We are running our JIRA and Confluence servers behind "CA Siteminder SSO". To make this work with JIRA and Confluence we added a library to the lib directory, and edited the seraph-config to use the Siteminder Authentication. Basically, when the users calls our JIRA or Confluence adress, the SSO server intercepts, and checks if the user is logged in on the SSO server. If not, he will get a SSO login mask where he has to authenticate.
After doing so, the SSO sends the user id to Confluence / JIRA. Confluence and JIRA have a plugin running which then reads the Header with the userid, and shows the users content. While this works perfect, it's causing us headaches because we can't display JIRA information in Confluence anymore (before JIRA was connected to SSO, this worked).
Now, I believe the problem is that the application link is configured with the SSO-URL. Since the connection between JIRA and Confluence is handled from the server itself and not the user, the server will be getting a SSO login mask where he actually expected JIRA.
Now, to bypass this problem, I tought it would be smart to add another connector to the server.xml, which is listening to a domain name, which is not intercepted by our SSO. This actually worked, server is listening on those requests. Problem is, that he will only accept Siteminder-Authentication data (no more Confluence login mask).
I then tought it might work if I uncomment the default Confluence and JIRA authenticator. But now JIRA and Confluence will only accept their own login mask, logging in with SSO doesn't work anymore.
Is there any way I can configure multiple authentication methods, so the users are able to login in via Siteminder SSO while JIRA and Confluence communicate with each other, using their own login masks. Or is there any other way I could solve this issue? Has someone had a similar problem?
Thanks alot for your advice guys!
It's been a long time but I have been able to solve my problem :)
<VirtualHost *:80> ProxyPreserveHost On ProxyRequests Off ServerName proxy.confluence.company.com RequestHeader set REMOTE_USER "USERID" ProxyPass / http://confluenceserver.internal:8991/ ProxyPassReverse / http://confluenceserver.internal:8991/ </VirtualHost>
If your Confluence and/or JIRA installation is configured to use a proxy for outgoing connections, make sure that proxy.confluence.company.com and/or proxy.jira.company.com is configured as non-proxy-host.
Restart both applications. You should now be able to configure the application link, while beeing behind a non-supported SSO
Do you use templates with Confluence? Take part in a remote 1-hr workshop. You'll receive USD $100 for your time! We're looking for people to participate in a remote 1-hr workshop...
Connect with like-minded Atlassian users at free events near you!Find a group
Connect with like-minded Atlassian users at free events near you!
Unfortunately there are no AUG chapters near you at the moment.Start an AUG
You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs