Jira/BB server authentication does not use client certificates

Issue #360 open
Grzegorz Skołyszewski created an issue

Hi,

There’s an option to configure client certificates as an authentication material for authenticating against Server/DC instances of Jira/Bitbucket. Using that option, I configure custom site, specify address and (unnecessary) u/p, then select .pfx and provide path as well as certificate import password. Then, according to curl debugging, the certificate is not used at all, e.g.

[2020-02-18 13:54:53:940] curl -X GET -H "X-Atlassian-Token:no-check" -H "x-atlassian-force-account-id:true" -H "Content-Type:application/json" -H "Authorization:Basic <REDACTED>" "https://<REDACTED>/jira/rest/api/2/myself"

This means that the mutual TLS auth feature is completely unusable right now, so marked this issue as a blocker.

Additionally - User/Password should not be required if using pfx client certificate (as this is a common practice to use certificate-based auth only and not require basic auth on top of that)

My OS - MacOS.

Comments (3)

  1. Gregory Star Account Deactivated

    What version of Atlascode are you running? In recent versions we made some changes that may address these concerns.

  2. Grzegorz Skołyszewski reporter

    I have the latest version, 2.4.2, and there’s no improvement. (not sure which version I was checking that on yesterday)

    The error I am seeing is

    The curl commands work only after I use -E $USER (which uses the certs from the Keychain, available for curl compiled with SecureTransport)

  3. Log in to comment