How to use Windows integrated authentication for Microsoft SQL Server in Confluence 6.5 or newer

Still need help?

The Atlassian Community is here for you.

Ask the community

Platform notice: Server and Data Center only. This article only applies to Atlassian products on the Server and Data Center platforms.

Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.

*Except Fisheye and Crucible

You can use Integrated Authentication with Confluence and Microsoft SQL Server; however, Integrated Authentication is outside the scope of Atlassian Support and Atlassian can not guarantee providing any support for it.

  • If you need further help with configuring Integrated Authentication, please create a question on the Atlassian Community


Purpose

Implement Windows Integrated Authentication for database connection between Confluence and Microsoft SQL Server using Microsoft SQL Driver

Solution

Please use JDBC 9 for the steps outlined below. Using JDBC 10 for Windows integrated authentication with Confluence will not work as it will prevent Confluence from connecting to the DB. 

  1.  Download the Microsoft JDBC Driver
    1. Database JDBC Drivers
  2.  Extract the file
  3.  Select the .dll file that you will find under the /sqljdbc_X.X/enu/auth directory
    1. there will be x64 or x86 options, choose according to your operating system
  4.  Copy the .dll file into <confluence-install>/confluence/WEB-INF/lib
    1. Rename the .dll to sqljdbc_auth.dll
    2. Alternatively, if this path doesn't work, some installations work with <confluence-install>/confluence/jre/bin

      Note for Collaborative Editing users

      If you use Collaborative Editing you have to copy the .dll file to the <confluence-install>/confluence/jre/bin directory so Synchrony will work properly.

  5. Select the appropriate mssql-jdbc .jar driver file, under the /sqljdbc.X.X/enu directory
    1. Choose the corresponding .jar driver file for the Java version Confluence is using (Java 8, Java 11, etc)
    2. To find out which Java version is bundled with Confluence: Bundled Tomcat and Java Versions
  6. Move the .jar driver file, to the <confluence-install>/confluence/WEB-INF/lib directory
    1. Delete any other pre-existing mssql-jdbc .jar files on that directory, besides the driver file you moved
  7.  Edit the <confluence-home>/synchrony-args.properties file (or create it, if it doesn't exist) and insert this parameter, in order to specify the path to the .dll file, inside the folder that was extracted earlier, such as:

    java.library.path=C:\\Microsoft JDBC Driver 6.2 for SQL Server\\sqljdbc_6.2\\enu\\auth\\x64
    1. Alternatively, you can specify the path where you copied the .dll file to, which would be <confluence-install>/confluence/WEB-INF/lib

  8. If you start Confluence manually, open the setenv.bat file and insert the following parameter:

    set CATALINA_OPTS=-Djava.library.path=C:\\Same\\path\\specified\\earlier\\ %CATALINA_OPTS%
    1. You need to specify the same path under the synchrony-args.properties file
  9. If you start Confluence as a Windows service, add the following parameter under the Java Options tab of the service's properties:

    -Djava.library.path=C:\Same\path\specified\earlier\
    1. This needs to be the same path listed under the synchrony-args.properties file
    2. To open the Confluence service properties, please see: How to set system properties for Confluence running as a service on Windows
  10. If setting this up during the installation, during the database setup step, insert the parameter integratedsecurity=true to the database connection string

    1. If Confluence is already setup, add the integratedsecurity=true parameter to the database connection URL, inside the <confluence-home>/confluence.cfg.xml file instead
    2.  Leave username and password tags in confluence.cfg.xml.

Domain User

The Microsoft SQL Server driver will pick up domain credentials from the user that starts the Confluence Windows service, so it will be necessary to change the service owner to the SQL Domain User.

During Confluence startup and upgrades, if the Windows Service is configured to run using an account different from the one valid for the SQL Server, Confluence will try to access the database using that account and you may see the following error:

2020-07-29 14:22:08,001 ERROR [Catalina-utility-1] [confluence.impl.health.DefaultHealthCheckRunner] logEvent Confluence failed to establish a connection to your database.
This could be because: 
	- Your database isn't running
	- The configuration of your confluence.cfg.xml file is incorrect (user, password, or database URL etc.)
	- There is a network issue between Confluence and your database (e.g. firewall, database doesn't allow remote access etc.)

There are several other solutions you can try, review our documentation and see what works for you.

2020-07-29 14:22:08,038 WARN [Catalina-utility-1] [atlassian.confluence.setup.DefaultBootstrapManager] getDatabaseBuildNumber Unable to determine build number from database. If you are upgrading from a Confluence version prior to 2.3, this is expected: Login failed for user 'MYDOMAIN\TEST-CONFLUENCE$'. ClientConnectionId:cd2010e0-ae0b-41df-ac97-3e47c76cf2ef

You will need to change the Confluence Windows service owner to the SQL Domain User.  If the Windows service owner is changed, please ensure that the following directories can be read and written to by this user account:

Refer to Creating a Dedicated User Account on the Operating System to Run Confluence.


Last modified on Oct 2, 2023

Was this helpful?

Yes
No
Provide feedback about this article
Powered by Confluence and Scroll Viewport.