Configuring an Atlassian Jira Software V2 Security Provider
Note: You can get familiar with how Coveo components deal with permissions on documents
both at indexing and query time
To configure a Jira Software V2 security provider
-
On the Coveo server, access the Administration Tool (see Opening the Administration Tool).
-
Select Configuration > Security.
-
In the navigation panel on the left, click Security Providers.
-
In the Security Providers page, click Add to create a new security provider.
-
In the Modify Security Provider page:
-
Configure the following required parameters:
-
Name
-
Choose a significant name to identify the security provider.
Example: Jira Software V2 Security Provider
-
Security Provider Type
-
Select Jira v2 (x64).
-
User Identity
-
Select the Jira Software V2 user identity that you created previously
-
Jira Web Service URL
-
Enter the address of your Jira Software (self-hosted) server. This should be the same address as the one you will also enter in the Addresses parameter of your source (see Configuring and Indexing an Atlassian Jira Software V2 Source). Enter your Jira Software server URL in the following format:
http://[JiraSoftwareServer]:[port]
Examples: http://jira.mycompany.com:8080
-
Security Provider
-
Select another security provider to allow the Jira Software security provider to map Jira Software accounts to another user type with which people are authenticated when they perform a search:
-
When the Jira Software LDAP is synchronized with an Active Directory, select the out-of-the-box Active Directory security provider to map Jira Software users to AD users.
-
CES 7.0.7814+ (August 2015) When an email is defined for all users in Jira Software and they are authenticated with this email when they perform a search in your CES search interface, select the Email security provider you previously created (see Atlassian Jira Software V2 Connector Deployment Overview).
Note: CES 7.0.7711– (June 2015) If your Jira and AD user names do not match, contact Coveo Support for assistance with other methods to map users.
-
-
-
CES 7.0.8541+ (September 2016) (Optional) Select the Expand 'any logged in user' Virtual Group check box when you want the any logged in user virtual group to contain all your Jira Software users.
Notes:
-
Inactive users are not expanded even when the option is selected.
-
By default, the any logged in user virtual group only contains the Jira Software users seen by the Coveo security provider.
-
-
(Optional) In the Parameters section, click Add Parameter and then use the following hidden parameters when you want to use Kerberos authentication:
UseKerberosAuthentication CES 7.0.7711+ (June 2015)
Whether to use Kerberos authentication. The default value is false. Set it to true when crawling a Kerberos setup.
ServicePrincipalNames CES 7.0.7711+ (June 2015)
The custom server principal name (SPN) to use with the Kerberos authentication. The SPN is almost always in the following format: HTTP/server.name@server.domain. If the domain name is not contained in the SPN, the connector uses the user domain, which may be wrong. Use this parameter when the crawling user identity used is not on the same domain as the Jira Software server.
Example: You use user@domain.com as the user identity to crawl http://jira.dev.domain.com.
Notes:
-
This parameter is only used when the UseKerberosAuthentication parameter value is true.
-
Make sure the user identity exists in both Jira Software and AD.
-
When you get the following error:
The Kerberos Authentication failed for user 'userIdentity' with the SPN 'HTTP/ServerName'.
it means the user identity and/or the SPN are wrong.
-
Leave the Allow Complex Identities cleared as it does not apply to this type of security provider.
-
Click Apply Changes.
-
What's Next?
Configure and index a Jira Software V2 source (see Configuring and Indexing an Atlassian Jira Software V2 Source).