Re: [cas-user] CAS for Jira 7
Hey Ashis, did you solve this issue? I'm facing the same problem right now. Could you may share the configs needed to fix this issue? Thanks in advance! Am Mittwoch, 25. Oktober 2017 09:30:55 UTC+2 schrieb Ashis: > > Micheal can you please help.. > > I have integrated CAS with JIRA. But when I open jira, user redirected > to /secure/Dashboard.jspa which has jira login page, On clicking login from > top right corner, cas page is opening and after successful logged in user > is redirected back to CAS but again i see JIRA login page and user not > logged in? > > Have you also faced this issue? > > > I have also checked > http://www.ascendintegrated.com/integrating-jira-sso-using-cas/ but no > success in integration > > On Monday, October 2, 2017 at 12:24:07 AM UTC+5:30, Michael Brown wrote: >> >> Also, I found a workaround for the Login gadget appearing at times. You >> can simply hide it: >> https://confluence.atlassian.com/jirakb/howto-hide-the-login-gadget-from-the-system-dashboard-in-jira-5-1-305037906.html >> >> Mike >> >> On Saturday, September 30, 2017 at 4:47:44 PM UTC-4, Michael Brown wrote: >>> >>> Hi Marco, We are experience the same issues with the CAS integration as >>> well. >>> >>> We did put together some instructions on modifying / updating the >>> seraph-config.xml and web.xml files, and you can download the .JAR files we >>> used here: >>> https://bitbucket.org/mbrown_ascend/jira-cas-integration/downloads/. >>> Although I'm not sure how to fix those issues other than adding "/*" >>> instead of default.jsp in the filter mapping for the >>> CasSingleSignOutFilter, >>> CasAuthenticationFilter, and CasValidationFilter. >>> >>> By adding /* though, it breaks the Dashboard all over again and the _MSG >>> error appear. >>> >>> Hope this helps a little, but we are also experiencing the same issue. >>> >>> Mike >>> >>> On Thursday, April 27, 2017 at 5:09:59 AM UTC-4, Marco Osorio wrote: Hello, I have a problem with jira + cas authentication. I've followed the setup instructions that come up with two things. 1. In the web.xml configuration, if I comment the CasValidationFilter filter, JIRA v7.3.1 starts correctly if errors. When authentic with CAS takes me to the DashBoard but the login widget keeps appearing without content and does not allow me to visualize anything else, as if I was waiting to validate the login. 2. If I activate the CasValidationFilter filter, when authenticating with CAS, it generates a double ticket validation error with this trace: Org.jasig.cas.client.validation.TicketValidationException: Ticket 'ST-380-eMVDywffQFkJ0W6DYY5f-DVMAPL207' not recognized The versions of cas-client-core-3.2.1.jar and cas-client-integration-atlassian-3.4.2.jar libraries Is there any missing configuration changes to avoid this double ticket validation? Thank you El viernes, 9 de diciembre de 2016, 23:04:05 (UTC+1), Jason Hitt escribió: > > I've created a pull request for a new Jira7CasAuthenticator at > https://github.com/apereo/java-cas-client/pull/197 > > There is example seraph-config.xml code in the comment. Using this > authenticator, you do not need any servlet filter updates in web.xml to > get > SSO. > > If you want single sign-out support you should still include those > filters and handlers. > If you want transparent SSO at your default URL (instead of seeing the > login page and having to click 'Login'), use the CasAuthenticationFilter > i > listed previously, but change the filter mapping from /* to /default.jsp. > > This configuration is working 100% with JIRA 7 for us on our test > server. > -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/35af4393-c42f-4b19-ab80-7634ff768302%40apereo.org.
