Getting confluence to SSO using windows authentication

Confluence version: 3.5.2

Crowd is installed and configured to work with AD and confluence

My client is able to login to confluence using their AD username and password, and this is being authenticated via a Crowd server so SSO is acheivable within other applications, in this case a forum application.

The client wants their users to just login to the windows workstations and then not get prompted for a username or password when they access confluence for the first time.

Looking around it appears back in the day NTLM was the right method, and there was a plugin that would get it all working, however that plugin no longer works on this version of confluence (unrecognised plugin) and so I have been lead down the path to Kerberos.

EDIT: as a followup I have found this wiki but its pretty old, and a bit daunting: https://studio.plugins.atlassian.com/wiki/display/CRWIA/Windows+Integrated+Authentication+for+Crowd-enabled+Applications

Is there an easier method that I am clearly missing to get confluence to login as the locally logged in windows authenticated user?

8 answers

1 accepted

Accepted Answer
5 votes
Joe Clark Atlassian Team Jun 18, 2012

There's a bunch of options:

1) Use Andy Brook's NTLM plugin - I don't know if he still maintains this or what its current status is.

2) An Atlassian partner, AppFusions, sells and supports a Kerberos authenticator for Confluence

3) Another Atlassian partner, TechTime, sells and supports an NTLM authenticator for Confluence

4) Follow the instructions on our SharePoint Connector documentation to setup an IIS reverse proxy for Confluence (note: this configuration is not supported by Atlassian unless you are using the SharePoint Connector).

Just as an update, given time since this was posted (and its now 10/14/2014). AppFusions also supports Kerberos for the entire Atlassian Suite (JIRA, Crowd, FishEye, Crucible, Bamboo) and SVN. Have not done Stash yet. We also have SSO authenticators for SAML2 (for example, SiteMinder, etc), OAuth2, and Google's latest Google+ protocol (next gen from their OpenID auth). info@appfusions.com for more info since some of these are a little complicated, but have the packaging down on these now to be pretty straight-forward/simple to deploy too.

There is a new Kerberos SSO plugin for confluenece on the marketplace:

https://marketplace.atlassian.com/plugins/fi.polarshift.confluence.lib.kerberosLib

It has a free version and a paid version with extra features, as well as optional support available for purchase. I have not tried it yet, so I can't say how well it works.

1 vote
Bruno Vincent Community Champion Aug 18, 2015

Hi, Please check out our new add-on, Integrated Windows Authentication for Apps using Crowd (IWAAC) at https://marketplace.atlassian.com/plugins/com.cleito.iwaac

IWAAC uses SPNEGO/Kerberos to allow your Windows domain users to log into Jira, Confluence, Bamboo, Bitbucket Server, FishEye, Crucible or any other web app using Crowd as its user management system, without entering a password.

More commercial and technical details are available at https://www.cleito.com/products/iwaac/

Best regards,

Bruno

Thanks Joseph, we have exhausted all avenues on the NTLM plugin as it appeared to work back in 2008, doesnt fare so well in todays versions.

AppFusions and TechTime are possible options however not necessarily the solution we were looking for. as an FYI on anyone else attempting to do this, get ready for a very rocky road!!

Hello ZeD -

Not sure what you heard or why your thoughts - but from your description, the AppFusions solution solves the problem/use case scenario exactly as you describe.

Also can share many referrals if you need it - that are happily running our solution now (large, small, simple, and complicated networks)

Our solution is not a rocky road at all - yet we also manage it out the door with service to ensure it is not a rocky road. We've deployed it dozens of times with success, all flavors of Atlassian software.

Happy to deploy it for your Crowd server too.

Best,

Ellen

ellen@appfusions.com

Adaptavist also offer a SSO plugin. It might not be a complete solution on it's own. I used it in the past to set up a Confluence session on behalf of a user with a current session in a legacy system. It worked very well.

As already mentioned above by Joseph Clark:

Our NTLM Authenticators for Jira and Confluence support the latest versions of both applications.

TechTime Initiative Group, an Atlassian Expert in New Zealand has been providing a solution to do NTLM authentication (a.k.a auto-login or SSO in Windows environment) with Confluence and Jira for over 5 years.

We have over 40 customers successfully using this solution in New Zealand, Australia, Switzerland, Finland, Norway, Sweeden, France, Germany, Netherlands, Slovenia, Czech Republic, Turkey, Russia, Latvia, the UK and the USA both in NTLMv2 and NTLMv1 environments.

The NTLM Authenticator is delivered as a jar file and instructions how to deploy it to Atlassian Jira and/or Confluence to work in conjunction with IOPlex Jespa to perform NLTM authentication in Windows environment.

The cost is one-off NZ$150 (plus fees for Jespa license payable to IOPlex). We do sell bundles that include IOPlex Jespa license.

If you need it, the trial version is available from our TurningRight website.

Bruno, does it work with HipChat also?

 

Bruno Vincent Community Champion Dec 16, 2015

Hi Dana, Unfortunately as of today it does not. IWAAC relies on Crowd SSO and as far as I know Hipchat can only be integrated with Crowd for user management and authentication and not for SSO (see https://confluence.atlassian.com/display/CROWD/Integrating+Crowd+with+Atlassian+HipChat) If Atlassian provided integration for SSO as well, we would obviously consider adding Hipchat support to our add-on. Best regards, Bruno

We (Kantega Single Sign-on) have a Kerberos & SAML plugin for all the Atlassian products except for Crowd and Hipchat. 

Both Kerberos and SAML may be configured using a setup wizard, and is very easy to cofigure.

https://marketplace.atlassian.com/search?query=kantega

 

Suggest an answer

Log in or Sign up to answer
Community showcase
Posted Oct 11, 2018 in Confluence

What are your project planning tips?

Hello Community,  Jessica here from the Confluence product marketing team! Today I wanted to get your takes on project planning –– what works, what doesn’t, how do you know if you’re doing it r...

261 views 1 4
Join discussion

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you