NTLM Authentication

Added by Jeff Turner, last edited by Jean-Baptiste Catté on Dec 01, 2008  (view change)
Name NTLM Authentication
Version 0.5.2
Author(s) Daniel Pavel
Download latest stable version is 0.5.2, latest beta is 0.5.3
Source (Subversion) http://svn.atlassian.com/svn/public/contrib/jira/ntlmauth4jira
License BSD
JIRA Version(s) 3.6, 3.7
Issue Tracking http://developer.atlassian.com/jira/browse/NTLM
JIRA bug# http://jira.atlassian.com/browse/JRA-2398
Source Download  

News

  • 2007-09-10 : beta 0.5.3 uploaded
    • fixed NTLM-1
    • attempts to fix some plain form login issues
  • 2007-02-07 : bugfix release 0.5.2, Jira-only
    • support for Jira 3.6 & 3.7
    • allow uppercase in username
    • workaround for RPC support
    • detect basic authentication attempts
  • 2007-02-05 : new release 0.6.2-rc1 (broken, don't use it)
    • should work with Jira 3.6 & 3.7
    • new domain settings detection code
  • 2006-03-26 : bugfix release 0.5.1

General Description

This package (ntlmauth for Jira) is a NTLM-aware authentication filter for Atlassian Jira. It adds support for SSO in a corporate intranet.

The idea is to support NTLM login for one or more Windows domains, while also allowing the standard (form) Jira login when NTLM is not available or not allowed to the user. NTLM login can be restricted to a certain group of users within Jira.

The filter does all the NTLM business through jCIFS (http://jcifs.samba.org), so the computer Jira runs on must be part of a Windows domain.

Because this authentication feature is most likely to be used inside Windows AD intranets, the filter can, optionally, auto-create successfully authenticated domain users that do not already exist in Jira. This should make the initial deployment of Jira inside such network configurations somewhat easier.

For AD domains, if a LDAP configuration is associated, some user data can be pulled from the LDAP server (full user name and email). Access to Jira through NTLM can be limited to a certain LDAP group. Also, user login is allowed only if the user, property authenticated through NTLM, is also present in the LDAP server.

Known Issues

jcifs.smb.SmbAuthException: Invalid access to memory location

Occurs when more than one Domain Controller might respond to an authentication request (e.g. you have a primary and a backup DC).
NTLM being a two-phase protocol, ntlmauth4jira might send the two requests to different DCs. In this case, the second DC will not recognize the primary request as originating from itself, and will deny access.
Workaround: specify a domainController in your ntlm_auth.properties file. A fix is in the works.

Labels

plugin plugin Delete
ntlm ntlm Delete
nt nt Delete
domain domain Delete
windows windows Delete
Enter labels to add to this page:
Please wait 
Looking for a label? Just start typing.

Comments (123)

 

  1. Mar 17, 2006

    Lars Torunski says:

    Daniel, please add your source and the binaries in a "standard" zip-file under "...

    Daniel, please add your source and the binaries in a "standard" zip-file under "Attachments" in Confluence. Not all users and companies have a bz2 uncompress tool installed.

  2. Aug 24, 2006

    Jakob Gormsen says:

    Does someone have experiences with using this plugin with JIRA 3.6? - In that ca...

    Does someone have experiences with using this plugin with JIRA 3.6? - In that case: Does it work with JIRA 3.6?

  3. Aug 28, 2006

    Wojciech Seliga says:

    It worked fine for us with version 3.6.2, but after recent upgrade to 3.6.4 it s...

    It worked fine for us with version 3.6.2, but after recent upgrade to 3.6.4 it seems it stopped working...

    Daniel: have you checked it?

    BTW: great plugin  

    1. Oct 10, 2006

      Wojciech Seliga says:

      Hmm, after a few restarts, NTLM with 3.6.4 also works fine.

      Hmm, after a few restarts, NTLM with 3.6.4 also works fine.

  4. Oct 31, 2006

    Paolo Di Tommaso says:

    I'm using this plug-in with JIRA 3.6.5. It  works fine with Firefox but I'v...

    I'm using this plug-in with JIRA 3.6.5. It  works fine with Firefox but I've experienced the following problem with Internet Explorer.

    Since Windows domain names are case insensitive, if any names contains upper case characters Internet Explore will pass to JIRA as is.

    But JIRA accepts as valid names only lower case strings and so login will fail.

    I've solved with the simple attached path.

