Hi,

We are proud to announce the release of our new add-on, Integrated Windows Authentication for Apps using Crowd (IWAAC) at https://marketplace.atlassian.com/plugins/com.cleito.iwaac

IWAAC uses SPNEGO/Kerberos to allow your Windows domain users to log into Jira, Confluence, or any other web app using Crowd as its user management system without entering a password.

Please check out https://www.cleito.com/products/iwaac/ for more details.

Best regards,

Bruno

We're interested in SSO solutions, especially ones that integrate nicely with Atlassian products but the lack of SPNEGO (Kerberos version) immediately rules it out for us too.

Agree. Using Jira in a corporate environment is a great thing. Requiring users to re-authenticate is troublesome at best and very problematic when using 2-factor mechanisms. When will Jira be kerberized?

+1 this.

SPNEGO, when implemented well, provides obvious benefit to users on a daily basis. Windows and other users that are already logged-in with their enterprise credentials can simply visit a participating web app and have their browser securely forward their local credentials to the website, thus eliminating another unnecessary login.

Also, there are 150 hits Googling for 'spnego site:atlassian.com' (sans ''). In addition, someone else asked about this anonymously in the Crowd 2.3 FAQ [1].

To support this, would the level of effort be to put together a How To page? It's also surprising that someone hasn't blogged about how to do this yet.

References:

1 Crowd 2.3 FAQ http://confluence.atlassian.com/display/CROWD/Crowd+FAQ?focusedCommentId=69304352#comment-69304352
2 spnego open source project http://spnego.sourceforge.net/
3 SPNEGO support in tomcat https://issues.apache.org/bugzilla/show_bug.cgi?id=48685
4 CAS SPNEGO feature request http://lutung.library.ums.ac.id/software/sso/CAS/docs/CAS/Kerberos.html
5 SPNEGO JAAS / JGSS http://bofriis.dk/files/doc/spnego-jgss-configuration-.pdf