CAS for Jira 7 redirects to Jira login page after successful SSO login

up vote
0
down vote

favorite

What I am trying to do is integrating Jira 7.12.3 with a SSO server using the Apereo Java CAS Client.

I followed this guide and got the two needed jars from here.

I have integrated CAS with JIRA like described there, but when I open jira, the user is redirected to /secure/Dashboard.jspa (the jira login page). By clicking login in the top right corner the cas page is opening, but after logging in successfully the user is redirected back to the JIRA login page and the user is still not logged in here. Can anyone help me to fix this?

Here the configs I've added:

web.xml:

<!-- CAS FILTER -->

<filter>

  <filter-name>CasSingleSignOutFilter</filter-name>

  <filter-class>org.jasig.cas.client.session.SingleSignOutFilter</filter-class>

  <init-param>

       <param-name>casServerUrlPrefix</param-name>

       <param-value>https://[sso url]</param-value>

   </init-param>

</filter>

<filter>

 <filter-name>CasAuthenticationFilter</filter-name>

<filter-class>org.jasig.cas.client.authentication.AuthenticationFilter</filter-class>

 <init-param>

 <param-name>casServerLoginUrl</param-name>

 <param-value>https://[sso url]/login</param-value>

 </init-param>

 <init-param>

   <param-name>serverName</param-name>

   <param-value>http://localhost:8080/</param-value>

 </init-param>

</filter>

<filter>

   <filter-name>CasValidationFilter</filter-name>

   <filter-class>org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter</filter-class>

   <init-param>

       <param-name>casServerUrlPrefix</param-name>

       <param-value>https://[sso url]</param-value>

   </init-param>

   <init-param>

       <param-name>serverName</param-name>

       <param-value>http://localhost:8080/</param-value>

   </init-param>

   <init-param>

       <param-name>redirectAfterValidation</param-name>

       <param-value>true</param-value>

   </init-param>

</filter>

<!-- Just before the last filter in the defined chain -->



<!-- CAS - Java Client Filter Mappings --> 

<filter-mapping>

   <filter-name>CasSingleSignOutFilter</filter-name>

   <url-pattern>/*</url-pattern>

</filter-mapping>

<filter-mapping>

    <filter-name>CasAuthenticationFilter</filter-name>

    <url-pattern>/default.jsp</url-pattern>

</filter-mapping>

<filter-mapping>

    <filter-name>CasValidationFilter</filter-name>

    <url-pattern>/*</url-pattern>

</filter-mapping>



<!-- CAS:START - Java Client Single Sign Out Listener -->

<listener>

    <listener-class>org.jasig.cas.client.session.SingleSignOutHttpSessionListener</listener-class>

</listener>

<!-- CAS:END -->

seraph-config.xml:

<init-param>

   <param-name>login.url</param-name>

        <!--<param-value>/login.jsp?permissionViolation=true&amp;os_destination=${originalurl}&amp;page_caps=${pageCaps}&amp;user_role=${userRole}</param-value>-->

        <param-value>https://[sso url]/login?service=${originalurl}</param-value>

</init-param>

<init-param>

   <param-name>link.login.url</param-name>

        <param-value>https://[sso url]/login?service=${originalurl}</param-value>

 </init-param>

 <init-param>

    <param-name>logout.url</param-name>

    <!--<param-value>/secure/Logout!default.jspa</param-value>-->

    <param-value>https://[sso url]/logout</param-value>

 </init-param>



 <!-- Inserted this Authenticator instead of JiraSeraphAuthenticator -->

<authenticator class="org.jasig.cas.client.integration.atlassian.Jira7CasAuthenticator">

    <init-param>

        <param-name>casServerUrlPrefix</param-name>

        <param-value>https://[sso url]</param-value>

    </init-param>

    <init-param>

        <param-name>serverName</param-name>

        <param-value>http://localhost:8080</param-value>

    </init-param>

</authenticator>

Thanks in advance for any help!

asked Oct 30 at 15:14

Tobias Riegel

add a comment |

up vote
0
down vote

favorite

What I am trying to do is integrating Jira 7.12.3 with a SSO server using the Apereo Java CAS Client.

I followed this guide and got the two needed jars from here.

