Uploaded image for project: 'Jira Service Management Data Center'
  1. Jira Service Management Data Center
  2. JSDSERVER-1025

Service Desk login does NOT respect use of custom Seraph Authenticator

    • We collect Jira Service Desk feedback from various sources, and we evaluate what we've collected when planning our product roadmap. To understand how this piece of feedback will be reviewed, see our Implementation of New Features Policy.

      NOTE: This suggestion is for JIRA Service Desk Server. Using JIRA Service Desk Cloud? See the corresponding suggestion.

      We use a custom Seraph authenticator / Seraph config to authenticate users against an external Single Sign On process to log in to our JIRA instance.

      Standard pages within JIRA (e.g., browsing to a specific issue) correctly respect the Seraph config and redirect unauthenticated users according to the Seraph login.url1 parameter.

      Service Desk does not respect this parameter, and instead, prompts unauthenticated users to log in via it's own custom login page (e.g., <server>/servicedesk/customer/portal/1/user/login).

      This is problematic for us. Our users who land on the Service Desk provided login page are stuck; their accounts in JIRA do not have passwords set up, so they can never successfully login on this page.


      Steps to reproduce expected behavior:

      1. Configure JIRA to use a seraph-config.xml Seraph configuration that includes a value for the login.url parameter.
      2. Be logged OUT of JIRA.
      3. Browse to a secure page not provided by Service Desk, e.g., <server>/browse/DESK-2.
      4. Notice that JIRA redirects you to the login page provided in the Seraph configuration

      Steps to reproduce wrong behavior:

      1. Configure JIRA to use a seraph-config.xml Seraph configuration that includes a value for the login.url parameter.
      2. Be logged OUT of JIRA.
      3. Browse to a secure page provided by Service Desk, e.g., <server>/servicedesk/customer/portal/1/DESK-2.
      4. Notice that JIRA does not redirect you to the login page provided in the Seraph configuration


      Attached, please find three screenshots:

      • A snippet of our seraph-config.xml file
      • Network activity when starting un-authenticated, going to a "standard" JIRA page, and having JIRA redirect the user according to the Seraph configuration
      • Network activity when starting un-authenticated, going to a Service Desk provided page, and having JIRA (wrongly) redirect the user – not to the Seraph specified location – but to a custom Service Desk login page

            [JSDSERVER-1025] Service Desk login does NOT respect use of custom Seraph Authenticator

            Katherine Yabut made changes -
            Workflow Original: JAC Suggestion Workflow [ 3011907 ] New: JAC Suggestion Workflow 3 [ 3650435 ]
            Status Original: RESOLVED [ 5 ] New: Closed [ 6 ]
            Owen made changes -
            Workflow Original: Confluence Workflow - Public Facing v4 [ 2665413 ] New: JAC Suggestion Workflow [ 3011907 ]
            Owen made changes -
            Workflow Original: JSD Suggestion Workflow - TEMP [ 2324125 ] New: Confluence Workflow - Public Facing v4 [ 2665413 ]
            Status Original: Closed [ 6 ] New: Resolved [ 5 ]

            The way that it works for the customer portal, is to retrieve the link login url from the seraph config.

            Having this, id it does not start with the standard JIRA value of /login.jsp? then it will perform a redirect to the configured value.

            However if the url still begins with /login.jsp? then it assumes JIRA login is used, and will therefore redirect to the customer portal login.

            Hope this helps, understand what might be occurring.

            Matt

            Matthew McMahon (Inactive) added a comment - The way that it works for the customer portal, is to retrieve the link login url from the seraph config. Having this, id it does not start with the standard JIRA value of /login.jsp? then it will perform a redirect to the configured value. However if the url still begins with /login.jsp? then it assumes JIRA login is used, and will therefore redirect to the customer portal login. Hope this helps, understand what might be occurring. Matt

            If you see above there are other people that have mentioned this request/issue is NOT resolved. It has not been fixed. No matter what I am forced to the Customer Portal login prompt and not authenticating through seraph-config.xml I have searched ALL over here and answers.atlassian.com and NO WHERE does it mention how to fix this

            Christopher Gronde added a comment - If you see above there are other people that have mentioned this request/issue is NOT resolved. It has not been fixed. No matter what I am forced to the Customer Portal login prompt and not authenticating through seraph-config.xml I have searched ALL over here and answers.atlassian.com and NO WHERE does it mention how to fix this

            This has been fixed since 3.0.2 and will respect the seraph-config.xml.

            If this is not your experience, I would recommend raising a support request to assist with investigations.

            Regards
            Matt

            Matthew McMahon (Inactive) added a comment - This has been fixed since 3.0.2 and will respect the seraph-config.xml. If this is not your experience, I would recommend raising a support request to assist with investigations. Regards Matt

            We also have a custom Seraph authenticator and this issue is preventing us from using JSD. This is over a year old and still nothing done about it. Is this still being considered/worked?

            Christopher Gronde added a comment - We also have a custom Seraph authenticator and this issue is preventing us from using JSD. This is over a year old and still nothing done about it. Is this still being considered/worked?
            Katherine Yabut made changes -
            Workflow Original: JSD Suggestion Workflow [ 2052900 ] New: JSD Suggestion Workflow - TEMP [ 2324125 ]
            Katherine Yabut made changes -
            Workflow Original: JSD Suggestion Workflow - TEMP [ 2049511 ] New: JSD Suggestion Workflow [ 2052900 ]
            Katherine Yabut made changes -
            Workflow Original: JSD Suggestion Workflow [ 1279724 ] New: JSD Suggestion Workflow - TEMP [ 2049511 ]

              mmcmahon Matthew McMahon (Inactive)
              4a5c06810f17 Adam Krouskop
              Votes:
              24 Vote for this issue
              Watchers:
              38 Start watching this issue

                Created:
                Updated:
                Resolved: