Just a heads up: On March 24, 2025, starting at 4:30pm CDT / 19:30 UTC, the site will be undergoing scheduled maintenance for a few hours. During this time, the site might be unavailable for a short while. Thanks for your patience.

×
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Basic authentication delegation with TMG

Ole Erik Skare
Ole Erik Skare
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
May 19, 2012

Hi!

Is there someone here using TMG as reverse proxy for access to Confluence?

I can access Confluence through TMG, but delegation of credentials does not work, so I get asked for creds. two times. Once for TMG and once for Confluence. Team Calendar subscription from Outlook does not work because of this.

The listener is set to provide HTTP Authentication Basic, and authentication delegation is set to basic authentication. Somehow TMG is unable to pass credentials to Confluence. I have not done any configuration changes to Confluence with regards to this as I do not know what to do.

Some hints would be appreciated :)

Answer
Watch
Like Mehmet Kazgan likes this
974 views

1 answer

0 votes
Manse Wolken
Manse Wolken
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
January 23, 2015

Well,  a bit late maybe...

But this is how it works:

Client -> (TMG) -> (IIS on Confluence Server) -> Confluence (via AJP)

Confluence uses a custom authenticator which enables it to use the remote-user header (and trusting it fully).

The IIS is for authentication of the user (kerberos or NTLM). The TMG will act as a proxy and thus have the users NTLM or kerberos Session (that is why the user only has to authenticate at the TMG).

 

A different setup would be:

  1. Using Apache or an other kerberos enabled web server
  2. Using Plugins to enable Confluence to use kerberos directly. (There is at least one provider, because we use this solution for Jira)

Other solutions are, of course, possible.

Reply

Suggest an answer

Log in or Sign up to answer
Confluence
Confluence
TAGS
AUG Leaders

Atlassian Community Events

    See all events