Enterprise Application Access (EAA) Cloud supports single sign-on
(SSO) to Atlassian applications, such as Confluence, using custom headers insertion, which
lets you access the Atlassian application through the EAA Cloud service without having to
authenticate for a specific application again.
Before you begin
The Confluence application must be running
and integrated into your Active Directory or OpenLDAP server.
You can use your Active Directory (AD) or
OpenLDAP server to authenticate all the end users and have immediate access to
applications secured through EAA Cloud. This integration sends the X-forwarded-for
custom headers to an application for SSO.
How to
-
Download the latest version of the HTTP
Authenticator for Confluence.
-
Copy the downloaded remoteUserAuth-2.5.0.jar file to the
following location in your Confluence installation:
- For
Linux:/usr/local/confluence/confluence/WEB-INF/lib
- For Windows: Users/C:/Program
Files/confluence/confluence/WEB-INF/lib
Note: The version number in this
example is 2.5.0. You may have a different, later version number when you
download the file.
-
Download the remoteUserAuthenticator.properties text file
from github confluence_http_authenticator.
-
Move the remoteUserAuthenticator.properties file to your
Confluence installation:
- For
Linux:/usr/local/confluence/confluence/WEB-INF/classes
- For Windows: Users/C:/Program
Files/confluence/confluence/WEB-INF/classes
-
Edit the remoteUserAuthenticator.properties file with administrative
privileges and change the following lines to send remote headers for SSO:
- Change header.remote_user=REMOTE_USER to
header.remote_user=user_name
- Comment out the line
#header.email=CONF_EMAIL
- Comment out the line
#header.fullname=CONF_FULLNAME
-
Save the file.
#semicolon-delimited list.
#
# Note: if fullname mapping is used (see below) then it will try
using that first to get the full name using this header.
#
# Each supports a strategy to get this value. All default to 0.
Strategy codes mean the following:
# 0 - Try request.getAttribute then request.getHeader
# 1 - Use request.getAttribute
# 2 - Use request.getHeader
header.remote_user=user_name
#header.remote_user.strategy=0
#header.email=CONF_EMAIL
#header.email.strategy=0
#header.fullname=CONF_FULLNAME
#header.fullname.strategy=0
#
-
Edit the seraph-config.xml file at this location in your
Confluence installation:
/usr/local/confluence/confluence/WEB-INF/classes/seraph-config.xml
and edit the following line:
Replace <authenticator
class="com.atlassian.confluence.user.ConfluenceAuthenticator"/>
with:
<authenticator
class="shibauth.confluence.authentication.shibboleth.RemoteUserAuthenticator"/>
-
Save the file and restart the
EAA Confluence application.
-
Configure the Enterprise Application Access (EAA) application.
-
Click Settings
on the Confluence application that you configured in EAA.
-
Click ADVANCED
SETTINGS at the top.
-
Scroll to the Custom
HTTP headers section.
-
Enter user-name
in the Header
Name field and select user from
the Attribute field.
-
Click Save and go to
Deployment.
Next steps
For the changes to go into effect, Deploy the application.