    - Paolo

    1. Nov 06, 2006

      Christian Hille says:

      Paolo, I'm running JIRA on windows and it seems that I run into the same as you ...

      Paolo, I'm running JIRA on windows and it seems that I run into the same as you with ntlm authentication.

      How can I recreate the jar file on windows with your changes? Can you send me the jar file with your changes?

      - Christian 

  5. Nov 03, 2006

    Christian Hille says:

    I'm new to jira. We have jira running on windows. How do I get the plugin into m...

    I'm new to jira. We have jira running on windows. How do I get the plugin into my installation?

    I copied jcifs-1.2.9.jar and ntlmauth-0.5.1.jar into atlassian-jira\WEB-INF\lib and restarted several times. But plugin does not appear in plugin list.

    What is my fault?

     - Christian

    1. Nov 06, 2006

      Christian Hille says:

      I got it running but it seems that I have the same as Paolo one comment before. ...

      I got it running but it seems that I have the same as Paolo one comment before. The ntlm says ok, but I will not login into jira.

      - Christian

    2. Feb 12, 2007

      Daniel Pavel says:

      The extension is not a plugin per se - it does not register as a Jira plugin...

      The extension is not a plugin per se - it does not register as a Jira plugin, and cannot be enabled/disabled from the plugins administration page.

  6. Dec 15, 2006

    Jessica King says:

    I followed the basic install instructions and configured my properties file for ...

    I followed the basic install instructions and configured my properties file for my domain, but the authentication isn't working. I get the NTLM popup, but it won't authenticate. I've tried in both Firefox and IE, and I've tried with and without the domain prefix. I'm running JIRA Version 3.6.5-#161 under Java 1.5.0_09.

    Any ideas?

    1. Feb 06, 2007

      Daniel Pavel says:

      Hello, Could you send me a relevant log fragment (with NTLM initialization and ...

      Hello,

      Could you send me a relevant log fragment (with NTLM initialization and a few requests), after setting log level to DEBUG for ro.softwin (in WEB-INF/classes/log4j.properties) ?

      Thanks,
      -Daniel

  7. Jan 14, 2007

    Eric Li says:

    Is this package (ntlmauth for Jira) work for Confluence 2.3? Eric 

    Is this package (ntlmauth for Jira) work for Confluence 2.3?

    Eric 

    1. Jan 15, 2007

      Mike says:

      There is a NTLM authenticator for Confluence at http://svn.atlassian.com/fisheye...

      There is a NTLM authenticator for Confluence at http://svn.atlassian.com/fisheye/viewrep/public/contrib/confluence/ntlm-authenticator (not sure if it works with 2.3 though)

  8. Jan 25, 2007

    Jeff Kwan says:

    Looks like there are several bugs in the NTLM Auth and 3.7.x. 1)  Printabl...

    Looks like there are several bugs in the NTLM Auth and 3.7.x.

    1)  Printable and XML views of individual issues appears broken.  Looks like it might have something to do with the redirect

    2)  Editing the name of a Component fails, gives a permissions error.

    1. Feb 02, 2007

      Wojciech Seliga says:

      Hi, I also discovered exactly the same problems with NTLM plugin with JIRA 3.7....

      Hi,

      I also discovered exactly the same problems with NTLM plugin with JIRA 3.7.3. I will try to investigate the problem as no NTLM for us is a showstopper to upgrade to 3.7.3.

      Wojtek 

  9. Feb 05, 2007

    Daniel Pavel says:

    Hello, I've uploaded a newer version that should work with JIRA 3.6 and 3.7. Th...

    Hello,

    I've uploaded a newer version that should work with JIRA 3.6 and 3.7.
    The uppercase usernames issue should be fixed as well.

    This version is still a RC, if you have any issues with it please let me know.

    Cheers,
    -Daniel

    1. Feb 05, 2007

      Wojciech Seliga says:

      Daniel, Thanks a lot for your work. I checked your plugin and it more or less w...

