What I am trying to do is integrating Jira 7.12.3 with a SSO server using the Apereo Java CAS Client.
I followed this guide and got the two needed jars from here.
I have integrated CAS with JIRA like described there, but when I open jira, the user is redirected to /secure/Dashboard.jspa (the jira login page). By clicking login in the top right corner the cas page is opening, but after logging in successfully the user is redirected back to the JIRA login page and the user is still not logged in here. Can anyone help me to fix this?
Here the configs I've added:
web.xml:
<!-- CAS FILTER -->
<filter>
<filter-name>CasSingleSignOutFilter</filter-name>
<filter-class>org.jasig.cas.client.session.SingleSignOutFilter</filter-class>
<init-param>
<param-name>casServerUrlPrefix</param-name>
<param-value>https://[sso url]</param-value>
</init-param>
</filter>
<filter>
<filter-name>CasAuthenticationFilter</filter-name>
<filter-class>org.jasig.cas.client.authentication.AuthenticationFilter</filter-class>
<init-param>
<param-name>casServerLoginUrl</param-name>
<param-value>https://[sso url]/login</param-value>
</init-param>
<init-param>
<param-name>serverName</param-name>
<param-value>http://localhost:8080/</param-value>
</init-param>
</filter>
<filter>
<filter-name>CasValidationFilter</filter-name>
<filter-class>org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter</filter-class>
<init-param>
<param-name>casServerUrlPrefix</param-name>
<param-value>https://[sso url]</param-value>
</init-param>
<init-param>
<param-name>serverName</param-name>
<param-value>http://localhost:8080/</param-value>
</init-param>
<init-param>
<param-name>redirectAfterValidation</param-name>
<param-value>true</param-value>
</init-param>
</filter>
<!-- Just before the last filter in the defined chain -->
<!-- CAS - Java Client Filter Mappings -->
<filter-mapping>
<filter-name>CasSingleSignOutFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>CasAuthenticationFilter</filter-name>
<url-pattern>/default.jsp</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>CasValidationFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<!-- CAS:START - Java Client Single Sign Out Listener -->
<listener>
<listener-class>org.jasig.cas.client.session.SingleSignOutHttpSessionListener</listener-class>
</listener>
<!-- CAS:END -->
seraph-config.xml:
<init-param>
<param-name>login.url</param-name>
<!--<param-value>/login.jsp?permissionViolation=true&os_destination=${originalurl}&page_caps=${pageCaps}&user_role=${userRole}</param-value>-->
<param-value>https://[sso url]/login?service=${originalurl}</param-value>
</init-param>
<init-param>
<param-name>link.login.url</param-name>
<param-value>https://[sso url]/login?service=${originalurl}</param-value>
</init-param>
<init-param>
<param-name>logout.url</param-name>
<!--<param-value>/secure/Logout!default.jspa</param-value>-->
<param-value>https://[sso url]/logout</param-value>
</init-param>
<!-- Inserted this Authenticator instead of JiraSeraphAuthenticator -->
<authenticator class="org.jasig.cas.client.integration.atlassian.Jira7CasAuthenticator">
<init-param>
<param-name>casServerUrlPrefix</param-name>
<param-value>https://[sso url]</param-value>
</init-param>
<init-param>
<param-name>serverName</param-name>
<param-value>http://localhost:8080</param-value>
</init-param>
</authenticator>
The problem was that I inserted my jira-url as "localhost:8080". Thus, my cas server was not able to uniquely identify the service via the service-parameter in the url.
Thought this might be helpful for others with a similar problem.