JIRA + AJP + REMOTE_USER - how do I get rid of the login screen?
Graham Leggett
minfrin at sharp.fm
Thu Mar 19 09:59:52 EDT 2015
On 19 Mar 2015, at 3:48 PM, Cantor, Scott <cantor.2 at osu.edu> wrote:
> That's not code we support, and I probably should have changed the package
> names before I let it out. I donated it as a favor to Kevin.
>
> Lots of it dates from other people creating a monster of a plugin for
> confluence, and I mostly just keep it working for my purposes at this
> point. The code is a disaster, so if it ever moved into "supported by me"
> mode, it would have to be rewritten.
I for one am grateful this code exists :)
> However, that said, the Jira I run has that property commented out, and we
> don't allow local login, and it's not been a problem. There are some
> places where the login UI does appear unavoidably because Jira is not well
> designed for this, but basic login up front works.
>
> So I don't really know if that code is different than what I use, or
> whatever, but we seem to have the username coming from REMOTE_USER
> successfully.
Apache httpd has directives such as http://httpd.apache.org/docs/2.4/mod/mod_authnz_ldap.html#authldapremoteuserattribute and http://httpd.apache.org/docs/2.4/mod/mod_ssl.html#sslusername which allow the REMOTE_USER to be set out the box in cases where single sign on and/or certificates are being used, and JIRA has always historically been a pain to support in this environment.
I wrote the http://httpd.apache.org/docs/2.4/mod/mod_auth_basic.html#authbasicfake functionality primarily to support JIRA and Confluence in an environment where it was 100% certificates and all the passwords were “password”, but in this case I have a system with LDAP integration, so fiddling with passwords is off the cards.
Regards,
Graham
—
More information about the users
mailing list