      Daniel,

      Thanks a lot for your work. I checked your plugin and it more or less works with JIRA 3.7.3 in our corporate environment.
      I've written "more or less" as contrary to version 0.5.x now I have problems with accessing some of our DC-s (we have a few Active Directory domains and some of domain controllers cannot be reached), thus effective people for these domains have no NTLM.
      In log file I have (I specially changed our DC address to something dummy):

      Feb 5, 2007 4:02:51 PM ro.softwin.elearning.jiratools.SMBHelper findDCPort
      WARNING: SMB connection failed on InetAddress mydc.mycompany.com/100.101.102.103:139
      jcifs.smb.SmbException:
      jcifs.util.transport.TransportException: Connection timeout
      at jcifs.util.transport.Transport.connect(Transport.java:178)
      at jcifs.smb.SmbTransport.connect(SmbTransport.java:287)
      at jcifs.smb.SmbSession.getChallenge(SmbSession.java:146)
      at ro.softwin.elearning.jiratools.SMBHelper.findDCPort(SMBHelper.java:62)
      at ro.softwin.elearning.jiratools.DomainConfig.confirmDC(DomainConfig.java:228)
      at ro.softwin.elearning.jiratools.DomainConfig.readConfig(DomainConfig.java:115)
      at ro.softwin.elearning.jiratools.DomainConfig.<init>(DomainConfig.java:96)
      at ro.softwin.elearning.jiratools.NTLMConfig.readConfigurationS(NTLMConfig.java:94)
      at ro.softwin.elearning.jiratools.NTLMConfig.readConfiguration(NTLMConfig.java:61)
      at ro.softwin.elearning.jiratools.NTLMConfig.read(NTLMConfig.java:189)
      at ro.softwin.elearning.jiratools.AbstractNTLMLoginFilter.init(AbstractNTLMLoginFilter.java:90)
      at ro.softwin.elearning.jiratools.NTLMLoginFilter.init(NTLMLoginFilter.java:139)
      at org.apache.catalina.core.ApplicationFilterConfig.getFilter(ApplicationFilterConfig.java:223)
      ...
      Feb 5, 2007 4:53:40 PM ro.softwin.elearning.jiratools.NTLMConfig readConfigurationS
      WARNING: failed to properly init domain MYDOMAIN.MYCOMPANY.COM, disabled

      Any ideas? The previous version worked without any problem for many weeks...

      Another thing:
      Do I understand correctly that now in properties files "domain" property should include fully qualified domains? My previous settings included only the first part of domain name - however the new version of this plugin fails with it.

      When will you commit the sources to SVN to enable others debugging & analyzing the sources?

      Great work!

      Regards,
      Wojtek

      1. Feb 06, 2007

        Daniel Pavel says:

        Hello, For the first problem: in previous versions, localhost was used as a fal...

        Hello,

        For the first problem: in previous versions, localhost was used as a fallback DC, when a DC wasn't specified for the domain. This version does its best to autodetect DC and no longer uses localhost. Not the best idea, apparently.

        Try using "MYDOMAIN.domainController = localhost" in your configuration file. There's one thing I don't understand though – if those other DCs are not available (no direct connection, or machine down?), how did it work before? Trust domains?

        Second thing: you can now specify either "mydomain.mycompany.com", or "MYDOMAIN" in the configuration file. Having just the NetBios name (MYDOMAIN) allows me to guess the DC for the domain. Having the whole DNS name allows me to guess the exact DC and LDAP server address for that domain (LDAP credentials still have to be specified, though). But NTLM by itself should work with either configuration.

        As far as svn goes, I'll have to talk first to the Atlassian guys to give me access .

        Cheers,
        -Daniel

        1. Feb 06, 2007

          Wojciech Seliga says:

          Daniel, Thanks for your explanation. In fact I haven't set domainController. Bu...

          Daniel,

          Thanks for your explanation.
          In fact I haven't set domainController. But when I set it to "localhost" then often I get famous "jcifs.smb.SmbAuthException: Invalid access to memory location" exception.
          Now I am trying with separate domainController setting for each domain (with concrete DC host names instead of generic ones dynamically resolved in round-robin manner). It seems to work then.

          How it worked before: no idea
          For previous version I had no domainController setting too, but plugin somehow knew what to connect. We have dozens of domain controllers controlling our several trusted domains. At times, some DC-s may be down - and it should not cause NTLM to stop working as the authentication requests should dynamically be routed to up-and-running servers.

          With jcifs 1.2.9 and your old plugin I could just list all domains (not fully qualified). With jcifs 1.2.13 and both old and new plugin I have to fully qualify all my domains in domains setting.

          To receive access to SVN just write e-mail to SVN developer support.

          Regards,
          Wojtek

          1. Feb 25, 2007

            Erich Oliphant says:

            I think this may be similar.  I am using the latest version 0.5.2, i am run...

