Allow SAML SSO as authentication method

Issue #237 on hold
Nestor Rodriguez created an issue

Hi Atlassian team!

We are trying this plugin and it seems a good one. There is one problem, the developers in our company don’t have the password of their users because we use SSO as authentication method. Right now, the plugin allows to connect to a Jira Server instance but only using username/password. Is SAML SSO authentication method something you have in your backlog? If not, are you planning to add it?

Thanks!

Official response

Comments (11)

  1. Alastair Wilkes Account Deactivated

    Hi Nestor,

    This is high on our priority list, but we do not have a resolution yet.

    Thanks,
    Alastair

  2. Alastair Wilkes Account Deactivated

    We'll keep looking into other options, but the preferred and simplest solution is unfortunately blocked by the lack of app passwords/API tokens for Jira, as noted in this open feature request: https://jira.atlassian.com/browse/JRASERVER-67869

    As a result, I am putting this ticket "On Hold." My apologies to those of you who can't take advantage of the extension yet.

  3. Michael Metcalf

    Hey @{557057:7250f3ea-2983-4778-a8cd-e1e2fe1d17ae} ,

    If I may add here, we use SSO against the Jira Server in our organization (along with a fair amount of VSCode users 🙂), and across systems ideally we try to discourage folks from creating long-lived/unattributed user centric API tokens or bypassing SSO in the initial token mint (i.e ?auth_fallback is a thing)

    For Jira specifically there have been scenarios where we have build internal tooling/clients that perform the currently supported Connected Apps OAuth (1.0a) flow in Jira Server. Its not great from a development experience, but our users gain the ability to discern/revoke api clients/tokens more clearly in the event they lose their machine or the token, etc.

    I can appreciate that this most likely a non-inconsequential level of effort to support this, however perhaps its worth supporting this in the name of better user security, or alternatively push on the JRASERVER team to support OAuth2 in a fashion more aligned with what is implemented in Jira Cloud. (As opposed to the User Centric token proposal in JRASERVER-67869)

    Cheers,
    Michael

  4. Alastair Wilkes Account Deactivated

    Hi Michael,

    Thanks for the feedback and suggestions!

    I totally agree that a proper OAuth flow is the best long-term solution. We evaluated using the existing OAuth flow but felt it wasn’t appropriate for our use case given the complicated admin setup requirements. We may revisit that decision at a later time, but right now we’re focused on other priorities.

    However, your suggestion to advocate for OAuth2 on the Server side is a good one, and I will engage that team for discussion.

    Best,
    Alastair

  5. Rudy Dullier

    Just found that issue while trying the extension.

    So the issue is on hold and the account of Alastair is deactivated.

    Great 🙂

  6. Jonathan Doklovic

    @Rudy Dullier This issue was put on hold due to the lack of options to move forward. We will continue to look for ways around this issue.

  7. Log in to comment