If your organization is running a Windows domain, you can configure JIRA so that the users are automatically logged in when they log in to the domain with their workstations.
For this recipe, we will need the Kerberos SSO Authenticator for JIRA. You can get it at http://www.appfusions.com/display/KBRSCJ/Home.
You will also need to have the following set up:
- A service account in Active Directory for JIRA to use
- A Service Principle Name (SPN) for JIRA
Setting up the Windows domain SSO is not a simple task, as it involves many aspects of your network configuration. It is highly recommended that you engage the product vendor to ensure a smooth implementation.
Proceed with the following steps to set up the Windows domain SSO:
- Shut down JIRA if it is running.
- Copy
login.conf,krb5.confandspnego-exclusion.propertiesto theJIRA_INSTALL/atlassian-jira/WEB-INF/classesdirectory. - Copy appfusions-jira-seraph-4.0.0.jar and appfusions-spnego-r7_3.jar to the
JIRA_INSTALL/atlassian-jira/WEB-INF/libdirectory. - Open the
web.xmlfile located in theJIRA_INSTALL/atlassian-jira/WEB-INFdirectory in a text editor. - Add the following XML snippet before the
THIS MUST BE THE LAST FILTER IN THE DEFINED CHAINentry. Make sure you update the values for the following parameters:- For
spnego.krb5.conf, use the full path to thespnego.krb5.conffile - For
spnego.login.conf, use the full path to thespnego.login.conffile - For
spnego.preauth.username, use the username of the service account - For
spnego.preauth.password, use the password of the service account<filter> <filter-name>SpnegoHttpFilter</filter-name> <filter-class>net.sourceforge.spnego .SpnegoHttpFilter</filter-class> <init-param> <param-name>spnego.allow.basic</param-name> <param-value>true</param-value> </init-param> <init-param> <param-name>spnego.allow.localhost </param-name> <param-value>true</param-value> </init-param> <init-param> <param-name>spnego.allow.unsecure.basic </param-name> <param-value>true</param-value> </init-param> <init-param> <param-name>spnego.login.client.module </param-name> <param-value>spnego-client</param-value> </init-param> <init-param> <param-name>spnego.krb5.conf</param-name> <param-value>FULL_PATH/krb5.conf </param-value> </init-param> <init-param> <param-name>spnego.login.conf</param-name> <param-value>FULL_PATH/login.conf </param-value> </init-param> <init-param> <param-name>spnego.preauth.username </param-name> <param-value>SPN_USERNAME</param-value> </init-param> <init-param> <param-name>spnego.preauth.password </param-name> <param-value>SPN_PASSWORD</param-value> </init-param> <init-param> <param-name>spnego.login.server.module </param-name> <param-value>spnego-server</param-value> </init-param> <init-param> <param-name>spnego.prompt.ntlm</param-name> <param-value>true</param-value> </init-param> <init-param> <param-name>spnego.logger.level</param-name> <param-value>1</param-value> </init-param> <init-param> <param-name>spnego.skip.client.internet </param-name> <param-value>false</param-value> </init-param> </filter>
- For
- Add the following XML snippet before the login entry:
<filter-mapping> <filter-name>SpnegoHttpFilter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> - Open the
seraph-config.xmlfile located in theJIRA_INSTALL/atlassian-jira/WEB-INF/classesdirectory in a text editor. - Locate the line that contains the following:
com.atlassian.jira.security.login.JiraSeraphAuthenticator. Comment it out so it looks like the following:<!-- <authenticator class= "com.atlassian.jira.security .login.JiraSeraphAuthenticator"/> --> - Add the following XML snippet below the line that's been commented out:
<authenticator class="com.appfusions.jira.SeraphAuthenticator" /> - Restart JIRA.
- Add your JIRA's URL to the Local Intranet Zone in your browser.
..................Content has been hidden....................
You can't read the all page of ebook, please click here login for view all page.