How do I disable Stash's internal authentication and delegate that to an external entity e.g. Kerberos authentication on Apache?

'How Do I...' and 'How to...' Guide to Stash

このページの内容

お困りですか?

アトラシアン コミュニティをご利用ください。

コミュニティに質問

The following information hasn't been tested.

While it is not possible to disable Stash's internal authentication it's possible for plugins to "participate" in it. Since both Trusted Apps and OAuth do this sort of special authentication and they're both implemented as plugins their functionality can be duplicated.

 

Look at the OAuthFilter as a starting point for building such a plugin, since it's open source:

- https://studio.atlassian.com/source/browse/OAUTH/trunk/service-provider-plugin/src/main/java/com/atlassian/oauth/serviceprovider/internal/servlet/OAuthFilter.java?r=111426
- https://studio.atlassian.com/source/browse/OAUTH/trunk/service-provider-plugin/src/main/resources/atlassian-plugin.xml?r=130342 (Specifically lines 94-99 show how to register the filter in the plugin framework. Note that your filter will need to be in both the REQUEST and FORWARD dispatchers for /scm, just like the OAuthFilter is for /*)

You will not need to use the AuthenticationListener (although you can) and you can opt to use UserService.preauthenticate instead for simplicity. UserService.preauthenticate was built specifically to support this type of "trusted connection" situation.

You may achieve all authentication with Stash to be done via Kerberos if you apply your filter to /* instead of /scm.

 

 

 

最終更新日: 2012 年 12 月 13 日

この内容はお役に立ちましたか?

はい
いいえ
この記事についてのフィードバックを送信する
Powered by Confluence and Scroll Viewport.