Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
It looks like currently we can:
- Create a new crowd session/token (login to Crowd through Drupal).
- Check whether a crowd token is active (to auto SSO login when a token has already been set)
but we do not:
- Create a session and cookie that is compatible with other Atlassian tools. The cookie is not being set in a compatible way nor are the Crowd "validation factors" being set correctly. This means that a session started via Drupal will not be usable by non-Drupal tools that also connect to crowd (specifically the Crowd Console)
- Full validate a crowd token. At the moment we only check if a Crowd token is "active", but we do not fully validate it (check against other "validation factors", such as remote IP), which seems to be a standard practice for other Atlassian tools
I suppose these may be 2 separate issues, but they are indeed related. I'm looking into this and could probably produce a patch at some point soon. Regardless it would be interesting to hear from an existing maintainer if any of these missing bits of functionality were perhaps actually by design?
Comments
Comment #1
rjacobs CreditAttribution: rjacobs commentedAlright, as I look at this I think it's going to be simpler to separate this into 2 issues. For now I have just been focusing on making it possible for Drupal to set and session and cookie that other Crowd apps (such as the Crowd Console) will honor. The mainly entails some changes to the way setcookie() is used, the way the cookie is named and the way validation factors are set in the authorize() service call. The notes at https://answers.atlassian.com/questions/123130/sso-between-confluence-an... were particularly helpful is sorting this out.
Patches are attached for D6 and D7.
Comment #2
rjacobs CreditAttribution: rjacobs commentedNote that the patches in #1 will also address the problem from #1698440: Special characters in usernames or passwords cause xml errors, so I marked that as a dup pointing to this issue.
Also note that these patches may not apply cleanly until the "super patches" from #1716078: Consolidate a common space and status for this integration effort are applied.
Comment #3
rjacobs CreditAttribution: rjacobs commentedThis is just a quick re-roll to make sure this patch still applies cleanly after the modified patches being discussed in #1716078: Consolidate a common space and status for this integration effort are applied. Also, this is just for D7 as I think it's best to wait to post a D6 fix until something is committed for D7.
Comment #4
rjacobs CreditAttribution: rjacobs commentedThis is now committed in http://drupalcode.org/project/crowd.git/commit/23dd4ba
Just needs backport now.
Comment #5
rjacobs CreditAttribution: rjacobs commentedOk, backport committed:
http://drupalcode.org/project/crowd.git/commit/cad4c79
Comment #6.0
(not verified) CreditAttribution: commentedtypo