Forums
Home Product Q&A Discussion groups Articles Ask a question Search
Learning
Events
Champions

Forums

Articles
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Confluence SSO/Pass through authenication - via config, plugin or crowd?

John Rehill
John Rehill October 11, 2012

Hi all,

We are using Confluecence 4.3.1 and the process has stared to roll it out to our entire organisation.

We now have a request that external users will need a space to access information but we want to keep all our other spaces and information hidden from them.

We have had Confluence integrated with our AD for a couple of years now but with the rollout, staff are starting to complain that they have to log into Confluence even for simple things, like looking up HR polices. So I am looking to have a SSO/pass-through authenication setup so that users don't need to login again to the site aftre they have logged into their workstation.

Is this possible either by the confluence config, a plugin or will I need Crowd? If I need crowd, I have been told to look into the cost of licencing but from what I've read, Crowd is used when you are using multiple Atlassian products and want a single sign in for all of them. While we have other atlassian products in use such as JIRA and Bamboo, they are only for limited users, and are kept seperate from Confluence for now.

Is this sort of integration possible?

Answer
Watch
Like Be the first to like this
1226 views

4 answers

1 accepted

0 votes
Answer accepted
Deleted user October 16, 2012

Hi John,

Crowd is only for Atlassian products so you will have two logins (first Windows, then Crowd).

I never tried to connect a Confluence to an IIS but as I understand authentication via ISS, it uses NTLM. NTLM is still supported but depricated and Microsofts Kerberos is the protocol of choice. And you need an IIS.

I recommend a Kerberos PlugIn for Confluence. Our developers have written plugins and we already realizied SSO/Kerberos solutions in bigger companys. These solutions are working fine.

Reply
2 votes
Jobin Kuruvilla [Adaptavist]
Jobin Kuruvilla [Adaptavist]
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
October 11, 2012

If you are on Windows, you can try using integrated Windows Authentication via ISS.

Sharepoint Connector has the documentation for this. Will it help?

https://confluence.atlassian.com/display/SPCON011/Access+Confluence+using+Integrated+Windows+Authentication+via+IIS

See the known issues before you proceed.

View More Comments
John Rehill
John Rehill October 14, 2012

This would probably be a solution but we need to still have anonymous access as the external staff will not have domain logins. Also we don't use Sharepoint in our organisation, though it seems this merely uses a configuration connector and not need a Sharepoint setup. Am I wrong in that thinking?

Like
Jobin Kuruvilla [Adaptavist]
Jobin Kuruvilla [Adaptavist]
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
October 14, 2012

No need for Sharepoint connector. Authenticator would be sufficient. But anonymous access is not possible via this setup.

Like
NielsJ
NielsJ
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
October 16, 2012

You could provide an account anonymous/anonymous in the local Confluence user directory for anonymous access. Then you could integrate a button "log in as anonymous" on the login screen that does the job for you. Then everybody can log in as anonymous...

Like
Reply
1 vote
JohnA
JohnA
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
October 11, 2012

Hi John,

From the sounds of it, Crowd is indeed the product for you to implement an SSO solution across your Atlassian applications, (and any other apps that conform to the OpenID format). As part of configuring Crowd, you can set different access parameters for each application so that only the intended users are able to access them and each application can have different access parameters.

Unfortunately though, SSO cannot be implemented just through the confluence config, and whilst there is a plugin for SSO I suspect that it will go beyond your requirements: https://marketplace.atlassian.com/plugins/com.appfusions.confluence.sso.confluence-sso-authenticator

Therefore I would recommend you investigate Crowd as a solution for this implementation.

All the best,
John

View More Comments
John Rehill
John Rehill October 14, 2012

I am willing to go with Crowd, however I need to know will users still have to log into Crowd? I want to have a completely transparent login process.

Like
Renjith Pillai
Renjith Pillai
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
October 16, 2012

Not needed, once the user is logged in to the Windows machine, it will be directly used for Confluence.

Like
Reply
0 votes
John Rehill
John Rehill October 16, 2012

Can anyone else follow up with this? To clarify, I need a completely transparent login process for Confluence but still have the ability to log in as another user/log out if need by or to still have anonymous access to certain spaces.

Reply

Suggest an answer

Log in or Sign up to answer
Confluence
Confluence
TAGS
AUG Leaders

Atlassian Community Events

    See all events
    Community
    Forums
    FAQs Forums guidelines
    Learning
    About learning Resources
    Events
    Champions
    Copyright © 2025 Atlassian
    Privacy Policy Terms Security
    Welcome illustration

    Welcome to the new Atlassian Community

    Online forums and learning are now in one easy-to-use experience.

    By continuing, you accept the updated Community Terms of Use and acknowledge the Privacy Policy. Your public name, photo, and achievements may be publicly visible and available in search engines.