Confluence SharePoint Connector 1.3 : Access Confluence using Integrated Windows Authentication via IIS with SP 2010
This page last changed on May 26, 2010 by smaddox.
This page is part of the installation guide for the Confluence SharePoint Connector. It tells you how to configure access to Confluence using Integrated Windows Authentication via IIS with SharePoint 2010. On this page:
OverviewIn this configuration, both SharePoint and client browsers are authenticated against Confluence using Windows authentication provided by a Microsoft Internet Information Services (IIS) server. IIS proxies the pre-authenticated requests through to Confluence and then returns the content to the requester. Confluence and IIS communicate using Apache JServ Protocol (AJP). Use this Configuration when...
If you have not already seen our guide to planning your environment, you can refer to it for information that will help you select the best configuration for your environment. CaveatsSupported PlatformsDue to the complex nature of this configuration, Atlassian is only able to provide support if your configuration satisfies these additional conditions:
Additional DependenciesUsing this configuration adds a number of additional dependencies to Confluence, which you should review. Custom Seraph AuthenticatorThis configuration requires the use of a specialised Seraph authenticator for Confluence. If you are already using a different custom Seraph authenticator, you may not be able to use this configuration. In this situation, you must either choose a different configuration for the SharePoint Connector or consider developing a new custom Seraph authenticator that aggregates the functionality of both.
Custom ISAPI FilterThis configuration requires the use of a custom ISAPI filter for IIS that can communicate using AJP. Atlassian will only support the use of the open source Tomcat Connector provided by the Apache Tomcat project.
Anonymous Access DisabledDue to limitations with the custom Seraph authenticator that Confluence requires for this configuration, it is not possible to set up anonymous access for Confluence when using this configuration. Atlassian is currently reviewing the suitability of using the third-party NTLM Authenticator for Confluence instead. Known issuesThese are some reported problems with this configuration:
Installation InstructionsStep 1. Configure Confluence for LDAP User Management
Set up your Confluence server to synchronise its user repository with your Windows Active Directory domain. See the Confluence documentation on LDAP user management. Step 2. Configure IISThis and following steps guide you through the configuration required to use IIS as an NTLM authenticator for Confluence. NTLM is an authentication format developed by Microsoft. While some third-party implementations are available, IIS provides the most robust and full-featured NTLM authentication support. Summary of this configuration:
Please follow the guide below that matches the version of your Windows Server:
Step 3. Configure Confluence for Integrated Windows AuthenticationThis section of the guide describes the steps necessary to configure Confluence to co-operate with the IIS Web Server. Throughout this section, '%confluence_install%' refers to your Confluence installation directory . Step 3.1: Set Confluence Path
Step 3.2: Add AJP ConnectorNow you will change Tomcat's configuration, replacing the standard Coyote HTTP connector (which allows Tomcat to send and receive HTTP traffic) with a custom AJP connector (which allows Tomcat to communicate using Apache JServ Protocol).
Step 3.3: Add Custom AuthenticatorBy default, Confluence will not understand the pre-authenticated requests that come through via the IIS Web Site. In order to allow this authentication information to pass through, you must modify the authenticator module used by Confluence.
Step 3.4: Modify Base URLThe final step in configuring Confluence is to modify the Server Base URL to point to the IIS web site, rather than directly to Confluence. This ensures that any hyperlinks generated within Confluence pages will direct users through the IIS website. For example, if your Tomcat server runs Confluence on http://intranet.company.com:8080/confluence and the IIS web site runs on http://intranet.company.com, then the Confluence Base URL needs to be changed to http://intranet.company.com/confluence. See the Confluence documentation for instructions on modifying the Base URL. Step 4. Set Client Browser OptionsIn order for users to be automatically logged in to Confluence without being prompted for their username and password, the browser must be correctly configured for pass-through authentication. Please instruct all users to ensure that the recommended browser settings are applied. Next StepTo continue with the installation of the SharePoint Connector, please install and configure the SharePoint feature. |
![]() |
Document generated by Confluence on Feb 20, 2011 21:50 |