Thank you for this heads-up. Have you got projections on how this will behave on instances using a third-party add-on for authentication? Our add-ons are reliant on the servlet filter chain and the host application login page behavior in order to extend it for the functionality we are adding to the login experience.
Will this be a configurable opt-in experience, or will it take over in a future release of Data Center platform version x?
Also, any more details about the EAP? Where will we get access to this?
For example, I as a vendor might want to force an additional 2FA check on security sensitive parts of my app. Coincidentally we were discussing implementing this minutes before this announcement.
We intend adding 2SV for some parts of the admin panel in the future version. We could possibly consider making this feature available also to marketplace partners.
This is the main goal of the POC EAP we are preparing. The POC only includes the basic mechanism and is not a final solution. We gather this feedback to guarantee that the ultimate solution does not disrupt the authentication-related plugins.
It’s a new login page, however the change can affect plugins which depend on the current login page layout as well as plugins which intercept requests to the login page.
Absolutely, the EAP does not require Platform 7 and should work with all Jira and Confluence versions compatible with the 4.3.x version line of Atlassian’s SSO plugin - that’d be Jira 9.13.x and Confluence 8.8.x. I have successfully tested the plugin against Jira 9.13.0 and Confluence 8.8.0. This is not an exhaustive version list as the plugin seemed to work with Jira 9.12.1 as well. I have also successfully tested it with Jira 10.0 EAP 02 but I would not be surprised if it didn’t work with future Platform 7 EAPs.