It's not the same without you

Join the community to find out what other Atlassian users are discussing, debating and creating.

Atlassian Community Hero Image Collage

Apply restriction on confluence wiki usage Edited

Product Team May 10, 2019

Hello There

We are using confluence wiki via our application.

We had given 'View' permission to 'Anonymous' under Anonymous Access. Now we do not want our wiki spaces to be public and accessible by anyone outside the domain.

To restrict this we have removed all the permissions under Anonymous Access. Now we have a situation where nobody is able to access without login.

The requirement here is to disable all permissions under Anonymous Access and:

.To access the confluence wiki space via our application (hosted on our cloud) without any authentication

.Confluence wiki should ask for credential if the wiki URL is accessed from anywhere else and only our confluence-users should be able to log in.

2 answers

1 accepted

0 votes
Answer accepted
Nic Brough [Adaptavist] Community Leader May 10, 2019

Confluence can't do this, it does not have any functions that track access points through networks.

>To access the confluence wiki space via our application (hosted on our cloud) without any authentication

That could be done if your application can be written to either pass authentication into Confluence, or, probably better and easier, use SSO (so that when someone logs into the app, Confluence can use the same session to work out who the user is).

>Confluence wiki should ask for credential if the wiki URL is accessed from anywhere else

This is something your network or SSO solution will need to do.  Confluence doesn't care where someone is trying to log in from, so you will need to do something before the connection gets to it.

Product Team May 12, 2019

Hello Nic,

Thank you for the input. Need your help on below

  1. How to pass authentication to Confluence from a web application? There was a mechanism that we used earlier “os_username” and “os_password” which seems to be decommissioned by Atlassian. Is there any mechanism to do authentication using javascript considering ours’s a web application and not a rest based client application?

     2. How to integrate web application with Confluence using SSO? If you can share documentation that would be great.

0 votes
Kalpesh Hiran May 13, 2019 • edited

Hi,

This is possible and miniOrange has done similar deployment earlier.

When you say "Confluence should be accessed only via your application", do you want to allow access to only logged in user into your cloud application or any Anonymous user who clicks on Confluence link can have access?

Based on that there can be 2 possible solutions.

Case 1: Allow access to only logged in users in your cloud-hosted application
This can be done with SSO. We can provide you with sample code to create SSO links which you can add on your cloud application. When the user clicks on a link, user will get access to Confluence. If you prefer this solution, do you want to have user accounts created in Confluence or not (Anonymous access)?

Case 2: Allow access to Anonymous user coming from your cloud-hosted application
This can be done with detecting the referring website and allow access to all subsequent access if the referring site is your cloud-hosted application. This solution won't require any change in your cloud application.

Let me know if you need more details, would be happy to answer that.

Product Team May 13, 2019

Hello Kalpesh,

Please find my comments against your points:

 

When you say "Confluence should be accessed only via your application", do you want to allow access to only logged in user into your cloud application or any Anonymous user who clicks on Confluence link can have access? Yes, we want to allow access to only logged in users into our cloud application, however, the link should be accessible to those too, who have confluence login credential (few of the admins and power users). And, not anonymous user access who can access the confluence by clicking on the link.

 

Case 1: Allow access to only logged in users in your cloud-hosted application
This can be done with SSO. We can provide you with sample code to create SSO links which you can add on your cloud application. When the user clicks on a link, the user will get access to Confluence. If you prefer this solution, do you want to have user accounts created in Confluence or not (Anonymous access)? We would prefer this solution however do not want confluence user accounts created (as we have thousands of users)

Case 2: Allow access to Anonymous user coming from your cloud-hosted application
This can be done with detecting the referring website and allow access to all subsequent access if the referring site is your cloud-hosted application. This solution won't require any change in your cloud application.This looks good for us. Any documents on this would be very helpful and much appreciated.

Kalpesh Hiran May 13, 2019

Hi,

As you said "allow access to only logged in users into your cloud app", case 1 solution we mentioned above will work for you.

Can you confirm if it is possible to add changes in your cloud application so that you can create SSO link (which will include an SSO token) in a format we will provide? And which programming language you have used to build your application?

On Confluence instance we can install our plugin which will validate the SSO token and give access to the user. Also, we won't be creating users in Confluence as you do not want to have a user account created.

If you can email us at info@miniorange.com, I can provide you with more details for the solution.

Product Team May 15, 2019

Hello Kalpesh,

I understand we are talking business here which involves services and charges.

Can I have your direct contact details so that our architect team, along with me, can join the discussion? (maybe skype id or contact number..)

PS: Our's is a web-based application hosted on our cloud and not a mobile app. :)

BR

Prem

Kalpesh Hiran May 15, 2019

Hi Prem,

I will share the details on email.

Suggest an answer

Log in or Sign up to answer
This widget could not be displayed.
This widget could not be displayed.
Community showcase
Published in Confluence

Confluence CVEs and common questions

Two vulnerabilities have been published for Confluence Server and Data Center recently: March 20, 2019 CVE-2019-3395 / CVE-2019-3396 April 17, 2019 CVE-2019-3398 The goal of this article is...

959 views 0 19
Read article

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you