How to set sso in confluence ?

We use confluence with crowd.
We were able to log in to confluence.

We set seraph-config.xml for sso function as follows. But when I set below, can't log in to confluence.
-------------------------------------------------------------------
Comment out the line:-
<!-- <authenticator class="com.atlassian.confluence.user.ConfluenceAuthenticator"/> -->

Uncomment the line:-
<authenticator class="com.atlassian.confluence.user.ConfluenceCrowdSSOAuthenticator"/>
-------------------------------------------------------------------

Contents of below are our setting contents for sso function.

What was wrong?

■crowd
real ip : 1.1.1.1:8095/crowd
gateway ip : 7.7.7.7/crowd
gateway ip's domain name : a.domain.net/crowd
apache-tomcat/conf/server.xml : proxyName="a.domain.net"
administrator - General - SSO Domain : a.domain.net

configure application with confluence
name : confluence
ip : a.domain.net/confluence
remote address : 2.2.2.2

■confluence
real ip : http://2.2.2.2/confluence
gateway ip : 7.7.7.7/confluence
gateway ip's domain name : a.domain.net/confluence

configure directory with crowd
server url = 1.1.1.1:8095/crowd
application name = confluence

■apache mod_proxy for confluence
#put this after the other LoadModule directives
LoadModule proxy_module /usr/lib/apache2/modules/mod_proxy.so
LoadModule proxy_http_module /usr/lib/apache2/modules/mod_proxy_http.so
1.Put this in the main section of your configuration (or desired virtual host, if using Apache virtual hosts)
ProxyRequests Off
ProxyPreserveHost On
<Proxy *>
Order deny,allow
Allow from all
</Proxy>

ProxyPass /confluence http://2.2.2.2:8090/confluence
ProxyPassReverse /confluence http://2.2.2.2:8090/confluence
<Location /confluence>
Order allow,deny
Allow from all
</Location>

■apache mod_proxy for crowd
#put this after the other LoadModule directives
LoadModule proxy_module /usr/lib/apache2/modules/mod_proxy.so
LoadModule proxy_http_module /usr/lib/apache2/modules/mod_proxy_http.so

# Put this in the main section of your configuration (or desired virtual host, if using Apache virtual hosts)
ProxyRequests Off
ProxyPreserveHost On

<Proxy *>
Order deny,allow
Allow from all
</Proxy>

ProxyPass /crowd http://1.1.1.1:8095/crowd
ProxyPassReverse /crowd http://1.1.1.1:8095/crowd
<Location /crowd>
Order allow,deny
Allow from all
</Location>

■confluence - server.xml
<Server port="8000" shutdown="SHUTDOWN" debug="0">
<Service name="Tomcat-Standalone">
<Connector className="org.apache.coyote.tomcat4.CoyoteConnector" port="8090" minProcessors="5"
maxProcessors="75"
enableLookups="false" redirectPort="8443" acceptCount="10" debug="0" connectionTimeout="20000"
useURIValidationHack="false" URIEncoding="UTF-8"/>
<Engine name="Standalone" defaultHost="localhost" debug="0">

<Host name="localhost" debug="0" appBase="webapps" unpackWARs="true" autoDeploy="false">

<Context path="/confluence" docBase="../confluence" debug="0" reloadable="true">
<!-- Logger is deprecated in Tomcat 5.5. Logging configuration for Confluence is specified in confluence/WEB-INF/classes/log4j.properties -->
<Manager pathname="" />
</Context>
</Host>

</Engine>

<!--
To run Confluence via HTTPS:

•Uncomment the Connector below
•Execute:
%JAVA_HOME%\bin\keytool -genkey -alias tomcat -keyalg RSA (Windows)
$JAVA_HOME/bin/keytool -genkey -alias tomcat -keyalg RSA (Unix)
with a password value of "changeit" for both the certificate and the keystore itself.
•Restart and visit https://localhost:8443/
For more info, see http://confluence.atlassian.com/display/DOC/Adding+SSL+for+Secure+Logins+and+Page+Security
-->
<Connector port="8090" maxHttpHeaderSize="8192"
maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
enableLookups="false" redirectPort="8443" acceptCount="100"
connectionTimeout="20000" disableUploadTimeout="true"
proxyName="http://a.domain.net/" proxyPort="80"/>
</Service>
</Server>

