Forums
Home Product Q&A Discussion groups Articles Ask a question Search
Learning
Events
Champions

Forums

Articles
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

How to set sso in confluence ?

sunghwan lee
sunghwan lee January 28, 2013

We use confluence with crowd.
We were able to log in to confluence.

We set seraph-config.xml for sso function as follows. But when I set below, can't log in to confluence.
-------------------------------------------------------------------
Comment out the line:-
<!-- <authenticator class="com.atlassian.confluence.user.ConfluenceAuthenticator"/> -->

Uncomment the line:-
<authenticator class="com.atlassian.confluence.user.ConfluenceCrowdSSOAuthenticator"/>
-------------------------------------------------------------------

Contents of below are our setting contents for sso function.

What was wrong?

■crowd
real ip : 1.1.1.1:8095/crowd
gateway ip : 7.7.7.7/crowd
gateway ip's domain name : a.domain.net/crowd
apache-tomcat/conf/server.xml : proxyName="a.domain.net"
administrator - General - SSO Domain : a.domain.net

configure application with confluence
name : confluence
ip : a.domain.net/confluence
remote address : 2.2.2.2

■confluence
real ip : http://2.2.2.2/confluence
gateway ip : 7.7.7.7/confluence
gateway ip's domain name : a.domain.net/confluence

configure directory with crowd
server url = 1.1.1.1:8095/crowd
application name = confluence

■apache mod_proxy for confluence
#put this after the other LoadModule directives
LoadModule proxy_module /usr/lib/apache2/modules/mod_proxy.so
LoadModule proxy_http_module /usr/lib/apache2/modules/mod_proxy_http.so
1.Put this in the main section of your configuration (or desired virtual host, if using Apache virtual hosts)
ProxyRequests Off
ProxyPreserveHost On
<Proxy *>
Order deny,allow
Allow from all
</Proxy>

ProxyPass /confluence http://2.2.2.2:8090/confluence
ProxyPassReverse /confluence http://2.2.2.2:8090/confluence
<Location /confluence>
Order allow,deny
Allow from all
</Location>

■apache mod_proxy for crowd
#put this after the other LoadModule directives
LoadModule proxy_module /usr/lib/apache2/modules/mod_proxy.so
LoadModule proxy_http_module /usr/lib/apache2/modules/mod_proxy_http.so

# Put this in the main section of your configuration (or desired virtual host, if using Apache virtual hosts)
ProxyRequests Off
ProxyPreserveHost On

<Proxy *>
Order deny,allow
Allow from all
</Proxy>

ProxyPass /crowd http://1.1.1.1:8095/crowd
ProxyPassReverse /crowd http://1.1.1.1:8095/crowd
<Location /crowd>
Order allow,deny
Allow from all
</Location>

■confluence - server.xml
<Server port="8000" shutdown="SHUTDOWN" debug="0">
<Service name="Tomcat-Standalone">
<Connector className="org.apache.coyote.tomcat4.CoyoteConnector" port="8090" minProcessors="5"
maxProcessors="75"
enableLookups="false" redirectPort="8443" acceptCount="10" debug="0" connectionTimeout="20000"
useURIValidationHack="false" URIEncoding="UTF-8"/>
<Engine name="Standalone" defaultHost="localhost" debug="0">

<Host name="localhost" debug="0" appBase="webapps" unpackWARs="true" autoDeploy="false">

<Context path="/confluence" docBase="../confluence" debug="0" reloadable="true">
<!-- Logger is deprecated in Tomcat 5.5. Logging configuration for Confluence is specified in confluence/WEB-INF/classes/log4j.properties -->
<Manager pathname="" />
</Context>
</Host>

</Engine>

<!--
To run Confluence via HTTPS:

•Uncomment the Connector below
•Execute:
%JAVA_HOME%\bin\keytool -genkey -alias tomcat -keyalg RSA (Windows)
$JAVA_HOME/bin/keytool -genkey -alias tomcat -keyalg RSA (Unix)
with a password value of "changeit" for both the certificate and the keystore itself.
•Restart and visit https://localhost:8443/
For more info, see http://confluence.atlassian.com/display/DOC/Adding+SSL+for+Secure+Logins+and+Page+Security
-->
<Connector port="8090" maxHttpHeaderSize="8192"
maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
enableLookups="false" redirectPort="8443" acceptCount="100"
connectionTimeout="20000" disableUploadTimeout="true"
proxyName="http://a.domain.net/" proxyPort="80"/>
</Service>
</Server>

