Skip to content

UW-Madison-DoIT/jiraRemoteUserAuth

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

23 Commits
conf
conf
 
 
releases
releases
 
 
src
src
 
 
.gitignore
.gitignore
 
 
DEVELOPERS
DEVELOPERS
 
 
INSTALL
INSTALL
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
build.sh
build.sh
 
 
deploy.sh
deploy.sh
 
 
mk.sh
mk.sh
 
 
pom.xml
pom.xml
 
 

Repository files navigation

README for Shibboleth Authenticator for Jira 7.x

Main page at: https://github.com/UW-Madison-DoIT/jiraRemoteUserAuth

This is a port of the Shibboleth Authenticator for Confluence documentated at: https://studio.plugins.atlassian.com/wiki/display/SHBL/Confluence+Shibboleth+Authenticator

Compilation (using Atlassian Plugin SDK)

run "atlas-clean", then "atlas-compile", then "atlas-package"

Shibboleth Deployment

  1. copy the target/jiraRemoteUserAuth-x.x.x.jar to your edit-webapp/WEB-INF/lib

  2. copy jiraRemoteUserAuthenticator.properties to edit-webapp/WEB-INF/classes and configure to your needs

  3. modify seraph-config.xml in your jira/WEB-INF/classes accordingly. Below shows that login.url has been modified to point to WAYF (or could be your IdP) directly; Logout url points to the server's location of Shibboleth SSO (we use SERVER, change it to whatever your server which hosted jira); have a look at your shibboleth.xml for some entry details... standard jira authenticator has been changed to our JiraWebServerAuthenticator

    login.url https://SERVER/Shibboleth.sso/XXX?target=/jira/secure/Dashboard.jspa?os_destination=${originalurl}

    link.login.url https://SERVER/Shibboleth.sso/XXX?target=/jira/secure/Dashboard.jspa?os_destination=${originalurl}

    link.logout.url https://SERVER/Shibboleth.sso/Logout?return=/jira/secure/Logout!default.jspa

    logout.url https://SERVER/Shibboleth.sso/Logout?return=/jira/secure/Logout!default.jspa

  4. configure your SP AAP.xml or attribute-map.xml by mapping appropriate headers (pay attention to step #2).

    Most likely headers you need:

    • REMOTE_USER
    • FULL_NAME
    • EMAIL
    • whatever dynamic roles' headers

  5. modification on apache's configuration

a) configure mod_proxy_ajp

ProxyPass /jira ajp://localhost:8009/jira
<Proxy ajp://localhost:8009/jira>
  Order deny,allow
  Allow from all
</Proxy>

b) export headers, and protect jira with shib lazy session

 <Location /jira>
    AuthType shibboleth
    ShibRequireSession Off
    ShibUseHeaders On
    require shibboleth
 </Location>

or regular session

 <Location /jira>
    AuthType shibboleth
    ShibRequireSession On
    ShibUseHeaders On
    require shibboleth
 </Location>
  1. modify tomcat's server.xml entry to include (find where port 8009 and copy it into below). if you're using tomcat5.5 or above, you may want to put tomcatAuthentication="false" entry and strip the "request." section. This has changed in recent tomcat, refer to your tomcat manual for detail.

  1. restart tomcat and try to click on the login link

About

No description, website, or topics provided.

Resources

Readme

License

View license
Activity
Custom properties

Stars

13 stars

Watchers

11 watching

Forks

3 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages