Confluence Rest API windows authentication.

Hi Team, I'm looking to authenticate confluence rest api (with windows authentication). I have already implemented basic authentication but want to switch to windows authentication for obvious reason (don't want to hard-code username /password). please suggest any resource/guide to achieve this. Tired of searching Confluence Online Help but nothing got anything specific to this.

2 answers

0 votes
Bruno Vincent Community Champion Dec 16, 2017

Hi @serwan gupta,

You will need a Kerberos plugin for this. You can find many of them on Atlassian Marketplace: https://marketplace.atlassian.com/search?query=kerberos

I work for the vendor of the IWAAC Kerberos SSO plugin.

You will find code examples (in Groovy, Powershell and Python) of REST clients authenticating with Kerberos on this page. Please note that these examples are not specific to our plugin and thus they should work with any other Kerberos vendor's plugin.

@Bruno Vincent: I've already checked that. what I understand is it is not ATLASSIAN product and I would require to purchase it explicitly. if I already have confluence/jira licence then just for getting authentication feature i would not go for other vendor product. Moreover purchasing a plugin would require a whole new process trigger at my organisation with business justification. Also, I didn't find any code sample for (C#.NET, Angular or any other javascript library)

my question was if the basic authentication is possible without any plugin and then why not Kerberos? There should be some support from ATLASSIAN

Bruno Vincent Community Champion Dec 17, 2017

Hi @serwan gupta

As of today Atlassian does not provide that feature. So you basically have two solutions:

Again, the good news about vendors plugins is that you can find many of them on Atlassian Marketplace so you can easily test them and choose the one that you like the most and best fits your needs and requirements.

Regarding code sample, JavaScript running in a browser will rely upon the browser's native Kerberos support so that should be pretty straightforward. In C#, you can use the WebClient class along with its UseDefaultCredentials property, it will have the same behaviour as in our Powershell example.

Thanks! @Bruno Vincent for the update. we will look into how to proceed on this.

Hi @serwan gupta

I work for the vendor Kantega Single Sign-on.

Kerberos for REST can be enabled inside our add-ons.

Have a look at https://marketplace.atlassian.com/search?query=kantega

 

If you need any help, just write en email to our support team sso@kantega.no

 

Cheers,

Lars

@Lars: I've already checked that. what I understand is it is not ATLASSIAN product and I would require to purchase it explicitly. if I already have confluence/jira licence then just for getting authentication feature i would not go for other vendor product. Moreover purchasing a plugin would require a whole new process trigger at my organisation with business justification. Also, I didn't find any code sample for (C#.NET, Angular or any other javascript library)

my question was if the basic authentication is possible without any plugin and then why not Kerberos? There should be some support from ATLASSIAN

@serwan gupta 

Imaging authentications failing for 1 user, 10 users or perhaps all users. You are waiting for support, and meanwhile people are getting a blank screen. Perhaps it is not working through VPN. Is it network or DNS related? What if you have a large forest of AD`s and SSO does not work for multiple domains, or 3 standalone domain that all want to have SSO?

What I`m saying is that Kerberos is a quite tricky technology and my guess is that Atlassian does not have the expertise to handle all the support it would require. 

I would rather have this add-on delivered from a company that specializes in single sign-on.

Our support team will answer any questions within minutes. In most cases we are able to see the problem right away due to our many built-in test tools. If not, we help customers through remote screen sharing.

 

At least at the moment Atlassian has no way of offering Kerberos to JIRA/Confluence.

Cheers,
Lars

Making an add-on that can log in a user is straight forward if you know what you are doing.

  • What if you also want users to be able to log in as a different users. (actually able to log out)
  • Authenticate to service desk, open confluence attachments without entering their username and password
  • Limit Kerberos to certain IP-ranges
  • Not break any monitoring software
  • Not break application links
  • Not break anonymously view-able pages like filters etc
  • Authenticate users even if the application does NOT require the user to authenticate
  • Etc

Many of our customers are coming to us because the internal development and testing is taking up too much time.

Atlassian changes their product from time to time, and this occasionally breaks the integrations. Sometimes it`s an easy fix, sometimes it`s not. This all depends on what you want to spend your time doing ;-)

 

-Lars 

Suggest an answer

Log in or Sign up to answer
Community showcase
Published Monday in Jira Ops

Jira Ops Early Access Program Update #1: Announcing our next feature and a new integration

Thanks for signing up for Jira Ops! I’m Matt Ryall, leader for the Jira Ops product team at Atlassian. Since this is a brand new product, we’ll be delivering improvements quickly and sharing updates...

514 views 0 9
Read article

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you