Custom Seraph Authenticator - Keycloak

Hi !

Im getting confused recently about writing a custom seraph authenticator for JIRA.

• I installed the keycloak adapters for jiras tomcat

• edited the valve in context.xml,

• modified jiras web.xml with security constraints,

what leads to gettin redirected from our protected resource (jira) to keycloak for authentication. Unfortunately Seraph can’t interprete the cookie we get from keycloak and the com.atlassian.jira.security.login.SSOSeraphAuthenticator seems to only work with CROWD, we need a custom authenticator class.

Following the instructions on seraphs documentation im not sure whether to extend jiras DefaultAuthenticator class or whatever I’ve got to provide to seraph that lets me log in. Probably need to get the credentials Seraph needs out of the keycloak token that gets send with the browser request?

If anyone who is familiar with authenticators and/or especially jiras seraph could provide any additional information or examples, it would be very much appreciated! =)

Thanks in advance,

stronator

If anyone is interested in doing this, here’s how it works:

Write a custom Authenticator class which extends the JiraSeraphAuthenticator to use your SSO-product specific cookie/token/header/whatever.

With Keycloak you can access your different tokens via the KeycloakSecurityContext. The ID token is the one you typically get the users information from, to start the session on his behalf.

Were you able to figure this out? Trying to integrate Jira with Kecycloak currently. I have the tomcat/keycloak adapters, just not sure of the seraph code to register and use this adapter inside of seraph.