Here the configs I've added:

web.xml:

<!-- CAS FILTER -->

<filter>

  <filter-name>CasSingleSignOutFilter</filter-name>

  <filter-class>org.jasig.cas.client.session.SingleSignOutFilter</filter-class>

  <init-param>

       <param-name>casServerUrlPrefix</param-name>

       <param-value>https://[sso url]</param-value>

   </init-param>

</filter>

<filter>

 <filter-name>CasAuthenticationFilter</filter-name>

<filter-class>org.jasig.cas.client.authentication.AuthenticationFilter</filter-class>

 <init-param>

 <param-name>casServerLoginUrl</param-name>

 <param-value>https://[sso url]/login</param-value>

 </init-param>

 <init-param>

   <param-name>serverName</param-name>

   <param-value>http://localhost:8080/</param-value>

 </init-param>

</filter>

<filter>

   <filter-name>CasValidationFilter</filter-name>

   <filter-class>org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter</filter-class>

   <init-param>

       <param-name>casServerUrlPrefix</param-name>

       <param-value>https://[sso url]</param-value>

   </init-param>

   <init-param>

       <param-name>serverName</param-name>

       <param-value>http://localhost:8080/</param-value>

   </init-param>

   <init-param>

       <param-name>redirectAfterValidation</param-name>

       <param-value>true</param-value>

   </init-param>

</filter>

<!-- Just before the last filter in the defined chain -->



<!-- CAS - Java Client Filter Mappings --> 

<filter-mapping>

   <filter-name>CasSingleSignOutFilter</filter-name>

   <url-pattern>/*</url-pattern>

</filter-mapping>

<filter-mapping>

    <filter-name>CasAuthenticationFilter</filter-name>

    <url-pattern>/default.jsp</url-pattern>

</filter-mapping>

<filter-mapping>

    <filter-name>CasValidationFilter</filter-name>

    <url-pattern>/*</url-pattern>

</filter-mapping>



<!-- CAS:START - Java Client Single Sign Out Listener -->

<listener>

    <listener-class>org.jasig.cas.client.session.SingleSignOutHttpSessionListener</listener-class>

</listener>

<!-- CAS:END -->

seraph-config.xml:

<init-param>

   <param-name>login.url</param-name>

        <!--<param-value>/login.jsp?permissionViolation=true&amp;os_destination=${originalurl}&amp;page_caps=${pageCaps}&amp;user_role=${userRole}</param-value>-->

        <param-value>https://[sso url]/login?service=${originalurl}</param-value>

</init-param>

<init-param>

   <param-name>link.login.url</param-name>

        <param-value>https://[sso url]/login?service=${originalurl}</param-value>

 </init-param>

 <init-param>

    <param-name>logout.url</param-name>

    <!--<param-value>/secure/Logout!default.jspa</param-value>-->

    <param-value>https://[sso url]/logout</param-value>

 </init-param>



 <!-- Inserted this Authenticator instead of JiraSeraphAuthenticator -->

<authenticator class="org.jasig.cas.client.integration.atlassian.Jira7CasAuthenticator">

    <init-param>

        <param-name>casServerUrlPrefix</param-name>

        <param-value>https://[sso url]</param-value>

    </init-param>

    <init-param>

        <param-name>serverName</param-name>

        <param-value>http://localhost:8080</param-value>

    </init-param>

</authenticator>

Thanks in advance for any help!

asked Oct 30 at 15:14

Tobias Riegel

add a comment |

up vote
0
down vote

favorite

What I am trying to do is integrating Jira 7.12.3 with a SSO server using the Apereo Java CAS Client.

I followed this guide and got the two needed jars from here.

Here the configs I've added:

web.xml:

<!-- CAS FILTER -->

<filter>

  <filter-name>CasSingleSignOutFilter</filter-name>

  <filter-class>org.jasig.cas.client.session.SingleSignOutFilter</filter-class>

  <init-param>

       <param-name>casServerUrlPrefix</param-name>

       <param-value>https://[sso url]</param-value>

   </init-param>

</filter>

<filter>

 <filter-name>CasAuthenticationFilter</filter-name>

<filter-class>org.jasig.cas.client.authentication.AuthenticationFilter</filter-class>

 <init-param>

 <param-name>casServerLoginUrl</param-name>

 <param-value>https://[sso url]/login</param-value>

 </init-param>

 <init-param>

   <param-name>serverName</param-name>

   <param-value>http://localhost:8080/</param-value>

 </init-param>

</filter>

<filter>

   <filter-name>CasValidationFilter</filter-name>

   <filter-class>org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter</filter-class>

