| Name | RADIUS Authenticator for Confluence and Jira |
|---|---|
| Vendor | Comala Technology Solutions, Inc. (Website) |
| Author(s) | Roberto Dominguez |
| Homepage | http://confluence.atlassian.com/display/CONFEXT/RADIUS+Authenticator+for+Confluence+and+Jira |
| Categories | Single Sign-on and Authentication |
| Version | 1.0 |
| Availability | Confluence 2.3.3, Jira 3.6.5 |
| State | Stable |
| Price | Free |
| License | Open Source (BSD) |
| Download JAR | radiusauth-1.0.jar (md5 6c25957368025677a65d5654903db291) |
| Download Source | radiusauth-1.0-src.jar (md5 e9970d74e6a148ba68e96ea9bea5a27b) |
Overview
A very simple RADIUS authenticator for Confluence and Jira that can be used for SecurID token authentication.
It is a very simple implementation, with only a few classes and uses no third party libraries.
It contains a tool that can be used to validate the RADIUS server connection.
Installation
Copy radiusauth-1.0.tar (md5 6c25957368025677a65d5654903db291) into Jira/Confluence's WEB-INF/lib
Configuration
 | Before changing Confluence or Jira, it is recommended that you test the radius server before. |
Edit WEB-INF/classes/seraph-config.xml and replace the existing <authenticator> element with the following:
<authenticator class="CONFLUENCE_OR_JIRA_AUTHENTICATOR">
<init-param>
<param-name>radiusauth.server</param-name>
<param-value>YOUR_RADIUS_SERVER_HOST_OR_IP</param-value>
</init-param>
<init-param>
<param-name>radiusauth.shared-secret</param-name>
<param-value>THE_SHARED_SECRET</param-value>
</init-param>
<init-param>
<param-name>radiusauth.port</param-name>
<param-value>1812</param-value>
</init-param>
<init-param>
<param-name>radiusauth.timeout</param-name>
<param-value>6000</param-value>
</init-param>
<init-param>
<param-name>radiusauth.attempts</param-name>
<param-value>3</param-value>
</init-param>
</authenticator>
| Parameter | Description | Default |
|---|---|---|
| authenticator class | com.comalatech.seraph.auth.ConfluenceRadiusAuthenticator com.comalatech.seraph.auth.JiraRadiusAuthenticator |
|
| radiusauth.server | ip-address/host of the Radius Server | |
| radiusauth.shared-secret | Shared-secret | |
| radiusauth.port | Authentication Port | 1812 |
| radiusauth.timeout | Time out for the UDP socket | 6000 |
| radiusauth.attempts | number of attempts to contact the Radius Server | 3 |
 | You will need to restart the server |
Version History
| Version | Description |
|---|---|
| 1.0 | Changed license to BSD and provide now a binary distribution |
| 0.9 | Initial public release |
Troubleshooting
Testing RADIUS Authentication
You can test the RADIUS authentication independently by running the test application
java -classpath radiusauth-1.0.jar com.comalatech.radius.RadiusAuthenticator <host> <shared-secret>
RSA Authentication Manager configuration
- You have to define Both an Agent Host and a RADIUS Client with the IP address of the Confluence server. Make sure you select Standard Radius as Make/Model
Logs
- look at the logs directory for obvious issues. The authenticator is pretty silent, but proper exception handling was used to ensure any error is logged by Confluence.
- You'll have a better idea of what's going on by looking at the Radius Server logs
Limitations
- It performs basic authentication and validates only that the response is Access-Accept and does not check any of the response attributes
- Supports only PAP
- Single RADIUS server
- Was meant to work with RSA's RADIUS server, so I didn't get to test it with other servers, but it is pretty standard.
- Tested on Jira 3.6.5-#161 and Confluence 2.3.3 Build:#527
Acknowledgments
The RADIUS client was written based on jradius-client but reduced to only three classes.
To do
- CHAP
- Support for multiple RADIUS servers
- Logging failed attempts?
- Option to use regular authentication if loging in form local network?