[JSDSERVER-1025] Service Desk login does NOT respect use of custom Seraph Authenticator

Type: Suggestion
Resolution: Fixed
Fix Version/s: 3.0.2
Component/s: API and Integrations
Labels:
- affects-server
- pm
- sdt

Feedback Policy:

We collect Jira Service Desk feedback from various sources, and we evaluate what we've collected when planning our product roadmap. To understand how this piece of feedback will be reviewed, see our Implementation of New Features Policy.

NOTE: This suggestion is for JIRA Service Desk Server. Using JIRA Service Desk Cloud? See the corresponding suggestion.

We use a custom Seraph authenticator / Seraph config to authenticate users against an external Single Sign On process to log in to our JIRA instance.

Standard pages within JIRA (e.g., browsing to a specific issue) correctly respect the Seraph config and redirect unauthenticated users according to the Seraph login.url¹ parameter.

Service Desk does not respect this parameter, and instead, prompts unauthenticated users to log in via it's own custom login page (e.g., <server>/servicedesk/customer/portal/1/user/login).

This is problematic for us. Our users who land on the Service Desk provided login page are stuck; their accounts in JIRA do not have passwords set up, so they can never successfully login on this page.

Steps to reproduce expected behavior:

1. Configure JIRA to use a seraph-config.xml Seraph configuration that includes a value for the login.url parameter.
2. Be logged OUT of JIRA.
3. Browse to a secure page not provided by Service Desk, e.g., <server>/browse/DESK-2.
4. Notice that JIRA redirects you to the login page provided in the Seraph configuration

Steps to reproduce wrong behavior:

1. Configure JIRA to use a seraph-config.xml Seraph configuration that includes a value for the login.url parameter.
2. Be logged OUT of JIRA.
3. Browse to a secure page provided by Service Desk, e.g., <server>/servicedesk/customer/portal/1/DESK-2.
4. Notice that JIRA does not redirect you to the login page provided in the Seraph configuration

Attached, please find three screenshots:

A snippet of our seraph-config.xml file
Network activity when starting un-authenticated, going to a "standard" JIRA page, and having JIRA redirect the user according to the Seraph configuration
Network activity when starting un-authenticated, going to a Service Desk provided page, and having JIRA (wrongly) redirect the user – not to the Seraph specified location – but to a custom Service Desk login page

- - Sort By Name
  - Sort By Date
  - Ascending
  - Descending
  - Thumbnails
  - List

browse-to-issue-get-seraph-redirect.png
58 kB
30/Oct/2014 1:08 AM
browse-to-service-desk-NO-seraph-redirect.png
54 kB
30/Oct/2014 1:08 AM
seraph-config.png
22 kB
30/Oct/2014 1:08 AM

is related to

JSDSERVER-1551 You need to log in to Confluence to view Knowledge Base articles

Closed

JSDSERVER-1244 Create a Crowd SSO authenticator that will allow Customers to be authenticated from the local directory

Gathering Interest

JSDSERVER-1498 JIRA Service Desk Authentication Documentation

Gathering Interest

relates to

JSDCLOUD-1025 Service Desk login does NOT respect use of custom Seraph Authenticator

Closed

mentioned in: Page Failed to load; Page Loading...; Page Loading...; Page Loading...; Page Loading...

was cloned as: DESK-4248 Loading...; DESK-4418 Loading...

(4 mentioned in, 2 was cloned as)

Katherine Yabut made changes - 19/Sep/2019 5:56 AM

Workflow	Original: JAC Suggestion Workflow [ 3011907 ]	New: JAC Suggestion Workflow 3 [ 3650435 ]
Status	Original: RESOLVED [ 5 ]	New: Closed [ 6 ]

Owen made changes - 21/Nov/2018 5:43 AM

Workflow

Original: Confluence Workflow - Public Facing v4 [ 2665413 ]

New: JAC Suggestion Workflow [ 3011907 ]

Owen made changes - 27/Apr/2018 12:21 AM

Workflow	Original: JSD Suggestion Workflow - TEMP [ 2324125 ]	New: Confluence Workflow - Public Facing v4 [ 2665413 ]
Status	Original: Closed [ 6 ]	New: Resolved [ 5 ]

Matthew McMahon (Inactive) added a comment - 30/Aug/2017 1:57 AM

The way that it works for the customer portal, is to retrieve the link login url from the seraph config.

