This documentation relates to an earlier version of the SharePoint Connector.
View

Unknown macro: {spacejump}

or visit the current documentation home.

This content refers to several wiki pages managed by others. The steps listed below attempts to streamline the process required to configure Confluence with JCIFS.

Unsupported

In general, if NTLM is required for the Sharepoint Connector we advise using IIS for the authentication. JCIFS is not supported, nor does it support the later version of NTLM (NTLMv2) - which is now the default for new Windows installations. See JCIFS Frequently Asked Questions for more information.

NTLM and Anonymous Access

If you want to enable NTLM with Confluence as well as allow for anonymous access with Confluence, please review NTLM and Anonymous Access.

1. Download latest jar from http://jcifs.samba.org/src/ and place in Confluence (\confluence\WEB-INF\lib) 
2. Add the attached file named "customauth-0.4.jar" to Confluence (\confluence\WEB-INF\lib)

The customauth-0.4.jar is heavily based on the code for the "Apache custom Seraph authenticator for Confluence"

The configuration for the customauth-0.4.jar is also based on the information related to the "NTLM Authenticator for Confluence" (particularly the reference to LDAP User Management).

3. Configure Confluence with LDAP User Management

See the attached "atlassian-user.xml" for an example integration with Active Directory.

Customising atlassian-user.xml  also contains excellent information to help understand how to edit this file.

4. Test access to Confluence using current "Login" page with both Active Directory accounts and non-Active Directory accounts

You will need to configure the Active Directory accounts to have appropriate permissions in Confluence (i.e.: adding to the confluence-users group)

5. Update \confluence\web-inf\web.xml to contain additional filter settings to support JCIFS

See JCIFS NTLM HTTP Authentication for more filter examples.

5a. Add the following filter as the last filter before <filter-mapping>

You will need to change the values to match your specific environment.

Filter
<filter>
     <filter-name>NtlmHttpFilter</filter-name>
     <filter-class>jcifs.http.NtlmHttpFilter</filter-class>

     <init-param>
	<param-name>jcifs.http.domainController</param-name>
	<param-value>PLACE DOMAIN CONTROLLER IP ADDRESS HERE</param-value>
     </init-param>

     <!--
	always needed for preauthentication / SMB signatures
     -->
     <init-param>
	<param-name>jcifs.smb.client.domain</param-name>
	<param-value>PLACE DOMAIN NAME HERE (e.g., mydomain.local)</param-value>
     </init-param>
     <init-param>
	<param-name>jcifs.smb.client.username</param-name>
	<param-value>PLACE DOMAIN ACCOUNT HERE (do not prefix with "<domain>\")</param-value>
     </init-param>
     <init-param>
	<param-name>jcifs.smb.client.password</param-name>
	<param-value>PLACE DOMAIN PASSWORD HERE</param-value>
     </init-param>
</filter>
5b. Add the following filter-mapping just before the "login" filter-mapping
Filter-Mapping
<filter-mapping>
     <filter-name>NtlmHttpFilter</filter-name>
     <url-pattern>/*</url-pattern>
</filter-mapping>
6. Set the <authenticator> in the "\confluence\WEB-INF\classes\seraph-config.xml" file to the following
    <authenticator class="com.pixelpark.seraph.SSOAuthenticator"/>
  • No labels





Except where otherwise noted, content in this space is licensed under a Creative Commons Attribution 2.5 Australia License.