Authorized Reseller

AppFusions resells the products we work with. We are vendor approved in many Fortune 100 corporations.

Managed Hosting

Need secure managed hosting with flexibility and skilled expertise?

SSO Authenticator for AD/ADFS/LDAP and Atlassian Servers (via Kerberos)

Single sign-on authenticator for Active Directory/Active Directory Federation Service/LDAP, including full support for Confluence, JIRA, Bitbucket Server (formerly Stash), Crowd, Bamboo, FishEye, Crucible, SVN

NTLM v1 or v2 or Kerberos

Problem

Atlassian applications (Confluence, JIRA, Crowd, Fisheye, etc..) have no out-of-the-box support for single sign-on in an Active Directory environment.

 

What is NTLM and Kerberos in the first place?

The table below describes these Microsoft technologies in quick terms. We'll resort to Wikipedia for the official definitions to get you up to speed quickly (or to confuse more. Hmm.)

In short, SSO authentication protocols that work within MS Active Directory/Windows environments:

 

Options

Flavor

Baseline

Pros

Cons

NTLMv1

Meant for Win9X, NT 3.51

Libraries available in deprecated version of open source JCIFS

IE and Windows only, very crackable, susceptible to man-in-the-middle attacks, chatty on network

NTLMv2

Meant for NT 4.0 SP4

More secure than NTLMv1.

  • IE and Windows only, not a part of Java 6's implementation of SPNEGO
  • Requires 3rd party libraries (e.g., jespa or VSJ)
  • Chatty on network

Kerberos

Default authentication for Active Directory

  • Included in Java 6 implementation of SPNEGO
  • More secure than NTLMv2
  • Open standard
  • Cross platform (Windows, Linux, Unix)
  • Cross browser (IE, Firefox)
  • Less chatty than NTLM

Client machine must be joined to domain

Our Recommended Solution

AppFusions currently supports deployments to with:

  • JIRA
  • Confluence
  • Bamboo
  • FishEye/Crucible (per repository permissions not supported)
  • Crowd (SSO for the admin accts to Crowd - not distributed amongst connected applications)
  • SVN (not an Atlassian product, but still)

Caveat

Client applications that call Atlassian web services protected by custom Integrated Windows Authentication plugin need to authenticate with IWA, as well as use the token obtained by passing in username and password to login method.

Deploy it?

Please email us and lets get you going!