This documentation is for SharePoint Connector 1.9
If you are using an earlier version, please view the previous versions of the SharePoint Connector documentation and select the relevant version.

Skip to end of metadata
Go to start of metadata

NTLM and Anonymous Access Not Supported

There is currently no supported solution that allows anonymous access to Confluence while using NTLM as the authentication method for Confluence.

Unsupported Solutions Will Cause Problems

Some brave souls have suggested the following two solutions, when using Confluence with IIS. Both suggestions are unsupported and both offer problems:

  • Use two ports/URls, one for anonymous users and one for NTLM users.
  • Develop a custom redirection page within IIS.
(Not Supported) Using Two Ports and Two Base URLs

Beware! Confluence recognizes only one base URL

This approach will cause problems because Confluence cannot recognize 2 base URLs. Therefore you are risking unexpected behavior from Confluence if you allow access via 2 different ports.

With this approach, you would send all anonymous users to the Tomcat port (for example, 8080) and send all NTLM users to the IIS port. If someone uses the anonymous port and tries to access content that is not available to anonymous users, they will be presented with the Confluence login page. At that point they can enter their Active Directory credentials, and are then using Active Directory integration instead of NTLM.

(Not Supported) Developing a Custom Redirection Page

With this approach everyone uses the IIS URL, and IIS is configured to allow anonymous access. Your development team would need to create a custom solution as follows:

  • Create a custom page within IIS. It could be called login-redirect.aspx in the root of the IIS web. This page would examine the query string for the name 'os_destination' and perform a redirect to the value of that query string.
  • In IIS, configure the above page not to allow anonymous access.
  • Modify the confluence\login.vm file to redirect to to the custom page created above (login-redirect.aspx). It would pass along the 'os_destination' query string value'.

If you are interested in NTLM and anonymous access, you can track these two issues: CSI-286 and CSI-287

  • No labels

1 Comment

  1. Well, you could use the 5. NTLM Authenticator for Confluence, Comments 07-08, in v1.5.6 if your browser authenticates by NTLM, fine, if not, you drop through to the standard login form - if anonymous access is enabled, then you get anonymous access also. IIS Only? Apache is equally fine, combined with mod_proxy/mod_jk it works fine. You don't need to run Confluence on a windows box to use NTLM....