Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Getting confluence to SSO using windows authentication

Zak Crammond
Zak Crammond May 8, 2012

Confluence version: 3.5.2

Crowd is installed and configured to work with AD and confluence

My client is able to login to confluence using their AD username and password, and this is being authenticated via a Crowd server so SSO is acheivable within other applications, in this case a forum application.

The client wants their users to just login to the windows workstations and then not get prompted for a username or password when they access confluence for the first time.

Looking around it appears back in the day NTLM was the right method, and there was a plugin that would get it all working, however that plugin no longer works on this version of confluence (unrecognised plugin) and so I have been lead down the path to Kerberos.

EDIT: as a followup I have found this wiki but its pretty old, and a bit daunting: https://studio.plugins.atlassian.com/wiki/display/CRWIA/Windows+Integrated+Authentication+for+Crowd-enabled+Applications

Is there an easier method that I am clearly missing to get confluence to login as the locally logged in windows authenticated user?

Answer
Watch
Like Be the first to like this
7249 views

8 answers

1 accepted

5 votes
Answer accepted
Joe Clark
Joe Clark
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
June 18, 2012

There's a bunch of options:

1) Use Andy Brook's NTLM plugin - I don't know if he still maintains this or what its current status is.

2) An Atlassian partner, AppFusions, sells and supports a Kerberos authenticator for Confluence

3) Another Atlassian partner, TechTime, sells and supports an NTLM authenticator for Confluence

4) Follow the instructions on our SharePoint Connector documentation to setup an IIS reverse proxy for Confluence (note: this configuration is not supported by Atlassian unless you are using the SharePoint Connector).

View More Comments
Ellen Feaheny [
Ellen Feaheny [AppFusions]
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
October 14, 2014

Just as an update, given time since this was posted (and its now 10/14/2014). AppFusions also supports Kerberos for the entire Atlassian Suite (JIRA, Crowd, FishEye, Crucible, Bamboo) and SVN. Have not done Stash yet. We also have SSO authenticators for SAML2 (for example, SiteMinder, etc), OAuth2, and Google's latest Google+ protocol (next gen from their OpenID auth). info@appfusions.com for more info since some of these are a little complicated, but have the packaging down on these now to be pretty straight-forward/simple to deploy too.

Like
Reply
1 vote
Bruno Vincent
Bruno Vincent
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
August 18, 2015

Hi, Please check out our new add-on, Integrated Windows Authentication for Apps using Crowd (IWAAC) at https://marketplace.atlassian.com/plugins/com.cleito.iwaac

IWAAC uses SPNEGO/Kerberos to allow your Windows domain users to log into Jira, Confluence, Bamboo, Bitbucket Server, FishEye, Crucible or any other web app using Crowd as its user management system, without entering a password.

More commercial and technical details are available at https://www.cleito.com/products/iwaac/

Best regards,

Bruno

Reply
1 vote
John Burns4
John Burns
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
October 23, 2012

There is a new Kerberos SSO plugin for confluenece on the marketplace:

https://marketplace.atlassian.com/plugins/fi.polarshift.confluence.lib.kerberosLib

It has a free version and a paid version with extra features, as well as optional support available for purchase. I have not tried it yet, so I can't say how well it works.

Reply
0 votes
Lars Olav Velle
Lars Olav Velle
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
April 19, 2017

We (Kantega Single Sign-on) have a Kerberos & SAML plugin for all the Atlassian products except for Crowd and Hipchat. 

Both Kerberos and SAML may be configured using a setup wizard, and is very easy to cofigure.

https://marketplace.atlassian.com/search?query=kantega

 

Reply
0 votes
Dana Johnson
Dana Johnson December 16, 2015

Bruno, does it work with HipChat also?

 

View More Comments
Bruno Vincent
Bruno Vincent
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
December 16, 2015

Hi Dana, Unfortunately as of today it does not. IWAAC relies on Crowd SSO and as far as I know Hipchat can only be integrated with Crowd for user management and authentication and not for SSO (see https://confluence.atlassian.com/display/CROWD/Integrating+Crowd+with+Atlassian+HipChat) If Atlassian provided integration for SSO as well, we would obviously consider adding Hipchat support to our add-on. Best regards, Bruno

Like
Reply
0 votes
TechTime Initiative Group
TechTime Initiative Group June 18, 2013

As already mentioned above by Joseph Clark:

Our NTLM Authenticators for Jira and Confluence support the latest versions of both applications.

TechTime Initiative Group, an Atlassian Expert in New Zealand has been providing a solution to do NTLM authentication (a.k.a auto-login or SSO in Windows environment) with Confluence and Jira for over 5 years.

We have over 40 customers successfully using this solution in New Zealand, Australia, Switzerland, Finland, Norway, Sweeden, France, Germany, Netherlands, Slovenia, Czech Republic, Turkey, Russia, Latvia, the UK and the USA both in NTLMv2 and NTLMv1 environments.

The NTLM Authenticator is delivered as a jar file and instructions how to deploy it to Atlassian Jira and/or Confluence to work in conjunction with IOPlex Jespa to perform NLTM authentication in Windows environment.

The cost is one-off NZ$150 (plus fees for Jespa license payable to IOPlex). We do sell bundles that include IOPlex Jespa license.

If you need it, the trial version is available from our TurningRight website.

Reply
0 votes
CharlesH1
CharlesH
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
June 19, 2012
Adaptavist also offer a SSO plugin. It might not be a complete solution on it's own. I used it in the past to set up a Confluence session on behalf of a user with a current session in a legacy system. It worked very well.
Reply
0 votes
zak crammond1
zak crammond June 18, 2012

Thanks Joseph, we have exhausted all avenues on the NTLM plugin as it appeared to work back in 2008, doesnt fare so well in todays versions.

AppFusions and TechTime are possible options however not necessarily the solution we were looking for. as an FYI on anyone else attempting to do this, get ready for a very rocky road!!

View More Comments
Ellen Feaheny [
Ellen Feaheny [AppFusions]
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
August 1, 2012

Hello ZeD -

Not sure what you heard or why your thoughts - but from your description, the AppFusions solution solves the problem/use case scenario exactly as you describe.

Also can share many referrals if you need it - that are happily running our solution now (large, small, simple, and complicated networks)

Our solution is not a rocky road at all - yet we also manage it out the door with service to ensure it is not a rocky road. We've deployed it dozens of times with success, all flavors of Atlassian software.

Happy to deploy it for your Crowd server too.

Best,

Ellen

ellen@appfusions.com

Like
Reply

Suggest an answer

Log in or Sign up to answer
Confluence
Confluence
TAGS
AUG Leaders

Atlassian Community Events

    See all events