Wednesday, March 8, 2017

Integrate OpenAM 13.5 with Atlassian Jira 7.3 - Part 2

So I dumped OpenAM ClientSDK and decided to go the RESTful way. It turns out to be fairly easy.



References:

  1. Single Sign-on Integration with the Atlassian stack
  2. HTTP authentication with Seraph
  3. Sample code - OpenSsoAuthenticator.java 


Step 1: Extend OpenAMAuthenticator from JiraSeraphAuthenticator

I took reference from OpenSsoAuthenticator.java.

In public Principal getUser(HttpServletRequest request, HttpServletResponse response), there is this line that attempts to retrieve a user name.

String username = obtainUsername(request);


I removed all other methods in the class and replace the method obtainUsername(HttpServletRequest request) with the following:



Step 2: Copy JSON library (json-20090211.jar) to JIRA library directory
(As we are using RESTful calls to OpenAM to validate user's session, the response from OpenAM is in JSON format. Thus the need for the JSON library)

[azlabs@sg-jira ~]$ cp json-20090211.jar /appl/jira/jira/atlassian-jira/WEB-INF/lib/


Step 3: Extend log4j.properties
(If this is not configured, the logging will not be output to JIRA logging system - catalina.out)

[azlabs@sg-jira classes]$ vi log4j.properties
< # AZLABS
< log4j.logger.sg.azlabs.openam.jira.seraph.OpenAMAuthenticator = INFO, console, filelog
< log4j.additivity.sg.azlabs.openam.jira.seraph.OpenAMAuthenticator = false
< # EOF - AZLABS


Step 4: Edit seraph-config.xml to redirect to OpenAM Login/Logout pages

(This is where the iPlanetDirectoryPro cookie will be generated on user's browser after OpenAM Login authentication)

[azlabs@sg-jira ~]$ cd /appl/jira/jira/atlassian-jira/WEB-INF/classes
[azlabs@sg-jira classes]$ cp seraph-config.xml seraph-config.xml.20170308
[azlabs@sg-jira classes]$ vi seraph-config.xml














Step 5: Hide default Login gadget from JIRA login page
(The SSO with OpenAM only happens when a user clicks on the Login hyperlink. Keying in user name and password via the Login gadget should be removed to avoid confusion)

[azlabs@sg-jira ~]$ cd /appl/jira/jira-home
[azlabs@sg-jira jira-home]$ touch jira-config.properties
jira.disable.login.gadget=true

Step 6: Restart JIRA


We are done!


.





3 comments:

  1. Hello,

    I didnt understand your Json request.
    How did you call it, please?

    I have the same issue in how to communicate Jira and OpenAM.

    Thank you

    ReplyDelete
  2. Hi, please, where did you get HttpPostConnection from? Which library should i import to be able to use it this way? Thanks. Petr

    ReplyDelete
  3. https://github.com/AzimuthLabs/utilities/blob/master/HttpPostConnection.java

    ReplyDelete