Atlassian Jira Single-Sign-On via CAS
Troy Davis
troy at nack.net
Sat May 12 18:13:54 EDT 2007
Hi Unai,
I've got JIRA 3.7.x (Seraph) using CAS. It's an extension to
DefaultAuthenticator that is applied per
http://confluence.atlassian.com/display/DEV/Single+Sign-on+Integration+with+JIRA+and+Confluence
I wrote this one myself, but that page has a new link to a more mature
JIRA (Seraph auth API) SSO extension. Use it instead. They both extend
DefaultAuthenticator.
Notes:
- Anonymous access: by default, JIRA will redirect to the login page
rather than allow anonymous access. There is no way for a
DefaultAuthenticator to tell Seraph to let the user in without
authentication. Workaround: Recompile Seraph with a one-line change to
SecurityFilter.java so that it doesn't redirect to the login page when
JIRA's login.url is empty.
- RPC: the RPC plugin (/rpc/* by default) doesn't interact with Seraph
extensions. RPC still uses the JIRA internal user DB.
- Users and permissions still exist in JIRA. The CAS glue handles
authentication, not authorization.
Hope this helps,
Troy
More information about the cas
mailing list