super-productivity
super-productivity copied to clipboard
johannesjo
Support of client certificates for JIRA integration
Problem Statement
Setting up "JIRA integration" fails when the JIRA instance requires a client certificate to establish the TLS connection to the JIRA instance.
:grey_question: Possible Solution
Offering the option to specify a client certificate when setting up the JIRA integration (and make use of it) would probably help.
:arrow_heading_up: Describe alternatives you've considered
I am not allowed to proxy or circumvent this security measure by any means so even if there would be an alternative approach I would not be allowed to make use of it.
:heavy_plus_sign: Additional context
It is a corporate instance so that's why it is so locked down.
error log
10:32:35.341 › Frontend Error: {
HANDLED_ERROR_PROP: {
HANDLED_ERROR_PROP: 'Jira: request to https://<censored>.com/rest/api/latest/myself failed, reason: write EPROTO 67430987123136:error:10000410:SSL routines:OPENSSL_internal:SSLV3_ALERT_HANDSHAKE_FAILURE:../../third_party/boringssl/src/ssl/tls_record.cc:592:SSL alert number 40\n'
}
} null
Thank you very much for opening up this issue! I am currently a bit overwhelmed by the many requests that arrive each week, so please forgive me, if I fail to respond personally. I am still very likely to at least skim read your request and I'll probably try to fix all (real) bugs if possible and I will likely review every single PR being made (please, give me a heads up if you intent to do so) and I will try to work on popular requests (please upvote via thumbs up on the original issue) whenever possible, but trying to respond to every single issue over the last years has been kind of draining and I need to adjust my approach for this project to remain fun for me and to make any progress with actually coding new stuff. Thanks for your understanding!
![github-actions[bot] avatar](https://avatars.githubusercontent.com/in/15368?v=4 "Published by a pub.dev verified publisher"){kind=small}
Hello there digitalkram! 👋
Thank you and congratulations 🎉 for opening your very first issue in this project! 💖
In case you want to claim this issue, please comment down below! We will try to get back to you as soon as we can. 👀
For more open ended discussions and/or specific questions, please visit the discussions page. 💖
Thank you for your request. This is probably a tough one to implement due to how different platforms handle certificates and private keys. The latter also makes this a sensitive topic.
For your specific use case, can you provide more detail around how the certificate is usually handled? Is my assumption correct that this is a personal certificate that not only establishes a secure connection but also authenticates you as a user?
Are you provided with a pfx or pem file for you to install the certificate yourself wherever you want? Or does your certificate come preinstalled with your browser? Or is the certificate in the operating system's keystore?
@Jagdfalke Thanks a lot for taking the time to comment in detail. That's very much appreciated 😊
At least for the way it is handled in my scenario the target platform (as in jira, github (enterprise), etc.) does not matter. It is indeed a personal certificate but this is only used for the tls connection. Authentication with JIRA is totally independent and in my case implented by a (proprietary) oidc-compatible idp that is used across a wide range of applications throughout the company.
The certificate comes pre-installed in the OS keystore and the Firefox keystore. However we can download a pfx as well that I previously used to import it to other devices and a jvm keystore (for some Java-based applications that need to access jira).
@digitalkram Thank you for your feedback and the details you have provided.
To be honest, this is a niche requirement at the moment. So it is unlikely to happen very soon unless someone is willing to tackle it. So help is very welcome! 🙂
This issue has not received any updates in 90 days. Please comment, if this still relevant!