Use login form for Jira even when SAML auth is primary

If you use SAML authentication as primary auth for Jira, but it malfunctions, you can still get in with a local account.

Use this URL: https://jira.example.com/login.jsp?auth_fallback. The auth_fallback parameter will skip the redirection for unauthenticated users.

How to enable this feature

You have to tell Jira to listen for this parameter. Hit this REST endpoint:

curl -vvv -X PUT https://jira.example.com/rest/authconfig/1.0/sso -H 'Content-Type: application/json' -d '{"allow-redirect-override": true}' -u 'internalapplications'

You can also append a colon and the password in the -u parameter.

Bonus content

Use the Announcement banner for a “Login with SSO” button, and even a redirection to the login form, if the user visits anything other than the login page while unauthenticated.

<script>
if(jQuery('#header-details-user-fullname').text().indexOf(" ")==-1 && window.location.href.indexOf("login.jsp")==-1)
{ window.location = "/login.jsp" }

if(window.location.href.indexOf("login.jsp") != -1) {
  jQuery(document).ready(function(){
    jQuery( "<a class='aui-button aui-button-primary' href='/plugins/servlet/external-login' id='SSOLogin' target='_parent' resolved=''>Use SSO Login</a>" ).insertAfter( '#login-form-submit' );
  });
}
</script>

jira login form for manual entry, with additional "Use SSO Login" button

References

Weblinks

  1. Bypass SAML authentication for Jira Data Center – Atlassian Documentation refers to a command that is not valid for Jira Software 8.7.1.
    curl -vvv -XPUT /rest/authconfig/1.0/saml -H 'Content-Type: application/json' -d '{"allow-saml-redirect-override": true}' -u admin_username

Other

Original research with REST API browser

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.