Re: [cas-user] CAS for Jira 7
Micheal can you please help.. I have integrated CAS with JIRA. But when I open jira, user redirected to /secure/Dashboard.jspa which has jira login page, On clicking login from top right corner, cas page is opening and after successful logged in user is redirected back to CAS but again i see JIRA login page and user not logged in? Have you also faced this issue? I have also checked http://www.ascendintegrated.com/integrating-jira-sso-using-cas/ but no success in integration On Monday, October 2, 2017 at 12:24:07 AM UTC+5:30, Michael Brown wrote: > > Also, I found a workaround for the Login gadget appearing at times. You > can simply hide it: > https://confluence.atlassian.com/jirakb/howto-hide-the-login-gadget-from-the-system-dashboard-in-jira-5-1-305037906.html > > Mike > > On Saturday, September 30, 2017 at 4:47:44 PM UTC-4, Michael Brown wrote: >> >> Hi Marco, We are experience the same issues with the CAS integration as >> well. >> >> We did put together some instructions on modifying / updating the >> seraph-config.xml and web.xml files, and you can download the .JAR files we >> used here: >> https://bitbucket.org/mbrown_ascend/jira-cas-integration/downloads/. >> Although I'm not sure how to fix those issues other than adding "/*" >> instead of default.jsp in the filter mapping for the CasSingleSignOutFilter, >> CasAuthenticationFilter, and CasValidationFilter. >> >> By adding /* though, it breaks the Dashboard all over again and the _MSG >> error appear. >> >> Hope this helps a little, but we are also experiencing the same issue. >> >> Mike >> >> On Thursday, April 27, 2017 at 5:09:59 AM UTC-4, Marco Osorio wrote: >>> >>> Hello, >>> I have a problem with jira + cas authentication. I've followed the setup >>> instructions that come up with two things. >>> 1. In the web.xml configuration, if I comment the CasValidationFilter >>> filter, JIRA v7.3.1 starts correctly if errors. When authentic with CAS >>> takes me to the DashBoard but the login widget keeps appearing without >>> content and does not allow me to visualize anything else, as if I was >>> waiting to validate the login. >>> 2. If I activate the CasValidationFilter filter, when authenticating >>> with CAS, it generates a double ticket validation error with this trace: >>> Org.jasig.cas.client.validation.TicketValidationException: >>> Ticket 'ST-380-eMVDywffQFkJ0W6DYY5f-DVMAPL207' not >>> recognized >>> The versions of cas-client-core-3.2.1.jar and >>> cas-client-integration-atlassian-3.4.2.jar libraries >>> Is there any missing configuration changes to avoid this double ticket >>> validation? >>> Thank you >>> >>> El viernes, 9 de diciembre de 2016, 23:04:05 (UTC+1), Jason Hitt >>> escribió: I've created a pull request for a new Jira7CasAuthenticator at https://github.com/apereo/java-cas-client/pull/197 There is example seraph-config.xml code in the comment. Using this authenticator, you do not need any servlet filter updates in web.xml to get SSO. If you want single sign-out support you should still include those filters and handlers. If you want transparent SSO at your default URL (instead of seeing the login page and having to click 'Login'), use the CasAuthenticationFilter i listed previously, but change the filter mapping from /* to /default.jsp. This configuration is working 100% with JIRA 7 for us on our test server. >>> -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/c75d342e-c47d-4ebc-8686-1810e1197ac0%40apereo.org.
Re: [cas-user] CAS for Jira 7
Also, I found a workaround for the Login gadget appearing at times. You can simply hide it: https://confluence.atlassian.com/jirakb/howto-hide-the-login-gadget-from-the-system-dashboard-in-jira-5-1-305037906.html Mike On Saturday, September 30, 2017 at 4:47:44 PM UTC-4, Michael Brown wrote: > > Hi Marco, We are experience the same issues with the CAS integration as > well. > > We did put together some instructions on modifying / updating the > seraph-config.xml and web.xml files, and you can download the .JAR files we > used here: > https://bitbucket.org/mbrown_ascend/jira-cas-integration/downloads/. > Although I'm not sure how to fix those issues other than adding "/*" > instead of default.jsp in the filter mapping for the CasSingleSignOutFilter, > CasAuthenticationFilter, and CasValidationFilter. > > By adding /* though, it breaks the Dashboard all over again and the _MSG > error appear. > > Hope this helps a little, but we are also experiencing the same