Access Confluence using Standard Authentication with Microsoft SSO on SP 2007

This page is part of the installation guide for the Confluence SharePoint Connector. It tells you how to configure access to Confluence using the standard Confluence authentication with Microsoft SSOSrv (Microsoft Single Sign-On Service). These instructions apply to the connector for SharePoint 2007.

On this page:

Overview

In this configuration, both SharePoint and all client browsers are authenticated using Confluence's built in authentication module, which is a style of Forms-based Authentication.  The Microsoft SSO service acts as a "man-in-the-middle", performing mappings between Confluence and SharePoint user accounts.

Use this Configuration when...
  • You have no specific authentication requirements for your environment. You do not need your users to have pass-through authentication to Confluence via their desktop logins.
  • The usernames and passwords in your Confluence user repository do not exactly match the usernames and passwords in your SharePoint user repository (such as Active Directory)
  • You are not able to configure Confluence to synchronize its user repository with Active Directory (see Confluence LDAP User Management).

If you have not already seen our guide to planning your environment, you can refer to it for information that will help you select the best configuration for your environment.

Caveats

Caching of Username and Password

The Microsoft SSO Service caches users' credentials for external applications such as Confluence. The first time a user accesses Confluence, they will be prompted to enter their username and password. Subsequent logins to Confluence will use the cached credentials.

Installation Instructions

After installing the SharePoint Connector, follow the instructions below to enable Microsoft SSO.

Step 1. Start the MOSS SSO Service

If you already have the Microsoft Office SharePoint Server (MOSS) Single Sign-on (SSO) Service running in your environment, you may skip this step and move on to step 3, configuring an SSO Application for Confluence, below. However, you may want to review the steps to ensure your existing configuration will be compatible regarding domain accounts, general access and permissions.

(info) These instructions are derived from the Microsoft TechNet documentation.

To start the SSO service:

  1. Open your Windows 'Administrative Tools' and click 'Services'.
  2. Double-click 'Microsoft Single Sign-On Service'.
  3. On the 'Log On' tab of the Single Sign-On Service Properties page, click 'This account' and then type the domain, user name, and password that you have used to install and manage your server.

    This account should be the same account as used for the SharePoint application pool associated with the SharePoint site that will be using the Single Sign-on Service. The account must be associated with the dbcreator and securityadmin SQL Server roles on the SQL Server that will be used to host the SSO database. See Dave Wollerman's SharePoint Blog.

  4. Click 'Apply'.
  5. On the 'General' tab of the Single Sign-On Service Properties page, change the startup type to 'Automatic', click 'Start', and then click 'OK'.

Step 2. Configure the MOSS SSO Service Settings

(info) These instructions are derived from the Microsoft TechNet documentation.

To configure the SSO settings:

  1. Log in as the account used in step 1.3 above. This account will be used to create the SSO database.
    Note: This user will require SQL Server role assignments for dbcreator and securityadmin to be able to create the SSO database.
  2. Open your Windows 'Administrative Tools' and open the SharePoint Central Administration Web application.
  3. On the Central Administration home page, click 'Operations'.
  4. In the 'Security Configuration' section, click 'Manage settings for single sign-on'.
  5. On the Manage Settings for Single Sign-On page, click 'Manage server settings'.
  6. In the 'Account Name' box for the SSO Administrator account, type the same domain and username that you used to configure the Single Sign-On service. If this username is a member of a Windows security group, you can type the name of the Windows security group instead of a username.
  7. In the 'Enterprise Application Definition Administrator Account' box, type the same domain and username that you used to configure the Single Sign-On service.
  8. In the 'Server name' box, type the SQL Server instance name (using the netbios\instance naming convention) to use for the Single Sign-on database.
  9. In the 'Database name' box, type the name for the Single Sign-on database (for example, 'SSO')
  10. In the 'Ticket time out' and 'Delete audit log records older than (in days)' boxes, leave the default values (recommended).
  11. Click 'OK'.

SharePoint Farm

Here are some additional considerations for configuring the SSO service in a SharePoint web farm:

  • Make sure the SSO service is running as the correct domain service account. This must be consistent across Web Front End (WFE) servers in the farm.
  • Make sure the Single Sign-On 'Service Account' (in 'Central Administration | Operations | Service Accounts') is set to the same domain account as used to actually run the SSO service.

At this point you should have a running instance of the Microsoft SharePoint Single Sign On service. This includes a new database for securely storing SSO user credentials. The next step is to configure an SSO application for Confluence.

Step 3. Configure an SSO Application for Confluence

  1. Open your Windows 'Administrative Tools' and open the SharePoint Central Administration Web application.
  2. On the Central Administration home page, click 'Operations'.
  3. In the 'Security Configuration' section, click 'Manage settings for single sign-on'.
  4. On the Manage Settings for Single Sign-On page, click 'Manage settings for enterprise application definitions'.
  5. Click 'New Item' and set the following properties*
    • Display Name: Confluence
    • Application Name: Confluence
    • Contact e-mail address: (Example: sample.administrator@csi.local)
    • Account type: Individual
    • Authentication type: (Leave 'Windows authentication' unchecked)
    • Username and Password: Leave the default 'Username' and 'Password' in place
  6. Click 'OK'.

Next Step

To continue with the installation of the SharePoint Connector, please install and configure the SharePoint feature. When configuring the SharePoint web part make sure that you select 'Microsoft Single SignOn (SSO)' as your authentication method.

Last modified on May 27, 2016

Was this helpful?

Yes
No
Provide feedback about this article
Powered by Confluence and Scroll Viewport.