            I think this may be similar.  I am using the latest version 0.5.2, i am running on a linux server so I am specifying as single 'domain' and a 'domainController'.  At startup I am getting the following exception:

            2007-02-25 23:28:52,165 main WARN [softwin.elearning.jiratools.SMBHelper] SMB connection failed on InetAddress 192.168.3.11/192.168.3.11
            jcifs.smb.SmbException:
            jcifs.util.transport.TransportException
            java.net.ConnectException: Connection refused

             This IP address is that of the localhost, not the address I specified for the domainController.  Is this that 'fallback' behavior ?  I've upper and lower-cased the domain name to no avail.

            1. Feb 26, 2007

              Daniel Pavel says:

              Hello, When the configuration is read, ntlmauth4jira checks the localhost for a...

              Hello,

              When the configuration is read, ntlmauth4jira checks the localhost for a SMB connection, in case no DC is given. If you're running on Linux, and haven't configured SAMBA to act as a DC, then the WARN message is normal behaviour.

              If you get no such message about the DC you've configured, it means that DC has been contacted, so all should be ok.

              But I take it from your post that NTLM authentication does not work for you? Do you get any other WARNings or ERRORs ?

              Cheers,
              -Daniel

              1. Feb 26, 2007

                Erich Oliphant says:

                Ah ok, understood.  Yes at the end of those exceptions I see: "Could not co...

                Ah ok, understood.  Yes at the end of those exceptions I see: "Could not connect to localhost's Windows authentication source!" 

                Are there any kind of positive messages I should be seeing, indicating that it was able to contact the domain ?  I added the log4j mods per the instructions.

                Also, on another note.  We have an outlook plugin that talks to JIRA via the SOAP/RPC interface.  Was wondering if you had any idea about what it would take to write a new login() method for the RPC that used NTLM. 

  10. Feb 07, 2007

    Daniel Pavel says:

    Ok, so the 0.6.2-rc1 version was a fluke, don't use it. I've uploaded 0.5.2, wh...

    Ok, so the 0.6.2-rc1 version was a fluke, don't use it.

    I've uploaded 0.5.2, which is 0.5.1 with bug fixes. This version should fare better.

    Cheers,
    -Daniel

    1. Feb 09, 2007

      Wojciech Seliga says:

      Daniel, Yesterday I installed 0.5.2 in production environment. Till now (about ...

      Daniel,

      Yesterday I installed 0.5.2 in production environment. Till now (about 20 hours) I haven't had any problems with that: people from different AD domains can login, I have no exceptions, auto creation of the users works fine, problems reported by Jeff Kwan (http://confluence.atlassian.com/display/JIRAEXT/NTLM+Authentication?focusedCommentId=8585582#comment-8585582) are solved .

      Thanks,

      Wojtek

  11. Feb 08, 2007

    Matthew Janulewicz says:

    Does anyone know the proper syntax to use when attempting a login via RPC using ...

    Does anyone know the proper syntax to use when attempting a login via RPC using NTLM? I want to check out some of the other plugins/apps here (Jira tray, namely) that uses RPC to log in, but it seems to reject me. The log is giving various '500' and '401' errors. I've tried:

    DOMAIN\user

    DOMAIN
    user

    user

    All with and without a password. Is there some other syntax I should use, or is this just a known limitation of a RPC/NTLM combo? Thanks!

    -mattyj 

    1. Feb 09, 2007

      Wojciech Seliga says:

      Matthew, I could login via RPC only if NTLM filter was omitted for RPC calls. S...

      Matthew,

      I could login via RPC only if NTLM filter was omitted for RPC calls. Some time ago Jeff Turner corrected installation notes (see INSTALL file)

      In web.xml you have to set the following filter configuration to effectively disable NTLM for RPC calls:

      <filter-mapping>
      <filter-name>login_jira</filter-name>
      <url-pattern>/rpc/*</url-pattern>
      </filter-mapping>
      <filter-mapping>
      <filter-name>login_ntlm</filter-name>
      <url-pattern>/*</url-pattern>
      </filter-mapping>

      It works for me.

      Regards,
      Wojtek

  12. Feb 16, 2007

    Josh LeBow says:

    Hello,   My organization is testing this plugin for possible inclusion with our ...

    Hello,  
    My organization is testing this plugin for possible inclusion with our JIRA 3.7.3 rollout and I've noticed one odd behavior.  If a user is logged into a Windows domain account with no corresponding JIRA account (and with autoCreate set to no) that user cannot log in to JIRA even with a local JIRA account.  This error is logged: 
    ERROR [softwin.elearning.jiratools.NTLMLoginFilter] username: NTLM went ok but could log in.  Disabling NTLM for this session. 
    Is this the intended behavior or did we make an error in configuring the plugin?  Thanks!

