Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

How do we deploy Jira in a 3-tier architecture

Misbahul Hasan
Misbahul Hasan
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
November 30, 2011

In an internet facing deployment, we have a requirement that the authentication need to happen in the internet zone and then an authenticated request can be forward to the Jira application hosted in the core zone. This means we need to either support LDAP authentication or deploy Jira using distributed architecture where authentication happens in the internet zone and the application should be hosted in the core zone.

Answer
Watch
Like Mo Beigi likes this
1502 views

2 answers

1 accepted

1 vote
Answer accepted
Dieter
Dieter
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
December 2, 2011
Another approach i'd recommend is to let a reverse proxy which is directly attached to the internet do the authentication against LDAP. The reverse proxy, e.g. Apache will forward the http traffic to your Jira which should be hidden behind a firewall as well as the LDAP server. Apache must be configured to pass along the name of the authenticated user in a header variable and in Jira you would need a custom authenticator to check that. how to implement this is described at http://docs.atlassian.com/atlassian-seraph/latest/sso.html By using the same reverse proxy you can easily implement a single sign on solution for all of your web applications. Also in situations of zero-day-exploits you can easily block malicious requests by simple changing a rule on the reverse proxy until there is a fix from Atlassian. There is good docu around how to configure Jira with Apache, just google for "Jira Apache"
View More Comments
Dieter
Dieter
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
December 2, 2011
Here is information about how to configure Apache for authentication against LDAP and authorization http://httpd.apache.org/docs/2.2/mod/mod_authnz_ldap.html
Like
Reply
0 votes
SimonS
SimonS
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
December 2, 2011

Hi M Hasan,

JIRA doesn't support a distributed tiered architecture deployments, but you can use LDAP to authenticate against JIRA:

http://confluence.atlassian.com/display/JIRADL/Integrating+JIRA+with+LDAP

-Simon

Reply

Suggest an answer

Log in or Sign up to answer
Jira
Jira
TAGS
AUG Leaders

Atlassian Community Events

    See all events