■confluence - seraph-config.xml
<security-config>
<parameters>
<init-param>
<param-name>login.url</param-name>
<param-value>/login.action?os_destination=$

{originalurl}

</param-value>
</init-param>
<init-param>
<param-name>link.login.url</param-name>
<param-value>/login.action</param-value>
</init-param>
<init-param>
<param-name>cookie.encoding</param-name>
<param-value>cNf</param-value>
</init-param>
<init-param>
<param-name>login.cookie.key</param-name>
<param-value>seraph.confluence</param-value>
</init-param>

<!only basic authentication available>
<init-param>
<param-name>authentication.type</param-name>
<param-value>os_authType</param-value>
</init-param>

<!-- Invalidate session on login to prevent session fixation attack -->
<init-param>
<param-name>invalidate.session.on.login</param-name>
<param-value>true</param-value>
</init-param>
<!-- Add names for session attributes that must not be copied to a new session when the old one gets invalidated.
Currently it is empty (i.e. all attributes will be copied). -->
<init-param>
<param-name>invalidate.session.exclude.list</param-name>
<param-value></param-value>
</init-param>
</parameters>

<rolemapper class="com.atlassian.confluence.security.ConfluenceRoleMapper"/>
<controller class="com.atlassian.confluence.setup.seraph.ConfluenceSecurityController"/>

<!-- Default Confluence authenticator, which uses the configured user management for authentication. -->

<!-- Custom authenticators appear below. To enable one of them, comment out the default authenticator above and uncomment the one below. -->
<!-- Authenticator with support for Crowd single-sign on (SSO). -->
<authenticator class="com.atlassian.confluence.user.ConfluenceCrowdSSOAuthenticator"/>
<!-- Specialised version of the default authenticator which adds authenticated users to confluence-users if they aren't already a member. -->
<!-- <authenticator class="com.atlassian.confluence.user.ConfluenceGroupJoiningAuthenticator"/> -->

<services>
<service class="com.atlassian.seraph.service.PathService">
<init-param>
<param-name>config.file</param-name>
<param-value>seraph-paths.xml</param-value>
</init-param>
</service>
</services>

<elevatedsecurityguard class="com.atlassian.confluence.security.seraph.ConfluenceElevatedSecurityGuard"/>

</security-config>

■confluence - crowd.properties

application.name confluence
application.password ****
application.login.url http://a.domain.net/crowd/console/

crowd.server.url http://a.domain.net/crowd/services/
crowd.base.url http://a.domain.net/crowd/

session.isauthenticated session.isauthenticated
session.tokenkey session.tokenkey
session.validationinterval 2
session.lastvalidation session.lastvalidation


Answer
Watch
Like Be the first to like this
3068 views

2 answers

0 votes
LuizA
LuizA
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
February 4, 2013

Hello Sunghwann,

In a first approach I would suggest you to double-check the configuration of SSO with your Crowd version, maybe some detail about the configuration itself can be wrong (this happens), you can follow this documentation that explains how it works and how to configure:

https://confluence.atlassian.com/display/CROWD025/Single+Sign-On

If doesn't help I would suggest you to raise a support ticket at our support.atlassian.com and so we can take a better look at your environment in order to find a resolution/workaround for you.

I hope this helps.

Best Regards,

LJ.

Reply
0 votes
Sven Lecherbonnier
Sven Lecherbonnier January 28, 2013

Hi Sunghwann,

What is your CROWD / Confluence ?

Regards,

Sven.

View More Comments
sunghwan lee
sunghwan lee January 28, 2013

Hi Sven.

crowd = 2.5.2

confluence = 4.3.2

Regards,

Sunghwan.

Like
Reply

Suggest an answer

Log in or Sign up to answer
Confluence
Confluence
TAGS
AUG Leaders

Atlassian Community Events

    See all events
    Community
    Forums
    FAQs Forums guidelines
    Learning
    About learning Resources
    Events
    Champions
    Copyright © 2025 Atlassian
    Privacy Policy Terms Security
    Welcome illustration

    Welcome to the new Atlassian Community

    Online forums and learning are now in one easy-to-use experience.

    By continuing, you accept the updated Community Terms of Use and acknowledge the Privacy Policy. Your public name, photo, and achievements may be publicly visible and available in search engines.