Forums
Home Product Q&A Discussion groups Articles Ask a question Search
Learning
Events

Forums

Articles
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

How do I set up application links where address of 3rd party application servers is unknown?

MICHAEL O'Neill
MICHAEL O'Neill
Contributor
August 5, 2011

Hi folks!

I'd like to use Confluence's support for Basic HTTP Authentication for an Application Link to allow for a 3rd party app to log in to confluence under a specific account.

Everything looks doable using the application links setup, except for the fact that you need to know the URL of the application sending the authentication information to Confluence. What do we do when this is not know? For example, what if we have multiple instances of this application at different URLs that we want to allow to access Confluence? Or, what if their URLs change?

Is there a way that we can have Confluence grant access for any incoming traffic that uses the correct basic HTTP authentication credentials regardless of what its URL is?

In short, here's what I'm trying to achieve:

  1. Confluence server is locked down so there is no anonymous access.
  2. Users of 3rd party system can click a link in 3rd party system to open a page in confluence. From then on they can browse around content in confluence until (and unless) they decide to log out (or their session times out, etc).
  3. Note: 3rd party system may be installed in multiple concurrent locations, might not know their URLs, etc...
Answer
Watch
Like Michael Faux likes this
1410 views

2 answers

1 accepted

1 vote
Answer accepted
RyanA
RyanA August 8, 2011

You shouldn't need to do anything to configure incoming basic authentication into Confluence.

I know it's confusing but configuring incoming basic authentication via Application Links is used to make it easier to set up a 2-way link between two Application Link aware applications. These are usually Atlassian applications. For example, JIRA and Confluence.

The trick to doing what you want is that Confluence won't send a basic challenge via a 401 http response but instead will try and redirect an unauthenticated request to the login screen. Therefore, your 3rd party app will need to send the basic credentials in its request without being challenged. Does this make sense?

View More Comments
MICHAEL O'Neill
MICHAEL O'Neill
Contributor
August 8, 2011

Interesting Ryan! So, you'd do something like this (python example)?

import urllib
f = urllib.urlopen("http://username:password@www.example.com/spacekey/pagename")
print f.read()

Strange example I know. I'm just trying to verify the syntax for passing username and password through the request. You do it this way, and not via key value pairs or some other means, correct?


Like
RyanA
RyanA August 10, 2011

No, you need to set the basic Auth headers. AFAIK, that syntax depends on your browser transforming the url into a proper Basic Auth request.

I don't know python but you want something like

import urllib 
opener = urllib.URLOpener({})
opener.addheader("Authorization", "Basic " + base64.b64encode("Aladdin:open sesame"))
f = opener.open("http://www.example.com/spacekey/pagename")

Like
Reply
1 vote
Jim Birch
Jim Birch
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
August 8, 2011

That doesn't sound too secure to me, which would be why it isn't supported. What you are saying is that you will allow anyone to access your server if they have authenticated with their own server, no matter what server it was. I think you'd be better advised to really determine who you will extend trust to.

View More Comments
MICHAEL O'Neill
MICHAEL O'Neill
Contributor
June 3, 2012

Hi Jim!

I think the intent here is to do this: In instances of our web application, we have a certain class of users (administrators) who will be in and out of the confluence server (documentation). We will create accounts for these users in confluence, but want to provide them with a seamless experience so if they follow a link to a confluence page from our application, they will be logged in under their own account and won't be prompted for a PW.

In my initial description, "users" was a bit broad. It is NOT any user of our application...it is only administrators (and we will create accounts for each of them).

So I think what I am saying is this, "Any administer of our system will have an account created in confluence, and can follow links from our apps to pages in confluence. Authentication will take place transparently to the user when they follow these links."

-Michael

Like
Reply

Suggest an answer

Log in or Sign up to answer
Confluence
Confluence
TAGS
AUG Leaders

Atlassian Community Events

    See all events
    Community
    Forums
    FAQs Forums guidelines
    Learning
    About learning Resources
    Events
    Copyright © 2025 Atlassian
    Privacy Policy Terms Security
    Welcome illustration

    Welcome to the new Atlassian Community

    Online forums and learning are now in one easy-to-use experience.

    By continuing, you accept the updated Community Terms of Use and acknowledge the Privacy Policy. Your public name, photo, and achievements may be publicly visible and available in search engines.