issue. > > Mike > > On Thursday, April 27, 2017 at 5:09:59 AM UTC-4, Marco Osorio wrote: >> >> Hello, >> I have a problem with jira + cas authentication. I've followed the setup >> instructions that come up with two things. >> 1. In the web.xml configuration, if I comment the CasValidationFilter >> filter, JIRA v7.3.1 starts correctly if errors. When authentic with CAS >> takes me to the DashBoard but the login widget keeps appearing without >> content and does not allow me to visualize anything else, as if I was >> waiting to validate the login. >> 2. If I activate the CasValidationFilter filter, when authenticating with >> CAS, it generates a double ticket validation error with this trace: >> Org.jasig.cas.client.validation.TicketValidationException: >> Ticket 'ST-380-eMVDywffQFkJ0W6DYY5f-DVMAPL207' not >> recognized >> The versions of cas-client-core-3.2.1.jar and >> cas-client-integration-atlassian-3.4.2.jar libraries >> Is there any missing configuration changes to avoid this double ticket >> validation? >> Thank you >> >> El viernes, 9 de diciembre de 2016, 23:04:05 (UTC+1), Jason Hitt escribió: >>> >>> I've created a pull request for a new Jira7CasAuthenticator at >>> https://github.com/apereo/java-cas-client/pull/197 >>> >>> There is example seraph-config.xml code in the comment. Using this >>> authenticator, you do not need any servlet filter updates in web.xml to get >>> SSO. >>> >>> If you want single sign-out support you should still include those >>> filters and handlers. >>> If you want transparent SSO at your default URL (instead of seeing the >>> login page and having to click 'Login'), use the CasAuthenticationFilter i >>> listed previously, but change the filter mapping from /* to /default.jsp. >>> >>> This configuration is working 100% with JIRA 7 for us on our test server. >>> >> -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/3073afd7-864f-4bdf-ab33-2cefd33f7776%40apereo.org.
Re: [cas-user] CAS for Jira 7
Hi Marco, We are experience the same issues with the CAS integration as well. We did put together some instructions on modifying / updating the seraph-config.xml and web.xml files, and you can download the .JAR files we used here: https://bitbucket.org/mbrown_ascend/jira-cas-integration/downloads/. Although I'm not sure how to fix those issues other than adding "/*" instead of default.jsp in the filter mapping for the CasSingleSignOutFilter, CasAuthenticationFilter, and CasValidationFilter. By adding /* though, it breaks the Dashboard all over again and the _MSG error appear. Hope this helps a little, but we are also experiencing the same issue. Mike On Thursday, April 27, 2017 at 5:09:59 AM UTC-4, Marco Osorio wrote: > > Hello, > I have a problem with jira + cas authentication. I've followed the setup > instructions that come up with two things. > 1. In the web.xml configuration, if I comment the CasValidationFilter > filter, JIRA v7.3.1 starts correctly if errors. When authentic with CAS > takes me to the DashBoard but the login widget keeps appearing without > content and does not allow me to visualize anything else, as if I was > waiting to validate the login. > 2. If I activate the CasValidationFilter filter, when authenticating with > CAS, it generates a double ticket validation error with this trace: > Org.jasig.cas.client.validation.TicketValidationException: > Ticket 'ST-380-eMVDywffQFkJ0W6DYY5f-DVMAPL207' not recognized > > The versions of cas-client-core-3.2.1.jar and > cas-client-integration-atlassian-3.4.2.jar libraries > Is there any missing configuration changes to avoid this double ticket > validation? > Thank you > > El viernes, 9 de diciembre de 2016, 23:04:05 (UTC+1), Jason Hitt escribió: >> >> I've created a pull request for a new Jira7CasAuthenticator at >> https://github.com/apereo/java-cas-client/pull/197 >> >> There is example seraph-config.xml code in the comment. Using this >> authenticator, you do not need any servlet filter updates in web.xml to get >> SSO. >> >> If you want single sign-out support you should still include those >> filters and handlers. >> If you want transparent SSO at your default URL (instead of seeing the >> login page and having to click 'Login'), use the CasAuthenticationFilter i >> listed previously, but change the filter mapping from /* to /default.jsp. >> >> This configuration is working 100% with JIRA 7 for us on our test server. >> > -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/e972f26c-9c62-4dd3-a222-eca6817cf95a%40apereo.org.
