Configure Confluence to Use a Custom Authenticator and JCIFS

This content refers to several wiki pages managed by others. The steps listed below attempts to streamline the process required to configure Confluence with JCIFS.

NTLM v1 Only
Configuring Confluence to work with JCIFS using the filter configuration described below only works with NTLM v1. See JCIFS Frequently Asked Questions for more information.
NTLM and Anonymous Access

If you want to enable NTLM with Confluence as well as allow for anonymous access with Confluence, please review NTLM and Anonymous Access.
1. Download latest jar from http://jcifs.samba.org/src/ and place in Confluence (\confluence\WEB-INF\lib) 
2. Add the attached file named "customauth-0.4.jar" to Confluence (\confluence\WEB-INF\lib)
The customauth-0.4.jar is heavily based on the code for the "Apache custom Seraph authenticator for Confluence"

The configuration for the customauth-0.4.jar is also based on the information related to the "NTLM Authenticator for Confluence" (particularly the reference to LDAP User Management).

3. Configure Confluence with LDAP User Management

See the attached "atlassian-user.xml" for an example integration with Active Directory.

Customising atlassian-user.xml  also contains excellent information to help understand how to edit this file.
4. Test access to Confluence using current "Login" page with both Active Directory accounts and non-Active Directory accounts
You will need to configure the Active Directory accounts to have appropriate permissions in Confluence (i.e.: adding to the confluence-users group)
5. Update \confluence\web-inf\web.xml to contain additional filter settings to support JCIFS

See JCIFS NTLM HTTP Authentication for more filter examples.

5a. Add the following filter as the last filter before <filter-mapping>

You will need to change the values to match your specific environment.

Filter
<filter>
     <filter-name>NtlmHttpFilter</filter-name>
     <filter-class>jcifs.http.NtlmHttpFilter</filter-class>

     <init-param>
	<param-name>jcifs.http.domainController</param-name>
	<param-value>PLACE DOMAIN CONTROLLER IP ADDRESS HERE</param-value>
     </init-param>

     <!--
	always needed for preauthentication / SMB signatures
     -->
     <init-param>
	<param-name>jcifs.smb.client.domain</param-name>
	<param-value>PLACE DOMAIN NAME HERE (e.g., mydomain.local)</param-value>
     </init-param>
     <init-param>
	<param-name>jcifs.smb.client.username</param-name>
	<param-value>PLACE DOMAIN ACCOUNT HERE (do not prefix with "<domain>\")</param-value>
     </init-param>
     <init-param>
	<param-name>jcifs.smb.client.password</param-name>
	<param-value>PLACE DOMAIN PASSWORD HERE</param-value>
     </init-param>
</filter>
5b. Add the following filter-mapping just before the "login" filter-mapping
Filter-Mapping
<filter-mapping>
     <filter-name>NtlmHttpFilter</filter-name>
     <url-pattern>/*</url-pattern>
</filter-mapping>
6. Set the <authenticator> in the "\confluence\WEB-INF\classes\seraph-config.xml" file to the following
    <authenticator class="com.pixelpark.seraph.SSOAuthenticator"/>
Enter labels to add to this page:
Please wait 
Looking for a label? Just start typing.
  1. Mar 10

    Eric Bardoux says:

    Hi, Is this NTLM filter also active for rss feeds ? If so, what is the url i s...

    Hi,

    Is this NTLM filter also active for rss feeds ?

    If so, what is the url i should type to use this NTLM authentication even when calling an rss feed? For now, the default feed url shows a : os_authType=basic

    Thanks

    Eric

  2. Apr 16

    Bruno Domenici says:

    My config works well, but now my Confluence doesn't open any content under http:...

    My config works well, but now my Confluence doesn't open any content under http://server:port/display/

    Any idea!?

    Edit:

    Problem solved. Actually, the problem wasn't JCIFS, the problem was the version of servlet specification under Weblogic:

    http://confluence.atlassian.com/display/DOC/Known+Issues+for+WebLogic#KnownIssuesforWebLogic-DeployingConfluence2.8(ornewer)onWeblogic9.2