Is it possible to run multiple authentication methods?

Hey there

We are running our JIRA and Confluence servers behind "CA Siteminder SSO". To make this work with JIRA and Confluence we added a library to the lib directory, and edited the seraph-config to use the Siteminder Authentication. Basically, when the users calls our JIRA or Confluence adress, the SSO server intercepts, and checks if the user is logged in on the SSO server. If not, he will get a SSO login mask where he has to authenticate.

After doing so, the SSO sends the user id to Confluence / JIRA. Confluence and JIRA have a plugin running which then reads the Header with the userid, and shows the users content. While this works perfect, it's causing us headaches because we can't display JIRA information in Confluence anymore (before JIRA was connected to SSO, this worked).

Now, I believe the problem is that the application link is configured with the SSO-URL. Since the connection between JIRA and Confluence is handled from the server itself and not the user, the server will be getting a SSO login mask where he actually expected JIRA.

Now, to bypass this problem, I tought it would be smart to add another connector to the server.xml, which is listening to a domain name, which is not intercepted by our SSO. This actually worked, server is listening on those requests. Problem is, that he will only accept Siteminder-Authentication data (no more Confluence login mask).

I then tought it might work if I uncomment the default Confluence and JIRA authenticator. But now JIRA and Confluence will only accept their own login mask, logging in with SSO doesn't work anymore.

Is there any way I can configure multiple authentication methods, so the users are able to login in via Siteminder SSO while JIRA and Confluence communicate with each other, using their own login masks. Or is there any other way I could solve this issue? Has someone had a similar problem?

Thanks alot for your advice guys!



2 answers

1 accepted

0 votes
Accepted answer

It's been a long time but I have been able to solve my problem :)

Here's how I did it:
  1. In the Confluence server.xml, add another connector, running on a port of your choice (in my case it's 8991), non-https
  2. Also do the same for JIRA (for example on port 8992), non-https
  3. Set up a Virtual-Host acting as a proxy on apache. This is a example configuration (make sure USERID is the id of an actual administrator):
    <VirtualHost *:80>
    	ProxyPreserveHost On
    	ProxyRequests Off
    	RequestHeader set REMOTE_USER "USERID"
    	ProxyPass / http://confluenceserver.internal:8991/
    	ProxyPassReverse / http://confluenceserver.internal:8991/

  4. Do the same configuration for JIRA, edit the ProxyPass server and the ServerName
  5. If your Confluence and/or JIRA installation is configured to use a proxy for outgoing connections, make sure that and/or is configured as non-proxy-host.

  6. Restart both applications. You should now be able to configure the application link, while beeing behind a non-supported SSO

hi wcms.

i believe multiple authenticators is not possible but please have a look at this..

Suggest an answer

Log in or Sign up to answer
Community showcase
Posted Feb 06, 2019 in Confluence

Try out the new editing experience

Hi team, I’m Avinoam, a product manager on Confluence Cloud, and today I’m really excited to let the Community know that all customers can now try out the new editing experience and see some of the ...

792 views 33 5
Join discussion

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you