Hi,
We are using Confluence 6.0.7 and want to include external pics into our pages via "Insert files and images" --> "Images from web" functionality. But the pics we are going to insert are protect via a SSO solution. Therefore Confluence is not able to retrieve the pic information since the external HTTP server returns a HTTP code 302 instead of the pic. This behavior is expected, just because HTTP server redirects any communication to the SSO provider and then displays the pic after successful authentication.
This redirection to the SSO provider is omitted once the user authenticated successfully one time. As a consequence the user has to access the pic on the server and authenticate successfully and only after that Confluence is able to retrieve the pic directly.
Actually we do not have to stick on SSO solution to protect our pics. So we are looking for ideas to protect our pics on external HTTPS servers in a way Confluence can fetch the pics without hitting any redirection or prompt for login credentials. On the other way no one except Confluence should be able to retrieve the pics.
I had some ideas like restriction of IP address on the HTTP server but that does not work. I would have to register every IP address of every user.
Or I thought about using Apaches "mod_auth_token", but is needs some calculation to create the correct link and I am not sure how implement this in Confluence.
http://docs.unified-streaming.com/tutorials/security/apache-mod-auth-token.html
Any other ideas?
 
 
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.