Use login form for Jira even when SAML auth is primary
If you use SAML authentication as primary auth for Jira, but it malfunctions, you can still get in with a local account. Use this URL: https://jira.example.com/login.jsp?auth_fallback. The auth_fallback parameter will skip the redirection for unauthenticated users.
How to enable this feature
You have to tell Jira to listen for this parameter. Hit this REST endpoint:
curl -vvv -X PUT https://jira.example.com/rest/authconfig/1.0/sso -H 'Content-Type: application/json' -d '{"allow-redirect-override": true}' -u 'internalapplications'
You can also append a colon and the password in the -u parameter.
Bonus content
Use the Announcement banner for a "Login with SSO" button, and even a redirection to the login form, if the user visits anything other than the login page while unauthenticated.
<script>
if(jQuery('#header-details-user-fullname').text().indexOf(" ")==-1 && window.location.href.indexOf("login.jsp")==-1)
{ window.location = "/login.jsp" }
if(window.location.href.indexOf("login.jsp") != -1) {
jQuery(document).ready(function(){
jQuery( "<a class='aui-button aui-button-primary' href='/plugins/servlet/external-login' id='SSOLogin' target='_parent' resolved=''>Use SSO Login</a>" ).insertAfter( '#login-form-submit' );
});
}
</script>
References
Weblinks
-
Bypass SAML authentication for Jira Data Center - Atlassian Documentation refers to a command that is not valid for Jira Software 8.7.1.
curl -vvv -XPUT /rest/authconfig/1.0/saml -H 'Content-Type: application/json' -d '{"allow-saml-redirect-override": true}' -u admin_username
Other
Original research with REST API browser
Comments