dosubot[bot] commented on issue #8704: URL: https://github.com/apache/incubator-devlake/issues/8704#issuecomment-3870683411
<!-- Answer --> This happens because DevLake’s Jira plugin doesn’t handle SSO/SAML authentication flows—specifically, it doesn’t manage cookies between redirects. When Jira is behind SSO, DevLake’s API client sends the PAT, but if Jira responds with a redirect to an SSO login page, DevLake doesn’t keep the session cookies, so it ends up getting an HTML page instead of JSON, which causes the parsing error you saw. In contrast, curl preserves cookies and follows redirects in a single session, so the SSO flow completes and you get the expected JSON response [source](https://github.com/apache/incubator-devlake/blob/2c15ad880dce830c6512fa58039527cbf4745b8b/backend/helpers/pluginhelper/api/api_client.go#L73-L435). There’s no built-in workaround in DevLake for this. If possible, ask your Jira/SSO admin if API access with PATs can bypass SSO (sometimes there’s a special endpoint or network rule for this), or consider using a reverse proxy that handles SSO and presents a standard API to DevLake. If that’s not feasible, this is a current limitation of DevLake’s Jira integration with SSO/SAML [source](https://github.com/apache/incubator-devlake/blob/2c15ad880dce830c6512fa58039527cbf4745b8b/backend/plugins/jira/models/connection.go#L40-L98). <!-- Dosu Comment Footer --> *To reply, just mention [@dosu](https://go.dosu.dev/dosubot).* --- <sup>How did I do? [Good](https://app.dosu.dev/response-feedback/0352b4ae-84a9-422d-9fb7-5d983d69a7ac?feedback_type=great_response) | [Irrelevant](https://app.dosu.dev/response-feedback/0352b4ae-84a9-422d-9fb7-5d983d69a7ac?feedback_type=irrelevant_answer) | [Incorrect](https://app.dosu.dev/response-feedback/0352b4ae-84a9-422d-9fb7-5d983d69a7ac?feedback_type=incorrect_sources) | [Verbose](https://app.dosu.dev/response-feedback/0352b4ae-84a9-422d-9fb7-5d983d69a7ac?feedback_type=too_verbose) | [Hallucination](https://app.dosu.dev/response-feedback/0352b4ae-84a9-422d-9fb7-5d983d69a7ac?feedback_type=hallucination) | [Report 🐛](https://app.dosu.dev/response-feedback/0352b4ae-84a9-422d-9fb7-5d983d69a7ac?feedback_type=bug_report) | [Other](https://app.dosu.dev/response-feedback/0352b4ae-84a9-422d-9fb7-5d983d69a7ac?feedback_type=other)</sup> [](https://app.dosu.dev/b4e8e847-d479-4541-83a8-d88d83fea5c9/ask?utm_source=github) [](https://cursor.com/link/prompt?text=This%20happens%20because%20DevLake%E2%80%99s%20Jira%20plugin%20doesn%E2%80%99t%20handle%20SSO/SAML%20authentication%20flows%E2%80%94specifically%2C%20it%20doesn%E2%80%99t%20manage%20cookies%20between%20redirects.%20When%20Jira%20is%20behind%20SSO%2C%20DevLake%E2%80%99s%20API%20client%20sends%20the%20PAT%2C%20but%20if%20Jira%20responds%20with%20a%20redirect%20to%20an%20SSO%20login%20page%2C%20DevLake%20doesn%E2%80%99t%20keep%20the%20session%20cookies%2C%20so%20it%20ends%20up%20getting%20an%20HTML%20page%20instead%20of%20JSON%2C%20which%20causes%20the%20parsing%20error%20you%20saw.%20In%20contrast%2C%20curl%20preserves%20cookies%20and%20follows%20redirects%20in%20a%20single%20session%2C%20so%20the%20SSO%20flow%20completes%20and%20you%20get%20the%20ex pected%20JSON%20response%20%5Bsource%5D%28https%3A//github.com/apache/incubator-devlake/blob/2c15ad880dce830c6512fa58039527cbf4745b8b/backend/helpers/pluginhelper/api/api_client.go%23L73-L435%29.%0A%0AThere%E2%80%99s%20no%20built-in%20workaround%20in%20DevLake%20for%20this.%20If%20possible%2C%20ask%20your%20Jira/SSO%20admin%20if%20API%20access%20with%20PATs%20can%20bypass%20SSO%20%28sometimes%20there%E2%80%99s%20a%20special%20endpoint%20or%20network%20rule%20for%20this%29%2C%20or%20consider%20using%20a%20reverse%20proxy%20that%20handles%20SSO%20and%20presents%20a%20standard%20API%20to%20DevLake.%20If%20that%E2%80%99s%20not%20feasible%2C%20this%20is%20a%20current%20limitation%20of%20DevLake%E2%80%99s%20Jira%20integration%20with%20SSO/SAML%20%5Bsource%5D%28https%3A//github.com/apache/incubator-devlake/blob/2c15ad880dce830c6512fa58039527cbf4745b8b/backend/plugins/jira/models/connection.go%23L40-L98%29.) [](https://go.dosu.dev/discord-bot) [](https://twitter.com/intent/tweet?text=%40dosu_ai%20helped%20me%20solve%20this%20issue!&url=https%3A//github.com/apache/incubator-devlake/issues/8704) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