■confluence - seraph-config.xml
<security-config>
<parameters>
<init-param>
<param-name>login.url</param-name>
<param-value>/login.action?os_destination=$

{originalurl}

</param-value>
</init-param>
<init-param>
<param-name>link.login.url</param-name>
<param-value>/login.action</param-value>
</init-param>
<init-param>
<param-name>cookie.encoding</param-name>
<param-value>cNf</param-value>
</init-param>
<init-param>
<param-name>login.cookie.key</param-name>
<param-value>seraph.confluence</param-value>
</init-param>

<!only basic authentication available>
<init-param>
<param-name>authentication.type</param-name>
<param-value>os_authType</param-value>
</init-param>

<!-- Invalidate session on login to prevent session fixation attack -->
<init-param>
<param-name>invalidate.session.on.login</param-name>
<param-value>true</param-value>
</init-param>
<!-- Add names for session attributes that must not be copied to a new session when the old one gets invalidated.
Currently it is empty (i.e. all attributes will be copied). -->
<init-param>
<param-name>invalidate.session.exclude.list</param-name>
<param-value></param-value>
</init-param>
</parameters>

<rolemapper class="com.atlassian.confluence.security.ConfluenceRoleMapper"/>
<controller class="com.atlassian.confluence.setup.seraph.ConfluenceSecurityController"/>

<!-- Default Confluence authenticator, which uses the configured user management for authentication. -->

<!-- Custom authenticators appear below. To enable one of them, comment out the default authenticator above and uncomment the one below. -->
<!-- Authenticator with support for Crowd single-sign on (SSO). -->
<authenticator class="com.atlassian.confluence.user.ConfluenceCrowdSSOAuthenticator"/>
<!-- Specialised version of the default authenticator which adds authenticated users to confluence-users if they aren't already a member. -->
<!-- <authenticator class="com.atlassian.confluence.user.ConfluenceGroupJoiningAuthenticator"/> -->

<services>
<service class="com.atlassian.seraph.service.PathService">
<init-param>
<param-name>config.file</param-name>
<param-value>seraph-paths.xml</param-value>
</init-param>
</service>
</services>

<elevatedsecurityguard class="com.atlassian.confluence.security.seraph.ConfluenceElevatedSecurityGuard"/>

</security-config>

■confluence - crowd.properties

application.name confluence
application.password ****
application.login.url http://a.domain.net/crowd/console/

crowd.server.url http://a.domain.net/crowd/services/
crowd.base.url http://a.domain.net/crowd/

session.isauthenticated session.isauthenticated
session.tokenkey session.tokenkey
session.validationinterval 2
session.lastvalidation session.lastvalidation


2 answers

Hi Sunghwann,

What is your CROWD / Confluence ?

Regards,

Sven.

Hi Sven.

crowd = 2.5.2

confluence = 4.3.2

Regards,

Sunghwan.

Hello Sunghwann,

In a first approach I would suggest you to double-check the configuration of SSO with your Crowd version, maybe some detail about the configuration itself can be wrong (this happens), you can follow this documentation that explains how it works and how to configure:

https://confluence.atlassian.com/display/CROWD025/Single+Sign-On

If doesn't help I would suggest you to raise a support ticket at our support.atlassian.com and so we can take a better look at your environment in order to find a resolution/workaround for you.

I hope this helps.

Best Regards,

LJ.

Suggest an answer

Log in or Sign up to answer
Atlassian Community Anniversary

Happy Anniversary, Atlassian Community!

This community is celebrating its one-year anniversary and Atlassian co-founder Mike Cannon-Brookes has all the feels.

Read more
Community showcase
Sarah Goff-Dupont
Published 2 hours ago in Confluence

Think you know shares vs. @mentions in Confluence? Take this collab quiz.

To anyone who doubts that Atlassians are a little too obsessed with collaboration, and tools related thereto, let me describe a recent discussion we had (which took place on our internal Confluence, ...

37 views 2 3
Read article

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you