Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Make it compatible with Jira 8 and other SAML apps #6

Open
wants to merge 4 commits into
base: master
Choose a base branch
from
Open

Make it compatible with Jira 8 and other SAML apps #6

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
602305f
Pull groups and email through from SAML properly
Feb 14, 2019
e426da5
Get email without using tostring (avoids []). Wrap member loop in a …
Feb 15, 2019
697d3cb
Quick fix for context path, fails due to null when there is no contex…
Mar 28, 2019
8062331
Update for Jira 8+ : don't use ComponentManager, use ComponentAccessor
May 29, 2019
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
32 changes: 29 additions & 3 deletions src/com/lastpass/jira/SAMLAuthenticator.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -34,7 +34,9 @@
import com.atlassian.jira.user.util.UserManager;
import com.atlassian.jira.event.user.UserEventType;
import com.atlassian.jira.component.ComponentAccessor;
import com.atlassian.jira.user.ApplicationUser;
import com.atlassian.jira.JiraException;
import com.atlassian.jira.security.groups.GroupManager;

import java.io.File;
import java.io.UnsupportedEncodingException;
Expand Down Expand Up @@ -174,10 +176,11 @@ public Principal getUser(HttpServletRequest request,
logger.debug("SAML user: " + username);

UserManager userManager = new ComponentAccessor().getUserManager();
GroupManager groupManager = new ComponentAccessor().getGroupManager();

if (userManager.getUserByName(username) == null) {

String email = username;
String email = aset.getAttributes().get("urn:oid:1.2.840.113549.1.9.1").get(0);
String fullname = username;

List<String> namelist = aset.getAttributes().get("Name");
Expand All @@ -186,15 +189,38 @@ public Principal getUser(HttpServletRequest request,

String password = generatePassword(20);

UserDetails details = new UserDetails(email, fullname)
.withPassword(password);
UserDetails details = new UserDetails(username, fullname)
.withPassword(password)
.withEmail(email);


try {
userManager.createUser(details);
} catch (JiraException e) {
logger.error("Unable to auto-create user", e);
return null;
}

ApplicationUser user;
com.atlassian.crowd.embedded.api.Group group;

try {user = userManager.getUserByName(username);}
catch (Exception e) {logger.error("Couldn't find user I just created" + username); return null; }

if (aset.getAttributes().get("member") != null ) {
for (String groupname : aset.getAttributes().get("member")) {
if ((group=groupManager.getGroup(groupname)) != null) {
try {
groupManager.addUserToGroup (user,group);
} catch (Exception e) {
logger.error("Unable to add " + username + " to group " + groupname + " because " + e);
}
} else {
logger.error("Unable to add " + username + " to missing group " + groupname );
}
}
}

}

Principal p = userManager.getUserByName(username);
Expand Down
4 changes: 2 additions & 2 deletions web/saml_acs.jsp
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -16,14 +16,14 @@
-- Copyright (c) 2014 LastPass, Inc.
--
--%>
<%@ page import="com.atlassian.jira.ComponentManager" %>
<%@ page import="com.atlassian.jira.component.ComponentAccessor" %>
<%@ page import="com.atlassian.jira.security.JiraAuthenticationContext" %>
<%
// this page is where SAML authentication returns.
// if auth is successful, user is added to session and
// we redirect to the url in RelayState. Otherwise, we
// display an error page.
final JiraAuthenticationContext jiraAuthenticationContext = ComponentManager.getComponentInstanceOfType(JiraAuthenticationContext.class);
final JiraAuthenticationContext jiraAuthenticationContext = ComponentAccessor.getJiraAuthenticationContext();

// verify SAMLResponse
if (jiraAuthenticationContext.getLoggedInUser() != null) {
Expand Down
3 changes: 2 additions & 1 deletion web/saml_login.jsp
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -17,12 +17,13 @@
--
--%>
<%@ page import="com.lastpass.jira.SAMLAuthenticator" %>
<% String context = request.getContextPath(); %>
<%
// This page is accessed to initiate SAML login when getUser() in the
// authenticator returns null and there is no SAMLResponse being processed.
// JIRA will go here when we click on a login link (based on seraph config).
//
// We generate an authnrequest and then redirect to the IdP.
String url = new SAMLAuthenticator().getRedirectUrl(request.getParameter("os_destination"));
String url = new SAMLAuthenticator().getRedirectUrl(context + request.getParameter("os_destination"));
response.sendRedirect(response.encodeRedirectURL(url));
%>