Re: [cas-user] CAS for Jira 7
Hello, I have a problem with jira + cas authentication. I've followed the setup instructions that come up with two things. 1. In the web.xml configuration, if I comment the CasValidationFilter filter, JIRA v7.3.1 starts correctly if errors. When authentic with CAS takes me to the DashBoard but the login widget keeps appearing without content and does not allow me to visualize anything else, as if I was waiting to validate the login. 2. If I activate the CasValidationFilter filter, when authenticating with CAS, it generates a double ticket validation error with this trace: Org.jasig.cas.client.validation.TicketValidationException: Ticket 'ST-380-eMVDywffQFkJ0W6DYY5f-DVMAPL207' not recognized The versions of cas-client-core-3.2.1.jar and cas-client-integration-atlassian-3.4.2.jar libraries Is there any missing configuration changes to avoid this double ticket validation? Thank you El viernes, 9 de diciembre de 2016, 23:04:05 (UTC+1), Jason Hitt escribió: > > I've created a pull request for a new Jira7CasAuthenticator at > https://github.com/apereo/java-cas-client/pull/197 > > There is example seraph-config.xml code in the comment. Using this > authenticator, you do not need any servlet filter updates in web.xml to get > SSO. > > If you want single sign-out support you should still include those filters > and handlers. > If you want transparent SSO at your default URL (instead of seeing the > login page and having to click 'Login'), use the CasAuthenticationFilter i > listed previously, but change the filter mapping from /* to /default.jsp. > > This configuration is working 100% with JIRA 7 for us on our test server. > -- - CAS gitter chatroom: https://gitter.im/apereo/cas - CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html - CAS documentation website: https://apereo.github.io/cas - CAS project website: https://github.com/apereo/cas --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/e971739d-860a-48c6-92ca-35fd4bf380d4%40apereo.org.
Re: [cas-user] CAS for Jira 7
I've created a pull request for a new Jira7CasAuthenticator at https://github.com/apereo/java-cas-client/pull/197 There is example seraph-config.xml code in the comment. Using this authenticator, you do not need any servlet filter updates in web.xml to get SSO. If you want single sign-out support you should still include those filters and handlers. If you want transparent SSO at your default URL (instead of seeing the login page and having to click 'Login'), use the CasAuthenticationFilter i listed previously, but change the filter mapping from /* to /default.jsp. This configuration is working 100% with JIRA 7 for us on our test server. -- - CAS gitter chatroom: https://gitter.im/apereo/cas - CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html - CAS documentation website: https://apereo.github.io/cas - CAS project website: https://github.com/apereo/cas --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/82d5523b-a8e1-4e27-afdc-7268034174e3%40googlegroups.com.
Re: [cas-user] CAS for Jira 7
In seraph-config.xml, the only difference from the Apereo documentation was using Jira44CasAuthenticator instead of JiraCasAuthenticator. In web.xml, i used config that worked with the Soulwing CAS client in earlier JIRA versions. We have to add a single sign-out filter, an authentication filter, and a ticket validation filter. The filters are added just before the JiraLastFilter: CasSingleSignOutFilter org.jasig.cas.client.session.SingleSignOutFilter CasAuthenticationFilter org.jasig.cas.client.authentication.AuthenticationFilter casServerLoginUrl https://auth.alterscrap.com/cas/login serverName https://jira-test.alterscrap.com/ CasValidationFilter org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter casServerUrlPrefix https://auth.alterscrap.com/cas serverName https://jira-test.alterscrap.com/ redirectAfterValidation true We then have to apply the filters via filter-mappings. These are inserted just before the login filter-mapping: CasSingleSignOutFilter /* CasAuthenticationFilter /* CasValidationFilter /* Lastly, we need the single sign-out listener. This gets added at the end of the listener list: org.jasig.cas.client.session.SingleSignOutHttpSessionListener That should be it! As i said, this is VERY preliminary, and we're having problems with the server callbacks failing (and have no errors in the logs), but this should get you started. I'll post an update if i figure out our remaining issues. -- - CAS gitter chatroom: https://gitter.im/apereo/cas - CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html - CAS documentation website: https://apereo.github.io/cas - CAS project website: https://github.com/apereo/cas --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/b8ee2614-154d-4d8f-a5b3-a6935a3ef358%40googlegroups.com.
