIRA to use a {{seraph-config.xml}} Seraph configuration that includes a value for the {{login.url}} parameter.
            2. Be logged OUT of JIRA.
            3. Browse to a secure page _provided by_ Service Desk, e.g., {{<server>/servicedesk/customer/portal/1/DESK-2}}.
            4. Notice that JIRA does _not_ redirect you to the login page provided in the Seraph configuration\\
            \\
            \\
            Attached, please find three screenshots:
            - A snippet of our {{seraph-config.xml}} file
            - Network activity when starting un-authenticated, going to a "standard" JIRA page, and having JIRA redirect the user according to the Seraph configuration
            - Network activity when starting un-authenticated, going to a Service Desk provided page, and having JIRA (wrongly) redirect the user -- not to the Seraph specified location -- but to a custom Service Desk login page
            New: {panel:bgColor=#e7f4fa}
              *NOTE:* This suggestion is for *JIRA Service Desk Cloud*. Using *JIRA Service Desk Server*? [See the corresponding suggestion|http://jira.atlassian.com/browse/JSDSERVER-1025].
              {panel}

            We use a custom Seraph authenticator / Seraph config to authenticate users against an external Single Sign On process to log in to our JIRA instance.

            Standard pages within JIRA (e.g., browsing to a specific issue) correctly respect the Seraph config and redirect unauthenticated users according to the Seraph {{login.url}}[^1^|https://docs.atlassian.com/atlassian-seraph/latest/configuration.html|] parameter.

            Service Desk does _not_ respect this parameter, and instead, prompts unauthenticated users to log in via it's own custom login page (e.g., {{<server>/servicedesk/customer/portal/1/user/login}}).

            This is problematic for us. Our users who land on the Service Desk provided login page are stuck; their accounts in JIRA do not have passwords set up, so they can never successfully login on this page.\\
            \\
            \\
            Steps to reproduce *expected* behavior:

            1. Configure JIRA to use a {{seraph-config.xml}} Seraph configuration that includes a value for the {{login.url}} parameter.
            2. Be logged OUT of JIRA.
            3. Browse to a secure page _not_ provided by Service Desk, e.g., {{<server>/browse/DESK-2.}}
            4. Notice that JIRA redirects you to the login page provided in the Seraph configuration


            Steps to reproduce *wrong* behavior:

            1. Configure JIRA to use a {{seraph-config.xml}} Seraph configuration that includes a value for the {{login.url}} parameter.
            2. Be logged OUT of JIRA.
            3. Browse to a secure page _provided by_ Service Desk, e.g., {{<server>/servicedesk/customer/portal/1/DESK-2}}.
            4. Notice that JIRA does _not_ redirect you to the login page provided in the Seraph configuration\\
            \\
            \\
            Attached, please find three screenshots:
            - A snippet of our {{seraph-config.xml}} file
            - Network activity when starting un-authenticated, going to a "standard" JIRA page, and having JIRA redirect the user according to the Seraph configuration
            - Network activity when starting un-authenticated, going to a Service Desk provided page, and having JIRA (wrongly) redirect the user -- not to the Seraph specified location -- but to a custom Service Desk login page
            jonah (Inactive) made changes -
            Link New: This issue is related to JSDSERVER-1025 [ JSDSERVER-1025 ]
            vkharisma made changes -
            Project Import New: Sun Apr 02 00:24:18 UTC 2017 [ 1491092658763 ]
            Confluence Escalation Bot (Inactive) made changes -
            Labels Original: pm sdt New: affects-server pm sdt
            Owen made changes -
            Workflow Original: TTT: Simple Issue Tracking Workflow [ 756711 ] New: JSD Suggestion Workflow [ 1279724 ]
            Status Original: Done [ 10044 ] New: Closed [ 6 ]

              mmcmahon Matthew McMahon (Inactive)
              4a5c06810f17 Adam Krouskop
              Votes:
              24 Vote for this issue
              Watchers:
              37 Start watching this issue

                Created:
                Updated:
                Resolved: