This project impements a set of plugins for authenticating users through Cloudflare Access on Atlassian products.
Currently supported products are:
This instructions applies to all supported Atlassian products, installed locally.
If you are using Application Links like JIRA + Bitbucket or JIRA + Confluence, you need to setup the Bypassing Reverse Proxy applications link layout.
Symptoms:
Cause:
Solution:
Restart the application with cloudflareAccessPlugin.filters.disabled
flag set to true
and verify the plugin configuration against Cloudflare Access configuration.
To change the flag include the following in your system JAVA_OPTS
environment variable:
-DcloudflareAccessPlugin.filters.disabled=true
After updating your system JAVA_OPTS
restart the Atlassian application, you will be able to login with your application credentials and verify the configuration.
After verifying the configuration you should remove the flag and restart the application.
Symptoms:
Cause:
Most likely you have a reverse proxy in front of the applicatio with a small limit for uploading files.
Solution:
Check the browser network panel while uploading the plugin looking for 4xx
HTTP errors.
If you see a HTTP 413
, you need to increase the upload file size limit on your reverse proxy.
For NGINX see this.
Symptoms:
Cause:
JIRA requests some URL internally through HTTP. Using Access this requests will require authentication but JIRA does not provide any means of passing authentication for this requests.
Solution:
Go to your Cloudflare Access configuration and create a policy to bypass requests containing /rest/gadgets/
, example:
If your main policy path is
/jira
you should create a new one setting the path as/jira/rest/gadgets/
and containing a bypass policy for everyone.
Symptoms:
Cause:
Very likelly the macros plugin was unable to load the proper message bundles and cached the texts with placeholders.
Solution:
Symptoms:
2015-09-01 17:25:46.530585500 2015-09-01 07:25:46,530 ajp-nio-127.0.0.104-8009-exec-23 WARN anonymous 1045x1465x1 sibktb 127.0.0.1 /rest/auth/latest/session [c.a.p.r.c.security.jersey.XsrfResourceFilter] Additional XSRF checks failed for request: https://example.domain/rest/auth/latest/session , origin: https://another-origin.domain , referrer: null , credentials in request: true , allowed via CORS: false}}
Cause:
REST calls are protected against Cross Site Request Forgery (CSRF) and as requests are proxied through Cloudflare, the REST calls will fail with similar messages on Atlassian products.
Solution:
Please refer to the following links for more details and how to fix this problem on your server:
The atlas-run
command currently is not copying the scheme defined on the base Tomcat when starting the application.
The solution is to configure the local proxy (Nginx/Apache) to set the Origin
header with a URL like http://<Your testing domain>
Also this leads to other CSRF checks where content is not returned, in that case is best to install and manage the Atlassian product manually.
Install the Atlassian SDK following instructions on Set up the Atlassian Plugin SDK and build a project.
To build the modules common
and base-plugin
:
atlas-mvn clean package -PnoProduct
To build all modules:
atlas-mvn clean package
The images below are available on Docker hub for development and testing.
These images are configured to:
These images do not have the plugin installed, it should be installed/updated after starting them.
I recommend having a reverse proxy in front of the Atlassian containers, with distinct paths forwarding to JIRA, Confluence and Bitbucket.
```
server {
listen 80 default_server;
server_name