Forums
Home Product Q&A Discussion groups Articles Ask a question Search
Learning
Events
Champions

Forums

Articles
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Confluence Rest API windows authentication.

serwan gupta
serwan gupta December 16, 2017

Hi Team, I'm looking to authenticate confluence rest api (with windows authentication). I have already implemented basic authentication but want to switch to windows authentication for obvious reason (don't want to hard-code username /password). please suggest any resource/guide to achieve this. Tired of searching Confluence Online Help but nothing got anything specific to this.

Answer
Watch
Like Be the first to like this
3490 views

3 answers

0 votes
Neha Sharma
Neha Sharma
Contributor
April 1, 2019

Hi,

I have a requirement something similar to this. I'm developing a plugin in confluence in which I have to make api calls to our internal applications from the Java code. Our internal api applications accept only NTLM authentication (Windows Authentication). Below is the code that I'm using currently, but it seems that it is not working - 

import java.io.BufferedReader;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.net.*;

public class NT {

    static final String kuser = "[USERNAME]"; 
    static final String kpass = "[PASSWORD]"; 

    static class MyAuthenticator extends Authenticator {
        public PasswordAuthentication getPasswordAuthentication() {
            return (new PasswordAuthentication(kuser, kpass.toCharArray()));
        }
    }

    public static void main(String[] args) throws Exception {
        CookieHandler.setDefault(new CookieManager(null, CookiePolicy.ACCEPT_ALL));
        Authenticator.setDefault(new MyAuthenticator());
        URL url = new URL("<api-url>");
        URLConnection connection = url.openConnection();
        InputStream ins = connection.getInputStream();
        BufferedReader reader = new BufferedReader(new InputStreamReader(ins));
        String str;
        while((str = reader.readLine()) != null)
            System.out.println(str);
    }
}

can someone suggest a get around for this please.

Thanks,

Neha 

Reply
0 votes
Lars Olav Velle
Lars Olav Velle
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
December 16, 2017

Hi @serwan gupta

I work for the vendor Kantega Single Sign-on.

Kerberos for REST can be enabled inside our add-ons.

Have a look at https://marketplace.atlassian.com/search?query=kantega

 

If you need any help, just write en email to our support team sso@kantega.no

 

Cheers,

Lars

View More Comments
serwan gupta
serwan gupta December 17, 2017

@Lars: I've already checked that. what I understand is it is not ATLASSIAN product and I would require to purchase it explicitly. if I already have confluence/jira licence then just for getting authentication feature i would not go for other vendor product. Moreover purchasing a plugin would require a whole new process trigger at my organisation with business justification. Also, I didn't find any code sample for (C#.NET, Angular or any other javascript library)

my question was if the basic authentication is possible without any plugin and then why not Kerberos? There should be some support from ATLASSIAN

Like
Lars Olav Velle
Lars Olav Velle
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
December 17, 2017

@serwan gupta 

Imaging authentications failing for 1 user, 10 users or perhaps all users. You are waiting for support, and meanwhile people are getting a blank screen. Perhaps it is not working through VPN. Is it network or DNS related? What if you have a large forest of AD`s and SSO does not work for multiple domains, or 3 standalone domain that all want to have SSO?

What I`m saying is that Kerberos is a quite tricky technology and my guess is that Atlassian does not have the expertise to handle all the support it would require. 

I would rather have this add-on delivered from a company that specializes in single sign-on.

Our support team will answer any questions within minutes. In most cases we are able to see the problem right away due to our many built-in test tools. If not, we help customers through remote screen sharing.

 

At least at the moment Atlassian has no way of offering Kerberos to JIRA/Confluence.

Cheers,
Lars

Like
Lars Olav Velle
Lars Olav Velle
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
December 17, 2017

Making an add-on that can log in a user is straight forward if you know what you are doing.

  • What if you also want users to be able to log in as a different users. (actually able to log out)
  • Authenticate to service desk, open confluence attachments without entering their username and password
  • Limit Kerberos to certain IP-ranges
  • Not break any monitoring software
  • Not break application links
  • Not break anonymously view-able pages like filters etc
  • Authenticate users even if the application does NOT require the user to authenticate
  • Etc

Many of our customers are coming to us because the internal development and testing is taking up too much time.

Atlassian changes their product from time to time, and this occasionally breaks the integrations. Sometimes it`s an easy fix, sometimes it`s not. This all depends on what you want to spend your time doing ;-)

 

-Lars 

Like
Reply
0 votes
Bruno Vincent
Bruno Vincent
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
December 16, 2017

Hi @serwan gupta,

You will need a Kerberos plugin for this. You can find many of them on Atlassian Marketplace: https://marketplace.atlassian.com/search?query=kerberos

I work for the vendor of the IWAAC Kerberos SSO plugin.

You will find code examples (in Groovy, Powershell and Python) of REST clients authenticating with Kerberos on this page. Please note that these examples are not specific to our plugin and thus they should work with any other Kerberos vendor's plugin.

View More Comments
serwan gupta
serwan gupta December 17, 2017

@Bruno Vincent: I've already checked that. what I understand is it is not ATLASSIAN product and I would require to purchase it explicitly. if I already have confluence/jira licence then just for getting authentication feature i would not go for other vendor product. Moreover purchasing a plugin would require a whole new process trigger at my organisation with business justification. Also, I didn't find any code sample for (C#.NET, Angular or any other javascript library)

my question was if the basic authentication is possible without any plugin and then why not Kerberos? There should be some support from ATLASSIAN

Like
Bruno Vincent
Bruno Vincent
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
December 17, 2017

Hi @serwan gupta

As of today Atlassian does not provide that feature. So you basically have two solutions:

Again, the good news about vendors plugins is that you can find many of them on Atlassian Marketplace so you can easily test them and choose the one that you like the most and best fits your needs and requirements.

Regarding code sample, JavaScript running in a browser will rely upon the browser's native Kerberos support so that should be pretty straightforward. In C#, you can use the WebClient class along with its UseDefaultCredentials property, it will have the same behaviour as in our Powershell example.

Like
serwan gupta
serwan gupta December 17, 2017

Thanks! @Bruno Vincent for the update. we will look into how to proceed on this.

Like
Reply

Suggest an answer

Log in or Sign up to answer
Confluence
Confluence
TAGS
AUG Leaders

Atlassian Community Events

    See all events
    Community
    Forums
    FAQs Forums guidelines
    Learning
    About learning Resources
    Events
    Champions
    Copyright © 2025 Atlassian
    Privacy Policy Terms Security
    Welcome illustration

    Welcome to the new Atlassian Community

    Online forums and learning are now in one easy-to-use experience.

    By continuing, you accept the updated Community Terms of Use and acknowledge the Privacy Policy. Your public name, photo, and achievements may be publicly visible and available in search engines.