Hi all,

I am writing a ScriptRunner listener to update an attribute on an issue if the issue is modified.  The attribute can't be set using the standard setCustomFieldValue function because the attribute is coming from a plugin and is a weird type.  And the plugin isn't exposing the classes I need to create a native object of that type.

So I am using the REST API to set the value.  I can run the command from curl and postman and it works fine:

curl -D- -X PUT -H "Content-Type: application/json" -H "sm_universalid: adminacct" --data "{ \"fields\": { \"customfield_20001\":\"JT-600\" } }" https://server.company.com:8443/rest/api/latest/issue/JT-601

We have SiteMinder in front so I have a custom authenticator which grabs sm_universalid from the header and looks for the user in Jira.  If sm_universalid is 'adminacct', I create a Jira session for that user (if one is not found) and let the call go through (my backdoor, used mostly so that I can access Jira directly on the app server and bypass our Apache frontend and SiteMinder!).  This is why I don't need to pass any authentication in the curl call.  I can put together the same call in postman, and it sets the attribute correctly.

However, trying to make the REST API call in the ScriptRunner listener always fails with a 403 error.  I've tried using RESTClient and making a curl call directly, with

def response = ["curl", "-k", "-D-", "-X", "PUT", "-H", "Content-Type: application/json", "-H", "sm_universalid: adminacct", "--data", jsonStr, fullAddress].execute().text

where 'jsonStr' is {"fields": {"customfield_20001":"JT-600"}} and 'fullAddress' is the URL for example.  And I can't get by the 403 error.  I can see in the log file that I correctly create the user's Jira session and pass the call along, just like when I use curl or postman directly.  But I still always get a 403.

Any help would be appreciated.

Thanks,

-Greg