Missed Team ’24? Catch up on announcements here.

×
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

kerberos authentication receiving 302 redirect rather than internal forward

Konnie McCauley
Konnie McCauley February 5, 2012

when authenticating from outside receiving two login pages. Receiving a 302 temporary move which looses the username and password. Need second authentication to log in. Where in the configuraiton files can we alter the 302 temporary move to an internal forward instead.

Answer
Watch
Like Be the first to like this
965 views

3 answers

1 accepted

0 votes
Answer accepted
Ellen Feaheny [
Ellen Feaheny [AppFusions]
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
February 8, 2012

Thanks for contacting us direct so we can support you directly on this additional use cases so we can properly assist you.

Answers.atlassian.com is not the place for a custom config/network specific solution. As you know, the initial authenticator was per your site.

Reply
0 votes
Konnie McCauley
Konnie McCauley February 5, 2012

Our confluence is set up as such:

Standalone Confluence 3.5.13 (one server) - a separate SQL server 2005

Open to outside access. When a user tries to access confluence from outside receive an initial login screen.

upon entering login information. Then prompted to enter login information again, then authenticated to confluence.

When watching wireshark - see severl 302 temporarily moved lines. I read that when you receive a 302 temporarily moved - the kerberos authentication is lost. Documentatio mentions that we should use internal forwards instead, which would keep the username and password information.

If this is the case, what needs to be entered and where is this entered

View More Comments
Konnie McCauley
Konnie McCauley February 5, 2012

By the way, Barney built our Kerberos authenticator

Like
Konnie McCauley
Konnie McCauley February 5, 2012

We have done some serious packet watching and testing inside, outside, even on a computer that was inside but not in the domain. Here is where we are:

Can the Kerberos authenticator either:

- Permit NTLM as well or

- Drop the negotiation and only allow basic and Kerberos?

When accessing the site with Internet Explorer either outside or on a machine that is not in the domain you get the initial IE preferred authentication “ntlm”, then the authenticator rejects this and a new window pops up requesting “basic” authentication and success……

Like
Reply
0 votes
David at David Simpson Apps
David at David Simpson Apps
Marketplace Partner
Marketplace Partners provide apps and integrations available on the Atlassian Marketplace that extend the power of Atlassian products.
February 5, 2012

Please expand on the problem you're having with a dash more detail.

Reply

Suggest an answer

Log in or Sign up to answer
Confluence
Confluence
TAGS
AUG Leaders

Atlassian Community Events

    See all events