Bamboo 9: RemoteDirectory findUserByName fails because encrypted password

Bamboo Development
, , ,
1

Hi,

as part of our SAML SSO app, we allow to search for users in remote directories and trigger an update if we were able to find them.

Since Bamboo 9, when calling findUserByName on the Authoritative Directory, the lookup fails because of invalid credentials:

com.atlassian.crowd.exception.InvalidAuthenticationException: Application failed to authenticate

The code looks like this:

Directory directory = directoryManager.findDirectoryById(458758);
RemoteDirectory remoteDirectory = directoryInstanceLoader.getDirectory(directory);
RemoteDirectory authoritativeDirectory = remoteDirectory.getAuthoritativeDirectory();

User remoteUser = authoritativeDirectory.findUserByName("remote-jira-user");

We tried to debug this and saw two things:

  1. When called from within our app, the directory password is encrypted, it starts with “BAMSCR…” and the code fails. We assume it fails because of the encrypted password.

  2. But when called from an Arquillian test, the directory password is not encrypted and it works.

We would like to know how we can call findUserByName from within our app, such that the remote lookup works again or any alternatives that work for our use case.

Best regards,
Christopher

1 Like
3

@chrschommer Is it just this method (findUserByName) that fails with this auth error, or do calls to other methods also throw the same error?

4

Hi @nmansilla , I got the same result with findUserWithAttributesByName . We have created a ticket with DevHelp in the meantime

5

We were able to fix it together with the Atlassian Dev support.

The problem was that we used CrowdDirectoryService#findAllDirectories to get all directories. However, there is a bug and the directories are not returned correctly.

We have switched to DirectoryManager#findAllDirectories as a workaround.

1 Like
6

One small addition. The workaround from my previous answer broke some of our Confluence oldest integration tests. Thus, we switched to a solution that uses the DirectoryManager only for Bamboo, and for the other products, we still use the DirectoryCrowdService

1 Like