Control login tockens

  • Ivan Lopez
    # 1 week, 4 days ago

    Dears,

    We have a question about the integration of OAuth between Jira and our authentication server.

    Currently, when a user logs out of our authentication server, the user can continue using Jira even if the user is not authenticated in the authentication server.

    For us, this is a security problem due to one computer, and one windows user session, could be used by two different people.Is it possible to configure the Jira plugin to control if the user is currently log in into the authentication server? For example when the user enters to Jira┬┤s Dashboard or the customer portal.

    We are using Gluu Server as authentication server: https://www.gluu.org/

    Best regards.

    Shradha
    # 1 week, 3 days ago

    Hi Ivan,

    Thanks for getting in touch with us.

    It seems like your Authentication Server Logout Endpoint setting is missing in the plugin configurations, this is the reason when the user is trying to log out from JIRA, the user session still exists in Gluu Server and the user gets logged in again.

    To avoid this behavior you can simply configure Logout Endpoint in the plugin. With this, you will get logged out from JIRA as well as Gluu Server on logout request.

    Please contact your Gluu Server team for Logout Endpoint.

    Let me know if this helps.

    Thanks,
    Shradha

Viewing 2 posts - 1 through 2 (of 2 total)

Reply