How do I set up application links where address of 3rd party application servers is unknown?

Hi folks!

I'd like to use Confluence's support for Basic HTTP Authentication for an Application Link to allow for a 3rd party app to log in to confluence under a specific account.

Everything looks doable using the application links setup, except for the fact that you need to know the URL of the application sending the authentication information to Confluence. What do we do when this is not know? For example, what if we have multiple instances of this application at different URLs that we want to allow to access Confluence? Or, what if their URLs change?

Is there a way that we can have Confluence grant access for any incoming traffic that uses the correct basic HTTP authentication credentials regardless of what its URL is?

In short, here's what I'm trying to achieve:

  1. Confluence server is locked down so there is no anonymous access.
  2. Users of 3rd party system can click a link in 3rd party system to open a page in confluence. From then on they can browse around content in confluence until (and unless) they decide to log out (or their session times out, etc).
  3. Note: 3rd party system may be installed in multiple concurrent locations, might not know their URLs, etc...

2 answers

1 accepted

You shouldn't need to do anything to configure incoming basic authentication into Confluence.

I know it's confusing but configuring incoming basic authentication via Application Links is used to make it easier to set up a 2-way link between two Application Link aware applications. These are usually Atlassian applications. For example, JIRA and Confluence.

The trick to doing what you want is that Confluence won't send a basic challenge via a 401 http response but instead will try and redirect an unauthenticated request to the login screen. Therefore, your 3rd party app will need to send the basic credentials in its request without being challenged. Does this make sense?

Interesting Ryan! So, you'd do something like this (python example)?

import urllib
f = urllib.urlopen("http://username:password@www.example.com/spacekey/pagename")
print f.read()

Strange example I know. I'm just trying to verify the syntax for passing username and password through the request. You do it this way, and not via key value pairs or some other means, correct?


No, you need to set the basic Auth headers. AFAIK, that syntax depends on your browser transforming the url into a proper Basic Auth request.

I don't know python but you want something like

import urllib 
opener = urllib.URLOpener({})
opener.addheader("Authorization", "Basic " + base64.b64encode("Aladdin:open sesame"))
f = opener.open("http://www.example.com/spacekey/pagename")

That doesn't sound too secure to me, which would be why it isn't supported. What you are saying is that you will allow anyone to access your server if they have authenticated with their own server, no matter what server it was. I think you'd be better advised to really determine who you will extend trust to.

Hi Jim!

I think the intent here is to do this: In instances of our web application, we have a certain class of users (administrators) who will be in and out of the confluence server (documentation). We will create accounts for these users in confluence, but want to provide them with a seamless experience so if they follow a link to a confluence page from our application, they will be logged in under their own account and won't be prompted for a PW.

In my initial description, "users" was a bit broad. It is NOT any user of our application...it is only administrators (and we will create accounts for each of them).

So I think what I am saying is this, "Any administer of our system will have an account created in confluence, and can follow links from our apps to pages in confluence. Authentication will take place transparently to the user when they follow these links."

-Michael

Suggest an answer

Log in or Sign up to answer
How to earn badges on the Atlassian Community

How to earn badges on the Atlassian Community

Badges are a great way to show off community activity, whether you’re a newbie or a Champion.

Learn more
Community showcase
Posted Tuesday in Confluence

We want to see the templates you've created in Confluence!

Hi Community, Jessica here from the Confluence Product Marketing team!  July’s community challenge is all about sharing pictures  — and as an extension of our first post on what ...

464 views 19 9
Join discussion

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you