lastpass / jira-saml Goto Github PK

According to the SAML specification it's not mandatory to have the "SessionOnOrAfter" attribute within the "AuthnStatement" though the plugin code checks for that. Add it by modifying the buildSAMLAssertion method in ResponseBuilder class.

java.lang.NullPointerException
org.opensaml.xml.signature.SignatureValidator.buildSignature(SignatureValidator.java:92)
org.opensaml.xml.signature.SignatureValidator.validate(SignatureValidator.java:56)
com.lastpass.saml.SAMLClient.validate(SAMLClient.java:171)
com.lastpass.saml.SAMLClient.validateResponse(SAMLClient.java:429)
com.lastpass.jira.SAMLAuthenticator.getUser(SAMLAuthenticator.java:195)

Not sure what to do with jira.home.dir

Any chance this can be added to Jira addon directory?

Hello. Are there any plans to make an installer available for JIRA users that self-host on Windows? Perhaps a powershell script?

Thanks, Andrew.

The SSO URL constructor assumes the SSO base URL has no query. Patch below:

diff --git a/src/com/lastpass/jira/SAMLAuthenticator.java b/src/com/lastpass/jira/SAMLAuthenticator.java
index d2aa6ee..251deb5 100644
--- a/src/com/lastpass/jira/SAMLAuthenticator.java
+++ b/src/com/lastpass/jira/SAMLAuthenticator.java
@@ -128,8 +128,11 @@ public class SAMLAuthenticator extends JiraSeraphAuthenticator
         try {
             String authrequest = client.generateAuthnRequest(requestId);
             String url = client.getIdPConfig().getLoginUrl();
-            url = url +
-                "?SAMLRequest=" + URLEncoder.encode(authrequest, "UTF-8");
+            String sep = "?";
+            if (url.indexOf("?") > -1)
+                sep = "&";
+            url = url + sep +
+                "SAMLRequest=" + URLEncoder.encode(authrequest, "UTF-8");

             if (relayState != null)
                 url += "&RelayState=" + URLEncoder.encode(relayState, "UTF-8");

Hi.,

After install the plugin we are getting an issue when try to access to the ServiceDesk direct link when the user is not logged:

404null for uri: http://jira.example.com/rest/servicedesk/1/saml_login.jsp?os_destination=%2Fservicedesk%2Fcustomer%2Fportals

If the user is logged then everything is OK.

Regards

It appears SAMLAuthenticator.generatePassword(int) does not use the same probability for all chars:

There are 72 chars but a char is picked using effectively random(0, 255) % 72. Therefore the first 40 (= 256 % 72) chars are picked with a probability of 4/7, while the remaining 32 chars are picked with a probability of 3/7.

Though this is likely not that dramatic.