Confluence version: 3.5.2
Crowd is installed and configured to work with AD and confluence
My client is able to login to confluence using their AD username and password, and this is being authenticated via a Crowd server so SSO is acheivable within other applications, in this case a forum application.
The client wants their users to just login to the windows workstations and then not get prompted for a username or password when they access confluence for the first time.
Looking around it appears back in the day NTLM was the right method, and there was a plugin that would get it all working, however that plugin no longer works on this version of confluence (unrecognised plugin) and so I have been lead down the path to Kerberos.
EDIT: as a followup I have found this wiki but its pretty old, and a bit daunting: https://studio.plugins.atlassian.com/wiki/display/CRWIA/Windows+Integrated+Authentication+for+Crowd-enabled+Applications
Is there an easier method that I am clearly missing to get confluence to login as the locally logged in windows authenticated user?
There's a bunch of options:
1) Use Andy Brook's NTLM plugin - I don't know if he still maintains this or what its current status is.
2) An Atlassian partner, AppFusions, sells and supports a Kerberos authenticator for Confluence
3) Another Atlassian partner, TechTime, sells and supports an NTLM authenticator for Confluence
4) Follow the instructions on our SharePoint Connector documentation to setup an IIS reverse proxy for Confluence (note: this configuration is not supported by Atlassian unless you are using the SharePoint Connector).
Just as an update, given time since this was posted (and its now 10/14/2014). AppFusions also supports Kerberos for the entire Atlassian Suite (JIRA, Crowd, FishEye, Crucible, Bamboo) and SVN. Have not done Stash yet. We also have SSO authenticators for SAML2 (for example, SiteMinder, etc), OAuth2, and Google's latest Google+ protocol (next gen from their OpenID auth). firstname.lastname@example.org for more info since some of these are a little complicated, but have the packaging down on these now to be pretty straight-forward/simple to deploy too.
There is a new Kerberos SSO plugin for confluenece on the marketplace:
It has a free version and a paid version with extra features, as well as optional support available for purchase. I have not tried it yet, so I can't say how well it works.
Hi, Please check out our new add-on, Integrated Windows Authentication for Apps using Crowd (IWAAC) at https://marketplace.atlassian.com/plugins/com.cleito.iwaac
IWAAC uses SPNEGO/Kerberos to allow your Windows domain users to log into Jira, Confluence, Bamboo, Bitbucket Server, FishEye, Crucible or any other web app using Crowd as its user management system, without entering a password.
More commercial and technical details are available at https://www.cleito.com/products/iwaac/
Thanks Joseph, we have exhausted all avenues on the NTLM plugin as it appeared to work back in 2008, doesnt fare so well in todays versions.
AppFusions and TechTime are possible options however not necessarily the solution we were looking for. as an FYI on anyone else attempting to do this, get ready for a very rocky road!!
Hello ZeD -
Not sure what you heard or why your thoughts - but from your description, the AppFusions solution solves the problem/use case scenario exactly as you describe.
Also can share many referrals if you need it - that are happily running our solution now (large, small, simple, and complicated networks)
Our solution is not a rocky road at all - yet we also manage it out the door with service to ensure it is not a rocky road. We've deployed it dozens of times with success, all flavors of Atlassian software.
Happy to deploy it for your Crowd server too.
As already mentioned above by Joseph Clark:
Our NTLM Authenticators for Jira and Confluence support the latest versions of both applications.
TechTime Initiative Group, an Atlassian Expert in New Zealand has been providing a solution to do NTLM authentication (a.k.a auto-login or SSO in Windows environment) with Confluence and Jira for over 5 years.
We have over 40 customers successfully using this solution in New Zealand, Australia, Switzerland, Finland, Norway, Sweeden, France, Germany, Netherlands, Slovenia, Czech Republic, Turkey, Russia, Latvia, the UK and the USA both in NTLMv2 and NTLMv1 environments.
The NTLM Authenticator is delivered as a jar file and instructions how to deploy it to Atlassian Jira and/or Confluence to work in conjunction with IOPlex Jespa to perform NLTM authentication in Windows environment.
The cost is one-off NZ$150 (plus fees for Jespa license payable to IOPlex). We do sell bundles that include IOPlex Jespa license.
If you need it, the trial version is available from our TurningRight website.
Hi Dana, Unfortunately as of today it does not. IWAAC relies on Crowd SSO and as far as I know Hipchat can only be integrated with Crowd for user management and authentication and not for SSO (see https://confluence.atlassian.com/display/CROWD/Integrating+Crowd+with+Atlassian+HipChat) If Atlassian provided integration for SSO as well, we would obviously consider adding Hipchat support to our add-on. Best regards, Bruno
We (Kantega Single Sign-on) have a Kerberos & SAML plugin for all the Atlassian products except for Crowd and Hipchat.
Both Kerberos and SAML may be configured using a setup wizard, and is very easy to cofigure.
This community is celebrating its one-year anniversary and Atlassian co-founder Mike Cannon-Brookes has all the feels.Read more
Hi Community! Kesha (kay-sha) from the Confluence marketing team here! Can you share stories with us on how your non-technical (think Marketing, Sales, HR, legal, etc.) teams are using Confluen...
Connect with like-minded Atlassian users at free events near you!Find a group
Connect with like-minded Atlassian users at free events near you!
Unfortunately there are no AUG chapters near you at the moment.Start an AUG
You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs