Search the SharePoint Connector 1.0 documentation:
Index
[Downloads (PDF, HTML & XML formats)]
[Other versions]
Configuring Authentication for Confluence and SharePoint is the most complex aspect of this integration. There are a wide variety of authentication technologies out there. We've attempted to offer instructions for some of the common configurations, using the out-of-the-box technologies that come with Confluence and SharePoint.
Review the recommendations below and also consider the Authentication Configuration Questionnaire.
Recommendations
- Configure Confluence to Use a Custom Authenticator and Tomcat + IIS is recommended if you plan to use Active Directory as a Confluence user repository and IIS is your standard host for web applications.
- Configure Confluence to Use a Custom Authenticator and JCIFS is recommended if you plan to use Active Directory as a Confluence user repository and IIS is not your standard host OR you do not have IIS in your environment.
- Microsoft Single Sign-On Service is recommended if you have MOSS and you do not plan to use Active Directory and NTLM as a Confluence user repository, but still would like to configure a Single Sign On experience for SharePoint users accessing Confluence. This service serves as a secure credentials storage and forwarding service. It stores credentials and logs users in to Confluence behind the scenes. It will prompt the user for their Confluence credentials the first time they try to access Confluence content on Sharepoint and then securely store that information until it can not log them in successfully (i.e. password changed, expired) where it will then prompt them again.
- Configure SharePoint to Authenticate with NTLM is recommended. Basic authentication and Forms Based Authentication within SharePoint can work, but there may be limitations.
NTLM and Anonymous Access
If you want to enable NTLM with Confluence as well as allow for anonymous access with Confluence, please review NTLM and Anonymous Access.
Broken Image Links
One reason to use a NTLM or Microsoft SSO is to prevent broken image links. Review Broken Images in the Confluence Page Web Part to understand how the different authentication options play a role in preventing this.
Using Confluence and Sharepoint with Active Directory and NTLM
If you can ensure that all of your clients will be using Windows-based authentication (NTLM), then you can configure authentication without depending on additional products/services. This is typically the case if all clients are on the Windows platform and using Internet Explorer. With the proper browser settings (see Recommended Browser Settings) the client browser will automatically authenticate to both Confluence and SharePoint without prompting the user for credentials.
- SharePoint should already be using an Active Directory domain for its users.
- Please refer to the following Atlassian links to configure Active Directory (LDAP) with Confluence.
- Please review the following two options for configuring Conflence to use Windows-based authentication (NTLM)
1. Configure Confluence to Use a Custom Authenticator and Tomcat + IIS
2. Configure Confluence to Use a Custom Authenticator and JCIFS
Please review the Recommended Browser Settings page to enable a fluid user experience.
Please review Supported NTLM Authentication with the SharePoint Connector for more details about what is and what is not supported regarding NTLM Authentication.
Using Confluence and Sharepoint with Active Directory (no NTLM)
This option will ensure that both Confluence and SharePoint has the same list of users and groups.
- SharePoint should already be using an Active Directory domain for its users.
- Please refer to the following Atlassian links to configure Active Directory (LDAP) with Confluence.
- If you are using Microsoft Office SharePoint Server (MOSS), please follow the instructions for configuring the Microsoft Single Sign-On Service.
Using the internal Confluence user store
You can set up Confluence and SharePoint to use their own, separate user databases. This option may be appropriate if you already have Confluence and SharePoint running with different sets of users.
MOSS has a Single Sign-on service which will save the credentials for a given user on another system. For example, if I log into Sharepoint as jonathan@atlassian.com, I can tell SharePoint to log me in to Confluence as jnolen. The SSO service will remember those credentials and re-sign me in each time.
The instructions for this configuration can be found here: Configuring the Microsoft Single Sign-On Service.
Forms Based Authentication for SharePoint
It is recommended that you use NTLM for authentication to SharePoint (Basic authentication can be used as well). With v1.0.2 of the SharePoint installation you can use Forms Based Authentication (FBA) to connect to SharePoint, but there are limitations as discussed below.
The SharePoint web parts that display Confluence content (the Confluence Page and Confluence Pages Tree View web parts) work fine as does using SharePoint to search Confluence. Note that the service account defined when you Install and Configure the SharePoint Plugin must still use NTLM or Basic authentication.
To allow for both NTLM/Basic and FBA, you extend your web application within SharePoint to have two URLs/ports; one for NTLM/Basic and one for FBA. The service account would access SharePoint through the URL/port for NTLM/Basic.
Overview
Content Tools
Apps
Except where otherwise noted, content in this space is licensed under a Creative Commons Attribution 2.5 Australia License.