Configure Confluence to Use a Custom Authenticator and JCIFS
This content refers to several wiki pages managed by others. The steps listed below attempts to streamline the process required to configure Confluence with JCIFS.
| NTLM and Anonymous Access If you want to enable NTLM with Confluence as well as allow for anonymous access with Confluence, please review NTLM and Anonymous Access. |
1. Download latest jar from http://jcifs.samba.org/src/ and place in Confluence (\confluence\WEB-INF\lib)
2. Add the attached file named "customauth-0.4.jar" to Confluence (\confluence\WEB-INF\lib)
The customauth-0.4.jar is heavily based on the code for the "Apache custom Seraph authenticator for Confluence" |
3. Configure Confluence with LDAP User Management. See the attached "atlassian-user.xml" for an example integration with Active Directory
| Customising atlassian-user.xml also contains excellent information to help understand how to edit this file. |
4. Test access to Confluence using current "Login" page with both Active Directory accounts and non-Active Directory accounts
| You will need to configure the Active Directory accounts to have appropriate permissions in Confluence (i.e.: adding to the confluence-users group) |
5. Update \confluence\web-inf\web.xml to contain additional filter settings to support JCIFS. See JCIFS NTLM HTTP Authentication for more filter examples.
5a. Add the following filter as the last filter before <filter-mapping>. You will need to change the values to match your specific environment.
<filter>
<filter-name>NtlmHttpFilter</filter-name>
<filter-class>jcifs.http.NtlmHttpFilter</filter-class>
<init-param>
<param-name>jcifs.http.domainController</param-name>
<param-value>PLACE DOMAIN CONTROLLER IP ADDRESS HERE</param-value>
</init-param>
<!--
always needed for preauthentication / SMB signatures
-->
<init-param>
<param-name>jcifs.smb.client.domain</param-name>
<param-value>PLACE DOMAIN NAME HERE (e.g., mydomain.local)</param-value>
</init-param>
<init-param>
<param-name>jcifs.smb.client.username</param-name>
<param-value>PLACE DOMAIN ACCOUNT HERE (do not prefix with "<domain>\")</param-value>
</init-param>
<init-param>
<param-name>jcifs.smb.client.password</param-name>
<param-value>PLACE DOMAIN PASSWORD HERE</param-value>
</init-param>
</filter>
5b. Add the following filter-mapping just before the "login" filter-mapping.
<filter-mapping>
<filter-name>NtlmHttpFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
6. Set the <authenticator> in the "\confluence\WEB-INF\classes\seraph-config.xml" file to the following.
<authenticator class="com.pixelpark.seraph.SSOAuthenticator"/>