    1. Feb 16, 2007

      Daniel Pavel says:

      Hello, Yes, this is the intended behaviour – or at least, this is the way...

      Hello,

      Yes, this is the intended behaviour – or at least, this is the way I thought it should work.

      You can go straight to the standard JIRA login page at <jira-server-url>/login.jsp (and bypass NTLM authentication completely). This works for all JIRA users, with or without a Windows domain acoount.

      In the case you've described, however, I guess a more graceful solution would be to redirect to the login.jsp page directly.

      Cheers,
      -Daniel

      1. Feb 16, 2007

        Josh LeBow says:

        Hi Daniel,  Thanks for replying so quickly.  Even if the user goes straight...

        Hi Daniel, 
        Thanks for replying so quickly.  Even if the user goes straight to the login.jsp page and uses a local JIRA account they still cannot log in provided they don't have a pre-existing account in JIRA that matches their Windows account (or if autoCreate is set to no).  For each session the error I listed above is logged.  Once an account is created inside of JIRA it works properly.  Thank you again for your assistance!

  13. Mar 07, 2007

    Erich Oliphant says:

    The filter is not working for me.  I'm running on a windows laptop that's n...

    The filter is not working for me.  I'm running on a windows laptop that's not on the DOMAIN so I specifiy the domain controller.  Then hit JIRA from another box that is on the domain.  The init seems to be fine:

    2007-03-07 10:20:10,159 main INFO [softwin.elearning.jiratools.LDAPConfig] Loading configuration from ntlm_ldap.properties
    2007-03-07 10:20:10,209 JiraQuartzScheduler_Worker-2 WARN [service.services.export.ExportService] No directory specified for export - not exporting
    2007-03-07 10:20:10,330 main DEBUG [softwin.elearning.jiratools.SMBHelper] Probing /192.168.10.1:139 for a SMB connection...
    2007-03-07 10:20:13,504 main INFO [softwin.elearning.jiratools.SMBHelper] Localhost Controller available: LMVAD11035713/192.168.10.1:139
    2007-03-07 10:20:13,504 main DEBUG [softwin.elearning.jiratools.SMBHelper] Probing 0.0.0.0<00>/192.168.3.21:139 for a SMB connection...
    2007-03-07 10:20:18,381 main INFO [softwin.elearning.jiratools.SMBHelper] Using Domain Controller IDC-SERVER-2<00>/192.168.3.21:139
    2007-03-07 10:20:18,381 main INFO [softwin.elearning.jiratools.LDAPConfig] domain IDC-S2 using ldap://192.168.3.21 : dc=IDC-S2,dc=local

    But every request seems to fail the "already filtered" test.  Is the NTLM filter supposed to be 'in front' of the standard JIRA login filter.