Having this, id it does not start with the standard JIRA value of /login.jsp? then it will perform a redirect to the configured value.

However if the url still begins with /login.jsp? then it assumes JIRA login is used, and will therefore redirect to the customer portal login.

Hope this helps, understand what might be occurring.

Matt

Matthew McMahon (Inactive) added a comment - 30/Aug/2017 1:57 AM The way that it works for the customer portal, is to retrieve the link login url from the seraph config. Having this, id it does not start with the standard JIRA value of /login.jsp? then it will perform a redirect to the configured value. However if the url still begins with /login.jsp? then it assumes JIRA login is used, and will therefore redirect to the customer portal login. Hope this helps, understand what might be occurring. Matt

Christopher Gronde added a comment - 29/Aug/2017 12:11 PM

If you see above there are other people that have mentioned this request/issue is NOT resolved. It has not been fixed. No matter what I am forced to the Customer Portal login prompt and not authenticating through seraph-config.xml I have searched ALL over here and answers.atlassian.com and NO WHERE does it mention how to fix this

Christopher Gronde added a comment - 29/Aug/2017 12:11 PM If you see above there are other people that have mentioned this request/issue is NOT resolved. It has not been fixed. No matter what I am forced to the Customer Portal login prompt and not authenticating through seraph-config.xml I have searched ALL over here and answers.atlassian.com and NO WHERE does it mention how to fix this

Matthew McMahon (Inactive) added a comment - 28/Aug/2017 10:38 PM

This has been fixed since 3.0.2 and will respect the seraph-config.xml.

If this is not your experience, I would recommend raising a support request to assist with investigations.

Regards
Matt

Matthew McMahon (Inactive) added a comment - 28/Aug/2017 10:38 PM This has been fixed since 3.0.2 and will respect the seraph-config.xml. If this is not your experience, I would recommend raising a support request to assist with investigations. Regards Matt

Christopher Gronde added a comment - 28/Aug/2017 1:53 PM

We also have a custom Seraph authenticator and this issue is preventing us from using JSD. This is over a year old and still nothing done about it. Is this still being considered/worked?

Christopher Gronde added a comment - 28/Aug/2017 1:53 PM We also have a custom Seraph authenticator and this issue is preventing us from using JSD. This is over a year old and still nothing done about it. Is this still being considered/worked?

Katherine Yabut made changes - 22/Jun/2017 5:54 AM

Workflow

Original: JSD Suggestion Workflow [ 2052900 ]

New: JSD Suggestion Workflow - TEMP [ 2324125 ]

Katherine Yabut made changes - 31/May/2017 12:29 AM

Workflow

Original: JSD Suggestion Workflow - TEMP [ 2049511 ]

New: JSD Suggestion Workflow [ 2052900 ]

Katherine Yabut made changes - 31/May/2017 12:26 AM

Workflow

Original: JSD Suggestion Workflow [ 1279724 ]

New: JSD Suggestion Workflow - TEMP [ 2049511 ]

Assignee:: Matthew McMahon (Inactive)

Reporter:: Adam Krouskop

Votes:: 24 Vote for this issue

Watchers:: 38 Start watching this issue

Created:: 30/Oct/2014 1:08 AM

Updated:: 19/Sep/2019 5:56 AM

Resolved:: 18/Nov/2015 9:41 AM

Jira Service Management Data Center

Details

Description

Attachments

Attachments

Issue Links

Forms

Activity

Collapse comment: Matthew McMahon (Inactive) added a comment - 30/Aug/2017 1:57 AM

Expand comment: Matthew McMahon (Inactive) added a comment - 30/Aug/2017 1:57 AM

Collapse comment: Christopher Gronde added a comment - 29/Aug/2017 12:11 PM

Expand comment: Christopher Gronde added a comment - 29/Aug/2017 12:11 PM

Collapse comment: Matthew McMahon (Inactive) added a comment - 28/Aug/2017 10:38 PM

Expand comment: Matthew McMahon (Inactive) added a comment - 28/Aug/2017 10:38 PM

Collapse comment: Christopher Gronde added a comment - 28/Aug/2017 1:53 PM

Expand comment: Christopher Gronde added a comment - 28/Aug/2017 1:53 PM

People

Dates

Backbone Issue Sync