This documentation relates to an earlier version of the SharePoint Connector.
View

Unknown macro: {spacejump}

or visit the current documentation home.

This page is part of the installation guide for the Confluence SharePoint Connector. It tells you how to configure access to Confluence using Integrated Windows Authentication via IIS.

This section of the guide describes the steps necessary to set up an IIS 6.0 website that will perform authentication using NTLM or Kerberos, and then forward the authenticated requests to the Confluence instance. This is achieved by installing a custom ISAPI filter in IIS that understands how to use the AJP protocol to communicate with Confluence.

On this page:

Installation

Step 1. Install and Configure AJP Connector

Connector is currently attached to this page

Currently, the Tomcat AJP Connector for IIS is attached to this page as a zip file. We are working on moving the connector to a central, managed location.

  1. Download the tomcat_iis_connector.zip file attached to this page and extract it somewhere convenient on the server. The default location is C:\tomcat_iis_connector.
  2. If you extracted the AJP Connector to a directory other than the default (C:\tomcat_iis_connector), then edit the isapi_redirect.properties file and ensure that the log_file, worker_file, worker_mount_file and rewrite_rule_file properties point to the correct locations.
  3. If your Confluence server is not running on the same server as IIS (for example, if Confluence is running on non-Windows server) then edit the workers.properties.minimal file in the conf directory so that the worker.worker1.host property points to the IP Address or hostname of your Confluence server.
  4. The default port used in this guide for Confluence's AJP Connector is 8009. If you wish to use a different port, then edit the workers.properties.minimal file in the conf directory so that the worker.worker1.port property specifies the desired port number.

Step 2. Add ISAPI Filter

  1. Open the Internet Information Services (IIS) Manager.
  2. Right-click on the website that will be used to proxy Confluence requests and click 'Properties'.
  3. Select the 'ISAPI Filters' tab and click 'Add'.
  4. Enter a 'Filter name' of 'tomcat' and then set the 'Executable' to the isapi_redirect.dll that you extracted from the tomcat_iis_connector.zip file downloaded in Step 1.
  5. Click 'OK'.
  6. The filter should now be listed in the ISAPI Filters list for the website:
  7. Click 'OK'.

Step 3. Add Virtual Directory

Now you will add a virtual directory in the IIS website to host the ISAPI Filter.

  1. Right-click on the website that will be used to proxy Confluence requests and select 'New', 'Virtual Directory'.
  2. Click 'Next'.
  3. Enter an 'Alias' of 'jakarta' for the virtual directory.
  4. Click 'Next'.
  5. Set the 'Path' to be the directory where you extracted the iis_tomcat_connector.zip file in Step 1 (such as, C:\tomcat_iis_connector).
  6. Click 'Next'.
  7. Allow the following permissions: Read, Execute (such as ISAPI applications or CGI).
  8. Click 'Next'.
  9. Click 'Finish'.
  10. Verify that a 'jakarta' application directory is now present under the selected website:

Step 4. Enable Integrated Windows Authentication

This step involves modifying the directory security of the website to use NTLM or Kerberos authentication.

  1. Right-click the website that will be used to proxy Confluence requests and select 'Properties'.
  2. Select the 'Directory Security' tab.
  3. In the 'Authentication and access control' section, select 'Edit'.
  4. Ensure that the only authentication method selected is 'Integrated Windows Authentication'.
  5. Click 'OK'.
  6. Click 'OK'.

Step 5. Add Web Service Extension

The final step in configuring IIS is to register the custom ISAPI filter as a Web Service Extension.

  1. In the Internet Information Services (IIS) Manager, right-click the 'Web Service Extensions' folder and select 'Add a new Web service extension'.
  2. Set the 'Extension name' to 'tomcat'.
  3. Click 'Add'.
  4. Set the 'Path to file' to the to the location of the isapi_redirect.dll extracted from the tomcat_iis_connector.zip file downloaded in Step 1.
  5. Click 'OK'.
  6. Select the 'Set extension status to Allowed' option:
  7. Click 'OK'.
  8. Verify that the 'tomcat' web service extension was created and has a status of 'Allowed'.

Troubleshooting

Could not load all ISAPI filters for site/service

If the Tomcat filter is listed in the 'ISAPI Filters' tab for your website with a bright red arrow after attempting to test the filter, this means that the filter has been disabled because IIS was unable to load it.

You should ensure that the identity of the application pool running the Web Service Extension has read permissions to the folder where you installed the connector and write permissions to the log file location specified in the worker.properties.minimal file.

RELATED TOPICS
  • No labels