Giter Club home page Giter Club logo

confluence-remote-user-sso's Introduction

Confluence plugin for http header authentication (SSO / Kerberos)

This plugin provides authentication based on a http header (default: X_Forwarded_User). The authenticator will fall back to the default Confluence authenticator, so everything external should keep working as expected.

WARNING: This plugin is currently not actively developed or maintained. It was created for an organisation that no longer does or uses FOSS, so it was moved. Feel free to use it at your own risk, or to fork and improve it. I hope it is helpful anyway.

License

This software is distributed under the MIT License. See COPYING for details.

Install

There are a few things you need in order to install this plugin:

  • Get the Atlassian SDK as described at Atlassian
  • Build the .jar file with the atlas-package command in the root folder (containing the pom.xml)
  • Stop your Confluence instance if it is running
  • Copy the target/russo-confluence-1.0.jar file to the WEB-INF/libs folder of your Confluence installation
  • Modify the WEB-INF/classes/seraph-config.xml file by commenting out existing auth classes and adding <authenticator class="ch.fuchsnet.confluence.RussoConfluenceAuthenticator"/>
  • Restart your Confluence instance
  • If it doesn't work as expected, check your Confluence logs. If you need more verbose information, set useDebug to true and recompile and reinstall the package

Configuring your httpd

In order to get it to work, you need to configure your httpd (e.g. Apache httpd) to do the authentication and set the header. For security reasons you should make sure that user-set headers are removed, otherwise users will be able to spoof authentication and log in as a different user!

Example Apache configuration

<VirtualHost *:443>
SSLEngine on
SSLCertificateFile /etc/pki/tls/certs/mypubliccert.pem
SSLCertificateKeyFile /etc/pki/tls/private/privatekey.pem
ProxyPreserveHost On
ProxyRequests Off
ServerName wiki.mycompany.tld
ProxyPass / http://localhost:8080/
ProxyPassReverse / http://localhost:8080/
SSLProxyEngine On

    <Location />
        AuthType Kerberos
        AuthName "Confluence Kerberos Auth"
        KrbMethodNegotiate On
        KrbMethodK5Passwd On
        KrbAuthRealms MYREALM
        Krb5KeyTab /etc/httpd/httpd.keytab
        KrbLocalUserMapping On
        require valid-user
        RequestHeader set X-Forwarded-User %{REMOTE_USER}s
    </Location>
</VirtualHost>

confluence-remote-user-sso's People

Contributors

charlesrg avatar fuchs avatar

Stargazers

avatar avatar avatar avatar avatar avatar avatar avatar

Watchers

avatar avatar avatar avatar avatar

Forkers

charlesrg gebit kusig tied

confluence-remote-user-sso's Issues

No anonymous Confluence usage possible

We got the following important problem in relation to the "anonymous" usage right in Confluence. In order to reduce number of used licenses, often spaces are open for anonymous users which do only need read access.

If users are authenticated via Kerberos properly but they do not have a confluence license (they are not part of the "confluence-users" group), the access is not allowed anymore in Confluence. As all inhouse users are usually properly kerberos authenticated, we have no way anymore to use the anonymous feature. We assume that the plugin does not treat this case properly actually.

Any hint or workaround how we could resolve this would be highly appreciated.

Regards
Markus

Can't log out

Plugin works too well as I can't log out to re-login as a different user

cannot find symbol

Hello.
Trying to compile this plugin using command:

/root/confluence-5.6.6-source/maven3/apache-maven-3.0.5/bin/mvn package -gs /root/confluence-5.6.6-source/settings.xml

but I'm getting the following error:

