Is it possible to connect to a private Jira Installation (on prem)?

[danielle]

HI, I have a on prem, installation of Jira, all my servers are local without connectivity outside of our firewall | how can I use shields ?

I would like to use total number of Jira/Issues open for specific projects. Stories, Bugs etc....
Current Sprint, and sprint completion and other details from Jira.

I believe this will require a fix similar to https://github.com/badges/shields/issues/1757 and Pull Request: https://github.com/badges/shields/pull/2598

Thanks for helping

[calebcartwright]

I feel there's two parts to this question

The first is related to the Jira badges we currently support. One of the best ways to discover the available badges is to utilize the search feature on the Shields.io website (textbox at the top of the page)

A quick search shows that we already provide a sprint completion progress/status badge, as well as a status badge for a given issue:

If you'd like to request additional badges, please utilize the corresponding issue template with the relevant information so that a maintainer or member of our community could potentially work on adding the requested badge.

The second item is about utilizing Shields with private/non-internet facing content. The Shields.io service is the main public deployment of the Shield server which is developed/maintained in this repository, and the Shields.io service is able to provide badges for public tools/projects that are themselves public and internet facing. The Shields.io service cannot provide badges for tools that it cannot reach (non-internet facing) and/or that require project/user scoped authorization.

In order to utilize Shields to get badges for private/non-internet facing tools you'll need to deploy your own Shields server, and that process is documented here (I personally recommend using the Docker image).

Basically, you'll want to deploy your own self-hosted Shields server within your same private network and, if your Jira server requires authentication, configure your Shields deployment with your Jira auth information (https://github.com/badges/shields/blob/master/doc/server-secrets.md#jira)

[calebcartwright]

Going to go ahead and close as it feels the question has been answered, though please feel free to follow up with any additional questions!

[danielle]

Thanks @calebcartwright, though I'm still having some challenges. I'm running the local instance using Docker as suggested. However, We use SSO through MS Azure authentication (using Crowd to integrate into Atlassian - I believe), which is causing some issues getting the self-hosting instance working while trying to connect and authenticate to my internal instance. Any suggestions or samples of how to configures would be great. Also, willing to connect on a call if that would be helpful.

[chris48s]

The only auth method we currently implement for JIRA is HTTP basic auth

[calebcartwright]

However, We use SSO through MS Azure authentication (using Crowd to integrate into Atlassian - I believe), which is causing some issues getting the self-hosting instance working while trying to connect and authenticate to my internal instance

I've got a similar setup, though with LDAP/AD and not AAD. Chris is correct that we only support basic auth, but I think you should still be able to utilize basic auth even with AAD as the backing identity store by using the corresponding UPN and pass of an account in your directory. AFAIK Jira Server still doesn't support the ability to completely disable basic auth (for better or worse) so once you've identified an account that should be usable for authentication.

It might be best to start simple and try issuing the request to your Jira server using curl or an http client like Postman, while including the auth header with your corresponding user/pass.

The issue API could be used for the test https://{{your-jira-url}}/rest/api/2/issue/{{some-jira-issue-key-the-account-is-authorized-to-access}}

e.g. (note Apache have their instance behind an extra path) https://issues.apache.org/jira/rest/api/2/issue/KAFKA-2896

Also note that in the configuration for your self-hosted Shields server you'll need to specify the allowed/permitted Jira endpoints in addition to the corresponding creds (this is required so that Shields server admins can ensure that the configured Jira creds are only sent to known/validated Jira endpoints) https://github.com/badges/shields/blob/master/doc/server-secrets.md#authorized-origins

With the Docker container approach for self-hosting, you may find it easier to provide these values as environment variables so you could do something like this (assuming env vars set from command line):

-e JIRA_USER=... -e JIRA_PASS=... -e JIRA_ORIGINS=https://your-jira-server-domain

You could also set these in the config yaml file if you prefer, and would refer to the previously provided documentation for more detail

Finally, setting the TRACE_SERVICES environment variable to true will result in more detailed output being available that may help you track down any issues in your setup

[paulmelnikow]

Hi @danielle I thought I would ask if you were interested in some paid support getting this working. Let me know if you are and we could try to work something out. If not, no worries at all!