This content refers to several wiki pages managed by others. The steps listed below attempts to streamline the process required to configure Confluence with JCIFS.
 | NTLM v1 Only Configuring Confluence to work with JCIFS using the filter configuration described below only works with NTLM v1. See JCIFS Frequently Asked Questions for more information. |
 | NTLM and Anonymous Access If you want to enable NTLM with Confluence as well as allow for anonymous access with Confluence, please review NTLM and Anonymous Access. |
1. Download latest jar from http://jcifs.samba.org/src/ and place in Confluence (\confluence\WEB-INF\lib)
2. Add the attached file named "customauth-0.4.jar" to Confluence (\confluence\WEB-INF\lib)
| The customauth-0.4.jar is heavily based on the code for the "Apache custom Seraph authenticator for Confluence"
The configuration for the customauth-0.4.jar is also based on the information related to the "NTLM Authenticator for Confluence" (particularly the reference to LDAP User Management). |
3. Configure Confluence with LDAP User Management
See the attached "atlassian-user.xml" for an example integration with Active Directory.
| Customising atlassian-user.xml also contains excellent information to help understand how to edit this file. |
4. Test access to Confluence using current "Login" page with both Active Directory accounts and non-Active Directory accounts
| You will need to configure the Active Directory accounts to have appropriate permissions in Confluence (i.e.: adding to the confluence-users group) |
5. Update \confluence\web-inf\web.xml to contain additional filter settings to support JCIFS
See JCIFS NTLM HTTP Authentication for more filter examples.
5a. Add the following filter as the last filter before <filter-mapping>
You will need to change the values to match your specific environment.
Filter
<filter>
<filter-name>NtlmHttpFilter</filter-name>
<filter-class>jcifs.http.NtlmHttpFilter</filter-class>
<init-param>
<param-name>jcifs.http.domainController</param-name>
<param-value>PLACE DOMAIN CONTROLLER IP ADDRESS HERE</param-value>
</init-param>
<!--
always needed for preauthentication / SMB signatures
-->
<init-param>
<param-name>jcifs.smb.client.domain</param-name>
<param-value>PLACE DOMAIN NAME HERE (e.g., mydomain.local)</param-value>
</init-param>
<init-param>
<param-name>jcifs.smb.client.username</param-name>
<param-value>PLACE DOMAIN ACCOUNT HERE (do not prefix with "<domain>\")</param-value>
</init-param>
<init-param>
<param-name>jcifs.smb.client.password</param-name>
<param-value>PLACE DOMAIN PASSWORD HERE</param-value>
</init-param>
</filter>
5b. Add the following filter-mapping just before the "login" filter-mapping
Filter-Mapping
<filter-mapping>
<filter-name>NtlmHttpFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
6. Set the <authenticator> in the "\confluence\WEB-INF\classes\seraph-config.xml" file to the following
<authenticator class="com.pixelpark.seraph.SSOAuthenticator"/>
Comments (2)
Mar 10
Eric Bardoux says:
Hi, Is this NTLM filter also active for rss feeds ? If so, what is the url i s...Hi,
Is this NTLM filter also active for rss feeds ?
If so, what is the url i should type to use this NTLM authentication even when calling an rss feed? For now, the default feed url shows a : os_authType=basic
Thanks
Eric
Apr 16
Bruno Domenici says:
My config works well, but now my Confluence doesn't open any content under http:...My config works well, but now my Confluence doesn't open any content under http://server:port/display/
Any idea!?
Edit:
Problem solved. Actually, the problem wasn't JCIFS, the problem was the version of servlet specification under Weblogic:
http://confluence.atlassian.com/display/DOC/Known+Issues+for+WebLogic#KnownIssuesforWebLogic-DeployingConfluence2.8(ornewer)onWeblogic9.2