[INFO] Scanning for projects...
[WARNING]
[WARNING] Some problems were encountered while building the effective model for ch.fuchsnet.confluence:russo-confluence:jar:1.0
[WARNING] 'build.plugins.plugin.version' for org.apache.maven.plugins:maven-compiler-plugin is missing. @ line 32, column 21
[WARNING]
[WARNING] It is highly recommended to fix these problems because they threaten the stability of your build.
[WARNING]
[WARNING] For this reason, future Maven versions might no longer support building such malformed projects.
[WARNING]
[INFO]
[INFO] ------------------------------------------------------------------------
[INFO] Building russo-confluence 1.0
[INFO] ------------------------------------------------------------------------
[WARNING] The POM for com.atlassian.filestore:dt-filestore-httpclient:jar:0.3.0 is missing, no dependency information available
[INFO]
[INFO] --- maven-resources-plugin:2.5:resources (default-resources) @ russo-confluence ---
[debug] execute contextualize
[WARNING] Using platform encoding (UTF-8 actually) to copy filtered resources, i.e. build is platform dependent!
[INFO] Copying 3 resources
[INFO]
[INFO] --- maven-compiler-plugin:2.3.2:compile (default-compile) @ russo-confluence ---
[WARNING] File encoding has not been set, using platform encoding UTF-8, i.e. build is platform dependent!
[INFO] Compiling 1 source file to /root/sso/confluence-remote-user-sso-master/target/classes
[INFO] -------------------------------------------------------------
[ERROR] COMPILATION ERROR :
[INFO] -------------------------------------------------------------
[ERROR] /root/sso/confluence-remote-user-sso-master/src/main/java/ch/fuchsnet/confluence/BielBienneConfluenceAuthenticator.java:[3,25] error: package javax.servlet.http does not exist
[ERROR] /root/sso/confluence-remote-user-sso-master/src/main/java/ch/fuchsnet/confluence/ConfluenceAuthenticator.java:[4,25] error: package javax.servlet.http does not exist
[ERROR] /root/sso/confluence-remote-user-sso-master/src/main/java/ch/fuchsnet/confluence/ConfluenceAuthenticator.java:[57,26] error: cannot find symbol
[ERROR]  class ConfluenceAuthenticator
/root/sso/confluence-remote-user-sso-master/src/main/java/ch/fuchsnet/confluence/ConfluenceAuthenticator.java:[57,54] error: cannot find symbol
[ERROR]  class ConfluenceAuthenticator
/root/sso/confluence-remote-user-sso-master/src/main/java/ch/fuchsnet/confluence/ConfluenceAuthenticator.java:[93,26] error: cannot access HttpServletRequest
[INFO] 5 errors
[INFO] -------------------------------------------------------------
[INFO] ------------------------------------------------------------------------
[INFO] BUILD FAILURE
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 3.178s
[INFO] Finished at: Tue Sep 29 03:02:03 EEST 2015
[INFO] Final Memory: 37M/323M
[INFO] ------------------------------------------------------------------------
[ERROR] Failed to execute goal org.apache.maven.plugins:maven-compiler-plugin:2.3.2:compile (default-compile) on project russo-confluence: Compilation failure: Compilation failure:
[ERROR] /root/sso/confluence-remote-user-sso-master/src/main/java/ch/fuchsnet/confluence/ConfluenceAuthenticator.java:[3,25] error: package javax.servlet.http does not exist
[ERROR] /root/sso/confluence-remote-user-sso-master/src/main/java/ch/fuchsnet/confluence/ConfluenceAuthenticator.java:[4,25] error: package javax.servlet.http does not exist
[ERROR] /root/sso/confluence-remote-user-sso-master/src/main/java/ch/fuchsnet/confluence/ConfluenceAuthenticator.java:[57,26] error: cannot find symbol
[ERROR] class ConfluenceAuthenticator
[ERROR] /root/sso/confluence-remote-user-sso-master/src/main/java/ch/fuchsnet/confluence/ConfluenceAuthenticator.java:[57,54] error: cannot find symbol
[ERROR] class ConfluenceAuthenticator
[ERROR] /root/sso/confluence-remote-user-sso-master/src/main/java/ch/fuchsnet/confluence/ConfluenceAuthenticator.java:[93,26] error: cannot access HttpServletRequest
[ERROR] -> [Help 1]
[ERROR]
[ERROR] To see the full stack trace of the errors, re-run Maven with the -e switch.
[ERROR] Re-run Maven using the -X switch to enable full debug logging.
[ERROR]
[ERROR] For more information about the errors and possible solutions, please read the following articles:
[ERROR] [Help 1] http://cwiki.apache.org/confluence/display/MAVEN/MojoFailureException

Any suggestions please?
Thank you!

Documentation

On the documentation you say:

Modify the WEB-INF/classes/seraph-config.xml file by commenting out existing auth classes and adding

I think you forgot to mention what to add.

I'm stuck here, everything else works.

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.