Re: [cas-user] CAS for Jira 7
Yes please! Thank you for responding even though my post is so old. :) Andy On Wed, 7 Dec 2016, Jason Hitt wrote: We use CAS authentication for JIRA. Our only problem so far with JIRA 7 is the server-to-server communications. We get the *__MSG_gadget.favourite.filters.title__* gadget titles. I believe it's because the server self-connections are supposed to bypass authentication and CAS isn't allowing it, but I haven't diagnosed it that far yet (we just started testing the upgrade this week). If you still need any help getting CAS started on JIRA 7, let me know and i'll be happy to post our config changes. On Thursday, August 4, 2016 at 1:28:21 PM UTC-5, morgan wrote: Does anyone use CAS authentication for Jira? I'm guessing something has changed between Jira versions. Does Atlassian provide documentation about plugging in alternate authentication methods? I could provide more information about our configuration attempt if it would help. Thanks, Andy On Fri, 29 Jul 2016, Andrew Morgan wrote: I'm trying to configure Jira v7.1.6 to use CAS. I followed the docs at: https://github.com/apereo/java-cas-client#atlassian-integration and I used the Jira44CasAuthenticator as documented on the old jasig wiki page. However, Jira doesn't seem to be using the CAS login. When I click on Jira's Log In link in the upper-right corner, I'm successfully authenticated with CAS (ticket is validated), but CAS never "sees" that I'm logged in. I assume this means that something in the way Jira hooks into CAS is missing... Does anyone know if the Java CAS Client works with Jira v7? Thanks, Andy -- - CAS gitter chatroom: https://gitter.im/apereo/cas - CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html - CAS documentation website: https://apereo.github.io/cas - CAS project website: https://github.com/apereo/cas --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/3a9b64f6-cab5-43d0-9f8d-4f735abe153a%40apereo.org.
Re: [cas-user] CAS for Jira 7
We use CAS authentication for JIRA. Our only problem so far with JIRA 7 is the server-to-server communications. We get the *__MSG_gadget.favourite.filters.title__* gadget titles. I believe it's because the server self-connections are supposed to bypass authentication and CAS isn't allowing it, but I haven't diagnosed it that far yet (we just started testing the upgrade this week). If you still need any help getting CAS started on JIRA 7, let me know and i'll be happy to post our config changes. On Thursday, August 4, 2016 at 1:28:21 PM UTC-5, morgan wrote: > > Does anyone use CAS authentication for Jira? I'm guessing something has > changed between Jira versions. Does Atlassian provide documentation about > plugging in alternate authentication methods? I could provide more > information about our configuration attempt if it would help. > > Thanks, > Andy > > On Fri, 29 Jul 2016, Andrew Morgan wrote: > > > I'm trying to configure Jira v7.1.6 to use CAS. I followed the docs at: > > > > https://github.com/apereo/java-cas-client#atlassian-integration > > > > and I used the Jira44CasAuthenticator as documented on the old jasig > wiki > > page. > > > > However, Jira doesn't seem to be using the CAS login. When I click on > Jira's > > Log In link in the upper-right corner, I'm successfully authenticated > with > > CAS (ticket is validated), but CAS never "sees" that I'm logged in. > > > > I assume this means that something in the way Jira hooks into CAS is > > missing... > > > > Does anyone know if the Java CAS Client works with Jira v7? > > > > Thanks, > > Andy > > > -- - CAS gitter chatroom: https://gitter.im/apereo/cas - CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html - CAS documentation website: https://apereo.github.io/cas - CAS project website: https://github.com/apereo/cas --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/3a9b64f6-cab5-43d0-9f8d-4f735abe153a%40apereo.org.
Re: [cas-user] CAS for Jira 7
Does anyone use CAS authentication for Jira? I'm guessing something has changed between Jira versions. Does Atlassian provide documentation about plugging in alternate authentication methods? I could provide more information about our configuration attempt if it would help. Thanks, Andy On Fri, 29 Jul 2016, Andrew Morgan wrote: I'm trying to configure Jira v7.1.6 to use CAS. I followed the docs at: https://github.com/apereo/java-cas-client#atlassian-integration and I used the Jira44CasAuthenticator as documented on the old jasig wiki page. However, Jira doesn't seem to be using the CAS login. When I click on Jira's Log In link in the upper-right corner, I'm successfully authenticated with CAS (ticket is validated), but CAS never "sees" that I'm logged in. I assume this means that something in the way Jira hooks into CAS is missing... Does anyone know if the Java CAS Client works with Jira v7? Thanks, Andy