Hi folks!
I'd like to use Confluence's support for Basic HTTP Authentication for an Application Link to allow for a 3rd party app to log in to confluence under a specific account.
Everything looks doable using the application links setup, except for the fact that you need to know the URL of the application sending the authentication information to Confluence. What do we do when this is not know? For example, what if we have multiple instances of this application at different URLs that we want to allow to access Confluence? Or, what if their URLs change?
Is there a way that we can have Confluence grant access for any incoming traffic that uses the correct basic HTTP authentication credentials regardless of what its URL is?
In short, here's what I'm trying to achieve:
You shouldn't need to do anything to configure incoming basic authentication into Confluence.
I know it's confusing but configuring incoming basic authentication via Application Links is used to make it easier to set up a 2-way link between two Application Link aware applications. These are usually Atlassian applications. For example, JIRA and Confluence.
The trick to doing what you want is that Confluence won't send a basic challenge via a 401 http response but instead will try and redirect an unauthenticated request to the login screen. Therefore, your 3rd party app will need to send the basic credentials in its request without being challenged. Does this make sense?
Interesting Ryan! So, you'd do something like this (python example)?
import urllib
f = urllib.urlopen("http://username:password@www.example.com/spacekey/pagename")
print f.read()
Strange example I know. I'm just trying to verify the syntax for passing username and password through the request. You do it this way, and not via key value pairs or some other means, correct?
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
No, you need to set the basic Auth headers. AFAIK, that syntax depends on your browser transforming the url into a proper Basic Auth request.
I don't know python but you want something like
import urllib 
opener = urllib.URLOpener({})
opener.addheader("Authorization", "Basic " + base64.b64encode("Aladdin:open sesame"))
f = opener.open("http://www.example.com/spacekey/pagename")
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
That doesn't sound too secure to me, which would be why it isn't supported. What you are saying is that you will allow anyone to access your server if they have authenticated with their own server, no matter what server it was. I think you'd be better advised to really determine who you will extend trust to.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Jim!
I think the intent here is to do this: In instances of our web application, we have a certain class of users (administrators) who will be in and out of the confluence server (documentation). We will create accounts for these users in confluence, but want to provide them with a seamless experience so if they follow a link to a confluence page from our application, they will be logged in under their own account and won't be prompted for a PW.
In my initial description, "users" was a bit broad. It is NOT any user of our application...it is only administrators (and we will create accounts for each of them).
So I think what I am saying is this, "Any administer of our system will have an account created in confluence, and can follow links from our apps to pages in confluence. Authentication will take place transparently to the user when they follow these links."
-Michael
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
 
 
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.