| Expand |
|---|
| title | Show Page Tree structure |
|---|
|
|
Kantega SSO Enterprise allows you to authenticate REST clients with Kerberos. The feature is disabled by default as it can interfere with existing integration. Note that you can specify URL paths, IP ranges and user agents to restrict Kerberos from triggering in unwanted situations.
...
| Code Block |
|---|
|
# remove# Insert your Jira instance URL and ticket ID
$instanceUrl = "" # Example: "https://jira-dev.example.com"
$ticketId = "" # Example: "TEST-1"
# Login page URL
$loginUrl = "$instanceUrl/login.jsp"
# REST resource URL
$restResource = "$instanceUrl/rest/api/2/issue/$ticketId"
# User-Agent
$useragent = "Windows NT"
# Remove all existing kerberos tickets. This is done just to illustrate
# how the Invoke-WebRequest below requests a Kerberos ticket from AD
klist purge
# listList all existing Kerberos tickets for this user. This should now be none.
klist
# loginGet pagea URLvalid $loginUrlweb = "https://confluence.example.com/login.action"
# rest resource URL
$restResource = "https://confluence.example.com/rest/api/content/38109187"
# User-Agent
$useragent = "Windows NT"
# Get a valid web sessionsession and print only the status code
$response = Invoke-WebRequest -UseDefaultCredentials -Uri $loginUrl -UserAgent $useragent -SessionVariable websession
Write-Output $response.StatusCode
# Invoke the REST request
Invoke-RestMethod -Method GET -Uri $restResource -UserAgent $useragent -WebSession $websession
# listList all existing Kerberos tickets for this user which now should be
# typically two that were created if the Invoke-WebRequest worked
klist
|
Python
| Code Block |
|---|
|
import requests
from requests_kerberos import HTTPKerberosAuth, OPTIONAL
def test_kerberos_auth_with_python(base_url: str, issue_id: str):
endpoint = f"https://{base_url}/rest/api/2/issue/{issue_id}"
# Send the request
response = requests.get(endpoint, auth=HTTPKerberosAuth(mutual_authentication=OPTIONAL), verify=False)
# Print the response
if response.status_code == 200:
print(f"Success: {response.status_code}")
print(f"Response: {response.content}")
else:
print(f"Failed: {response.status_code}")
print(f"Response: {response.text}")
# Insert your Jira instance URL and issue ID
instance_url = "" # Example: "https://jira-dev.example.com"
issue_id = "" # Example: "TEST-1"
test_kerberos_auth_with_python(instance_url, issue_id) |
...
| Code Block |
|---|
|
using System.Net;
using System.Net.Http;
using System.Security.Cryptography.X509Certificates;
using System.Net.Security;
using RestSharp;
class Program {
static void getJiraTicket(string instanceUrl, string ticketId) {
var handler = new HttpClientHandler {
// Uncomment the line below if the Jira instance is using a self-signed certificate
// ServerCertificateCustomValidationCallback = (message, cert, chain, errors) => true,
UseDefaultCredentials = true
};
var options = new RestClientOptions(instanceUrl + "/rest/api/") {
ConfigureMessageHandler = _ => handler,
Credentials = CredentialCache.DefaultCredentials
};
RestClient Client = new RestClient(options);
var request = new RestRequest("2/issue/" + ticketId);
var response = Client.Execute(request);
if(response.StatusCode != HttpStatusCode.OK) {
Console.WriteLine("Error: " + response.StatusCode);
Console.WriteLine("ErrorMessage: " + response.ErrorMessage);
Console.WriteLine("ErrorException: " + response.ErrorException);
return;
}
else {
Console.WriteLine("Success: " + response.StatusCode);
Console.WriteLine("Content: " + response.Content);
}
}
static void Main(string[] args) {
// Replace the values below with your Jira instance URL and ticket ID
string instanceUrl = ""; // Example: "https://jira-dev.example.com"
string ticketId = ""; // Example: "TEST-1"
getJiraTicket(instanceUrl, ticketId);
}
} |