   <init-param>

       <param-name>casServerUrlPrefix</param-name>

       <param-value>https://[sso url]</param-value>

   </init-param>

   <init-param>

       <param-name>serverName</param-name>

       <param-value>http://localhost:8080/</param-value>

   </init-param>

   <init-param>

       <param-name>redirectAfterValidation</param-name>

       <param-value>true</param-value>

   </init-param>

</filter>

<!-- Just before the last filter in the defined chain -->



<!-- CAS - Java Client Filter Mappings --> 

<filter-mapping>

   <filter-name>CasSingleSignOutFilter</filter-name>

   <url-pattern>/*</url-pattern>

</filter-mapping>

<filter-mapping>

    <filter-name>CasAuthenticationFilter</filter-name>

    <url-pattern>/default.jsp</url-pattern>

</filter-mapping>

<filter-mapping>

    <filter-name>CasValidationFilter</filter-name>

    <url-pattern>/*</url-pattern>

</filter-mapping>



<!-- CAS:START - Java Client Single Sign Out Listener -->

<listener>

    <listener-class>org.jasig.cas.client.session.SingleSignOutHttpSessionListener</listener-class>

</listener>

<!-- CAS:END -->

seraph-config.xml:

<init-param>

   <param-name>login.url</param-name>

        <!--<param-value>/login.jsp?permissionViolation=true&amp;os_destination=${originalurl}&amp;page_caps=${pageCaps}&amp;user_role=${userRole}</param-value>-->

        <param-value>https://[sso url]/login?service=${originalurl}</param-value>

</init-param>

<init-param>

   <param-name>link.login.url</param-name>

        <param-value>https://[sso url]/login?service=${originalurl}</param-value>

 </init-param>

 <init-param>

    <param-name>logout.url</param-name>

    <!--<param-value>/secure/Logout!default.jspa</param-value>-->

    <param-value>https://[sso url]/logout</param-value>

 </init-param>



 <!-- Inserted this Authenticator instead of JiraSeraphAuthenticator -->

<authenticator class="org.jasig.cas.client.integration.atlassian.Jira7CasAuthenticator">

    <init-param>

        <param-name>casServerUrlPrefix</param-name>

        <param-value>https://[sso url]</param-value>

    </init-param>

    <init-param>

        <param-name>serverName</param-name>

        <param-value>http://localhost:8080</param-value>

    </init-param>

</authenticator>

Thanks in advance for any help!

asked Oct 30 at 15:14

Tobias Riegel

What I am trying to do is integrating Jira 7.12.3 with a SSO server using the Apereo Java CAS Client.

I followed this guide and got the two needed jars from here.

Here the configs I've added:

web.xml:

<!-- CAS FILTER -->

<filter>

  <filter-name>CasSingleSignOutFilter</filter-name>

  <filter-class>org.jasig.cas.client.session.SingleSignOutFilter</filter-class>

  <init-param>

       <param-name>casServerUrlPrefix</param-name>

       <param-value>https://[sso url]</param-value>

   </init-param>

</filter>

<filter>

 <filter-name>CasAuthenticationFilter</filter-name>

<filter-class>org.jasig.cas.client.authentication.AuthenticationFilter</filter-class>

 <init-param>

 <param-name>casServerLoginUrl</param-name>

 <param-value>https://[sso url]/login</param-value>

 </init-param>

 <init-param>

   <param-name>serverName</param-name>

   <param-value>http://localhost:8080/</param-value>

 </init-param>

</filter>

<filter>

   <filter-name>CasValidationFilter</filter-name>

   <filter-class>org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter</filter-class>

   <init-param>

       <param-name>casServerUrlPrefix</param-name>

       <param-value>https://[sso url]</param-value>

   </init-param>

   <init-param>

       <param-name>serverName</param-name>

       <param-value>http://localhost:8080/</param-value>

   </init-param>

   <init-param>

       <param-name>redirectAfterValidation</param-name>

       <param-value>true</param-value>

   </init-param>

</filter>

<!-- Just before the last filter in the defined chain -->



<!-- CAS - Java Client Filter Mappings --> 

<filter-mapping>

   <filter-name>CasSingleSignOutFilter</filter-name>

   <url-pattern>/*</url-pattern>

</filter-mapping>

<filter-mapping>

    <filter-name>CasAuthenticationFilter</filter-name>

    <url-pattern>/default.jsp</url-pattern>

</filter-mapping>

<filter-mapping>

    <filter-name>CasValidationFilter</filter-name>

    <url-pattern>/*</url-pattern>

</filter-mapping>



<!-- CAS:START - Java Client Single Sign Out Listener -->

<listener>

    <listener-class>org.jasig.cas.client.session.SingleSignOutHttpSessionListener</listener-class>

