Recently we have installed Jira, Confluence (both server) and Bitbucket Data Center (5.2.2) at a client.
Zooming in on Bitbucket, we are using a PostgreSQL server which is shared between the other applications. The same goes for the file server. Our install directories are on the server disk and our home directory is mounted on the file server. Furthermore we are using the SSO plugin from resolution. So users via the GUI will be redirected to the IDP and rest api calls are not. (see picture below for an overview)
Ssh traffic (git operations) is also immediately forwarded to Bitbucket. We do not allow https cloning. Preferable we don't want to allow Basic Authentication at all. The new version of Bitbucket sounded like a good solution (with personal tokens) but I talked to Ada Chen (Atlassian) and she told us that we cannot disable basic authentication. And I also heard that personal tokens are not coming to Jira and Confluence (which. From a security perspective it would be great to be able to disable basic authentication and use personal tokens instead (for REST API calls) for all Atlassian applications.
Rudy Holtkamp (TMC)
This ticket has been created after request of Tiago Vitorino (email@example.com)