Ability to login VS Code plugin with Custom Jira Site through third-party authentication provider

Comments (17)

1. 

   Jesus Martinez Fernandez reporter

   • edited description

   • 2019-10-07T11:01:05+00:00
2. 

   Jonathan Doklovic Account Deactivated

   @Jesus Martinez Fernandez The issue is that Jira still maintains it’s own internal password database even with SAML auth.

   The fix is to use the “Can’t log in?” link on that login screen to set a password inside of jira. This will be separate from your SAML provider’s password. Once you set it, you can use it when logging in via the extension,

   • 2019-10-07T14:33:20+00:00
3. 

   Jesus Martinez Fernandez reporter

   Thanks @{557057:3695b794-cde3-43a2-99aa-c0fc6151b754} for your suggestion, but I’m still not able to log in.

   I’ve set a new password as you said and tried using both https://jira.atlassian.com and my company custom domain as the Jira site to add, but none of them worked. With the Atlassian url I get the message “Error authenticating with Jira: Error: Request failed with status code 401”, with my company I got the same message but with status code 403.

   • 2019-10-08T06:59:36+00:00
4. 

   Jonathan Doklovic Account Deactivated

   So, let’s stick with one scenario. Can you go https://jira.atlassian.com in your web browser and click on the “Access Your Jira Site” button. That should either take you to a start page that lists your available products or maybe directly to your jira. In either case, can you find the url of the Jira listed on the start page or in your browser location? Then use that url to login with the extension?

   • 2019-10-08T15:53:58+00:00
5. 

   Jesus Martinez Fernandez reporter

   When I go to https://jira.atlassian.com and click on “Access Your Jira Site” I’m asked to login into Jira:

   ‌

   I can either login through the “Log in with Google” button (which is the way I use with my custom Jira Site) or with normal credentials, in which case I can use my google address with the password I generated by clicking on the “Can’t log in?” link. Both options lead me to the same screen where the url is start.atlassian.com:

   ‌

   I had a look to the different sections, but I didn’t find Jira urls listed anywhere. Is there anything that I missed?

   ‌

   • 2019-10-09T07:15:09+00:00
6. 

   Jonathan Doklovic Account Deactivated

   @Jesus Martinez Fernandez Thanks for the screenshots! What’s weird is that start.atlassian.com does not list Jira as an available product. Is there a different way you normally get to the Jira web interface?

   If you can get to your Jira web interface and let me know what the domain is in the browsers address bar (form say an issue view page) that would be helpful.

   • 2019-10-09T15:09:02+00:00
7. 

   Jesus Martinez Fernandez reporter

   You’re welcome @{557057:3695b794-cde3-43a2-99aa-c0fc6151b754} .

   Our custom domain is http://jira.dev.financialforce.com and that’s the url I use to access to the Jira web interface which looks like this:

   ‌

   • 2019-10-09T15:35:50+00:00
8. 

   Pramod Busam Account Deactivated

   @Jesus Martinez Fernandez There are a couple of cURL commands in https://developer.atlassian.com/server/jira/platform/basic-authentication/. That is effectively what the extension is doing. Could you try those out and let us know if that works or if you still see 401 or 403 errors?

   • 2019-10-09T15:45:54+00:00
9. 

   Jonathan Doklovic Account Deactivated

   @Jesus Martinez Fernandez Is that the domain you use when trying to auth with the extension? Using that domain and the password you set during the password reset flow in theory should work, although it’s still unclear to me which login is which and which app passowrd reset you need to use.

   If you go to your profile page in that Jira instance, does it give you an option to set/reset your password. (within jira, not from the login screen)

   • 2019-10-09T17:09:06+00:00
10. 

    Jesus Martinez Fernandez reporter

    @{557058:a30b5736-f3cf-41d7-aad0-99c9ffac78ce} I tried using:

    curl -u user:password -X GET -H “Content-Type: application/json” https://jira.dev.financialforce.com/rest/api/2/issue/createmeta

    and

    curl -H "Authorization: Basic user:password(encoded to base64)" -X GET -H “Content-Type: application/json” https://jira.dev.financialforce.com/rest/api/2/issue/createmeta

    but I got Forbidden (403) as response with both requests.

    @{557057:3695b794-cde3-43a2-99aa-c0fc6151b754} I tried using both https://jira.dev.financialforce.com and https://jira.atlassian.com to connect with the extension with my Google account password and the password I got after clicking on “Can’t log in?”. I also tried reseting my password from this screen:

    ‌

    ‌

    but I still could not log in. Could it be that I need a token to connect? It seems I can create API tokens from my Atlassian account:

    ‌

    ‌

    however if that’s the case, I’m not sure how I could pass it to the extension.

    • 2019-10-10T14:32:31+00:00
11. 

    Jonathan Doklovic Account Deactivated

    @Jesus Martinez Fernandez Using an API token is worth a try.To use it, you just generate the token and then use the token in the password field instead of your password. Your username stays the same.

    • 2019-10-10T14:38:39+00:00
12. 

    Jesus Martinez Fernandez reporter

    I tried with an API token, but I’m still getting 401 if I use https://jira.atlassian.com or 403 with https://jira.dev.financialforce.com.

    • 2019-10-10T15:37:34+00:00
13. 

    Jonathan Doklovic Account Deactivated

    @Jesus Martinez Fernandez Just a shot in the dark, but if you go to your profile details on jira.dev.financialforce.com what does it have as your username? Is it your email or something else?

    • 2019-10-10T15:46:53+00:00
14. 

    Jesus Martinez Fernandez reporter

    @{557057:3695b794-cde3-43a2-99aa-c0fc6151b754} this is part of my profile information:

    ‌

    The username is my company email address, which is the one I use to log in to Jira. I tried changing the password there with the one I normally use to log in (the one from my Google account) and the one I created after clicking on the “Can’t log in?” link, but none of them was recognized as the password associated to my account:

    ‌

    • 2019-10-11T10:56:58+00:00
15. 

    Jonathan Doklovic Account Deactivated

    @Jesus Martinez Fernandez Ok, I think it’s a chicken and egg scenario. Basically, Jira keeps it’s own internal passowrd database even if you’re using SAML for authentication. Usually, you can get a password setup if you use the “can’t login link” from the Jira login page and it will let you set a password for the internal Jira database. In some cases (like yours) I’ve noticed that the “can’t login link” doesn’t work and therefore you don’t have a password set internally in Jira. Then, when you try to change the password from inside of Jira, it’s essentially impossible because it requires you to enter the current password (which isn’t set) and doesn’t allow a blank value.

    At this point, my best suggestion would be to contact your Jira administrator and ask them to use the User Management screen inside of Jira to set a password for your user. This will just set the internal Jira password which will then let you login with it and change it from the screen above.

    ‌

    • 2019-10-11T14:19:01+00:00
16. 

    Jesus Martinez Fernandez reporter

    @{557057:3695b794-cde3-43a2-99aa-c0fc6151b754} after some discussions with the DevOps team they created a ticket to see if it’d be possible to add SSO as authentication method (https://bitbucket.org/atlassianlabs/atlascode/issues/237/allow-saml-sso-as-authentication-method). I’m going to mark this one as resolved to avoid duplication, thanks a lot for your time and help!

    ‌

    • 2019-10-14T11:00:42+00:00
17. 

    Jesus Martinez Fernandez reporter

    • changed status to resolved

    New issue created -> https://bitbucket.org/atlassianlabs/atlascode/issues/237/allow-saml-sso-as-authentication-method

    • 2019-10-14T11:01:28+00:00
18. Log in to comment