</listener>

<!-- CAS:END -->

seraph-config.xml:

<init-param>

   <param-name>login.url</param-name>

        <!--<param-value>/login.jsp?permissionViolation=true&amp;os_destination=${originalurl}&amp;page_caps=${pageCaps}&amp;user_role=${userRole}</param-value>-->

        <param-value>https://[sso url]/login?service=${originalurl}</param-value>

</init-param>

<init-param>

   <param-name>link.login.url</param-name>

        <param-value>https://[sso url]/login?service=${originalurl}</param-value>

 </init-param>

 <init-param>

    <param-name>logout.url</param-name>

    <!--<param-value>/secure/Logout!default.jspa</param-value>-->

    <param-value>https://[sso url]/logout</param-value>

 </init-param>



 <!-- Inserted this Authenticator instead of JiraSeraphAuthenticator -->

<authenticator class="org.jasig.cas.client.integration.atlassian.Jira7CasAuthenticator">

    <init-param>

        <param-name>casServerUrlPrefix</param-name>

        <param-value>https://[sso url]</param-value>

    </init-param>

    <init-param>

        <param-name>serverName</param-name>

        <param-value>http://localhost:8080</param-value>

    </init-param>

</authenticator>

Thanks in advance for any help!

single-sign-on jira cas atlassian jasig

asked Oct 30 at 15:14

Tobias Riegel

asked Oct 30 at 15:14

Tobias Riegel

asked Oct 30 at 15:14

Tobias Riegel

asked Oct 30 at 15:14

Tobias Riegel

asked Oct 30 at 15:14

Tobias Riegel

add a comment |

1 Answer
1

active

oldest

votes

up vote
0
down vote

accepted

The problem was that I inserted my jira-url as "localhost:8080". Thus, my cas server was not able to uniquely identify the service via the service-parameter in the url.

Thought this might be helpful for others with a similar problem.

answered Nov 7 at 10:38

Tobias Riegel

add a comment |

Your Answer

StackExchange.ifUsing("editor", function () {
StackExchange.using("externalEditor", function () {
StackExchange.using("snippets", function () {
StackExchange.snippets.init();
});
});
}, "code-snippets");

StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "1"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});

function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});

}
});

draft saved

draft discarded

Sign up or log in

StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});

Post as a guest

Name

Required, but never shown

StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53067495%2fcas-for-jira-7-redirects-to-jira-login-page-after-successful-sso-login%23new-answer', 'question_page');
}
);

Post as a guest

Name

Required, but never shown

1 Answer
1

active

oldest

votes

1 Answer
1

active

oldest

votes

up vote
0
down vote

accepted

The problem was that I inserted my jira-url as "localhost:8080". Thus, my cas server was not able to uniquely identify the service via the service-parameter in the url.

Thought this might be helpful for others with a similar problem.

answered Nov 7 at 10:38

Tobias Riegel

add a comment |

up vote
0
down vote

accepted

The problem was that I inserted my jira-url as "localhost:8080". Thus, my cas server was not able to uniquely identify the service via the service-parameter in the url.

Thought this might be helpful for others with a similar problem.

answered Nov 7 at 10:38

Tobias Riegel

add a comment |

up vote
0
down vote

accepted

The problem was that I inserted my jira-url as "localhost:8080". Thus, my cas server was not able to uniquely identify the service via the service-parameter in the url.

Thought this might be helpful for others with a similar problem.

answered Nov 7 at 10:38

Tobias Riegel

The problem was that I inserted my jira-url as "localhost:8080". Thus, my cas server was not able to uniquely identify the service via the service-parameter in the url.

Thought this might be helpful for others with a similar problem.

answered Nov 7 at 10:38

Tobias Riegel

answered Nov 7 at 10:38

Tobias Riegel

answered Nov 7 at 10:38

Tobias Riegel

answered Nov 7 at 10:38

Tobias Riegel

add a comment |

draft saved

draft discarded

draft saved

draft discarded

Sign up or log in

StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});

Post as a guest

Name

Required, but never shown

Post as a guest

Name

Required, but never shown

Sign up or log in

StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});

Post as a guest

Name

Required, but never shown

Sign up or log in

StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});

Post as a guest

Name

Required, but never shown

Sign up or log in

StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});

Post as a guest

Name

Required, but never shown

Name

Required, but never shown

Name

Required, but never shown

This page is only for reference, If you need detailed information, please check here

搜尋此網誌

Wsrtjtyk