    2007-03-07 10:23:41,904 http-8080-Processor25 DEBUG [softwin.elearning.jiratools.NTLMLoginFilter] [null] GET http://192.168.3.148:8080/eonjira/ -1 bytes (Ref:null) (UA:Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.2; .NET CLR 1.1.4322))
    2007-03-07 10:23:41,904 http-8080-Processor25 DEBUG [softwin.elearning.jiratools.NTLMLoginFilter] needsNTLM: is IE renegociating?
    2007-03-07 10:23:41,904 http-8080-Processor25 DEBUG [softwin.elearning.jiratools.NTLMLoginFilter] needsNTLM: do we have an user already?
    2007-03-07 10:23:41,904 http-8080-Processor25 DEBUG [softwin.elearning.jiratools.NTLMLoginFilter] needsNTLM: wants form login?
    2007-03-07 10:23:41,904 http-8080-Processor25 DEBUG [softwin.elearning.jiratools.NTLMLoginFilter] needsNTLM: is authentication actually required?
    2007-03-07 10:23:41,914 http-8080-Processor25 DEBUG [softwin.elearning.jiratools.NTLMLoginFilter] needsNTLM: verdict = yes
    2007-03-07 10:23:41,914 http-8080-Processor25 DEBUG [softwin.elearning.jiratools.NTLMLoginFilter] allowsNTLM: did the NTLM previously fail?
    2007-03-07 10:23:41,914 http-8080-Processor25 DEBUG [softwin.elearning.jiratools.NTLMLoginFilter] allowsNTLM: already filtered?
    2007-03-07 10:23:41,914 http-8080-Processor25 DEBUG [softwin.elearning.jiratools.NTLMLoginFilter] request already filtered (/eonjira/)
    2007-03-07 10:23:41,914 http-8080-Processor25 DEBUG [softwin.elearning.jiratools.NTLMLoginFilter] NTLM not allowed for http://192.168.3.148:8080/eonjira/
    2007-03-07 10:23:42,144 http-8080-Processor25 DEBUG [softwin.elearning.jiratools.NTLMLoginFilter] [null] GET http://192.168.3.148:8080/eonjira/secure/Dashboard.jspa -1 bytes (Ref:null) (UA:Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.2; .NET CLR 1.1.4322))
    2007-03-07 10:23:42,144 http-8080-Processor25 DEBUG [softwin.elearning.jiratools.NTLMLoginFilter] needsNTLM: is IE renegociating?
    2007-03-07 10:23:42,144 http-8080-Processor25 DEBUG [softwin.elearning.jiratools.NTLMLoginFilter] needsNTLM: do we have an user already?
    2007-03-07 10:23:42,174 http-8080-Processor25 DEBUG [softwin.elearning.jiratools.NTLMLoginFilter] needsNTLM: wants form login?
    2007-03-07 10:23:42,174 http-8080-Processor25 DEBUG [softwin.elearning.jiratools.NTLMLoginFilter] needsNTLM: is authentication actually required?
    2007-03-07 10:23:42,174 http-8080-Processor25 DEBUG [softwin.elearning.jiratools.NTLMLoginFilter] needsNTLM: verdict = yes
    2007-03-07 10:23:42,174 http-8080-Processor25 DEBUG [softwin.elearning.jiratools.NTLMLoginFilter] allowsNTLM: did the NTLM previously fail?
    2007-03-07 10:23:42,174 http-8080-Processor25 DEBUG [softwin.elearning.jiratools.NTLMLoginFilter] allowsNTLM: already filtered?
    2007-03-07 10:23:42,174 http-8080-Processor25 DEBUG [softwin.elearning.jiratools.NTLMLoginFilter] request already filtered (/eonjira/secure/Dashboard.jspa)

    1. Mar 07, 2007

      Daniel Pavel says:

      Hello, No, the NTLM filter is supposed to be instead of the standard JIRA login...

      Hello,

      No, the NTLM filter is supposed to be instead of the standard JIRA login filter – replace it altogether.

      You should edit WEB-INF/web.xml as follows:

      • find the filter "login" (search for "<filter-name>login</filter-name>")
      • replace this section:

      <filter>
      <filter-name>login</filter-name>
      <filter-class>com.atlassian.seraph.filter.LoginFilter</filter-class>
      </filter>

      • with this:

      <filter>
      <filter-name>login_jira</filter-name>
      <filter-class>com.atlassian.seraph.filter.LoginFilter</filter-class>
      </filter>
      <filter>
      <filter-name>login_ntlm</filter-name>
      <filter-class>ro.softwin.elearning.jiratools.NTLMLoginFilter</filter-class>
      <init-param>
      <param-name>configuration</param-name>
      <param-value>ntlm_ldap.properties</param-value>
      </init-param>
      </filter>

      • now scroll down in the file, and replace this section:

      <filter-mapping>
      <filter-name>login</filter-name>
      <url-pattern>/*</url-pattern>
      </filter-mapping>

      • with this:

      <filter-mapping>
      <filter-name>login_jira</filter-name>
      <url-pattern>/rpc/*</url-pattern>
      </filter-mapping>
      <filter-mapping>
      <filter-name>login_ntlm</filter-name>
      <url-pattern>/*</url-pattern>
      </filter-mapping>

      Cheers,
      -Daniel

  14. Mar 07, 2007

    Erich Oliphant says:

    Um, ok Duh   Thanks  But on that note actually.  I am interest...

    Um, ok Duh   Thanks

     But on that note actually.  I am interested in creating a new login() method for the RPC stuff that would use the NTLM credentials, to grab a token based on the SSO stuff.  Since I guess the default JIRA filter just ignores the /rpc/* urls, do you think a specialized filter there might help with this  ?

    1. Mar 07, 2007

      Erich Oliphant says:

      I am still having problems.  Getting a login/basic auth dialog from IE, but...

      I am still having problems.  Getting a login/basic auth dialog from IE, but then takes me to the login.jsp with a invalid username password.  Do I need to update the seraph-config to use the BypassDefaultAuthenticator ?

      1. Mar 07, 2007

        Erich Oliphant says:

        got it working thanks for the help

        got it working thanks for the help