• Icon: Suggestion Suggestion
    • Resolution: Unresolved
    • None
    • None
    • None
    • 2
    • Our product teams collect and evaluate feedback from a number of different sources. To learn more about how we use customer feedback in the planning process, check out our new feature policy.

      Currently Crowd always try to connect to a server that is ready to provide "Simple" LDAP authentications. I'm opening this new feature request for Crowd to provide support to SPNEGO authentication method

            [CWD-2601] SPNEGO authentication

            SET Analytics Bot made changes -
            Support reference count New: 2
            Katherine Yabut made changes -
            Workflow Original: JAC Suggestion Workflow [ 3363096 ] New: JAC Suggestion Workflow 3 [ 3628623 ]
            Monique Khairuliana (Inactive) made changes -
            Workflow Original: Simplified Crowd Development Workflow v2 [ 1390201 ] New: JAC Suggestion Workflow [ 3363096 ]
            Issue Type Original: New Feature [ 2 ] New: Suggestion [ 10000 ]
            Status Original: Open [ 1 ] New: Gathering Interest [ 11772 ]
            Marcin Kempa made changes -
            Remote Link New: This issue links to "Page (Extranet)" [ 175836 ]
            Owen made changes -
            Workflow Original: Crowd Development Workflow v2 [ 338972 ] New: Simplified Crowd Development Workflow v2 [ 1390201 ]

            Hi,

            We are proud to announce the release of our new add-on, Integrated Windows Authentication for Apps using Crowd (IWAAC) at https://marketplace.atlassian.com/plugins/com.cleito.iwaac

            IWAAC uses SPNEGO/Kerberos to allow your Windows domain users to log into Jira, Confluence, or any other web app using Crowd as its user management system without entering a password.

            Please check out https://www.cleito.com/products/iwaac/ for more details.

            Best regards,

            Bruno

            Bruno Vincent added a comment - Hi, We are proud to announce the release of our new add-on, Integrated Windows Authentication for Apps using Crowd (IWAAC) at https://marketplace.atlassian.com/plugins/com.cleito.iwaac IWAAC uses SPNEGO/Kerberos to allow your Windows domain users to log into Jira, Confluence, or any other web app using Crowd as its user management system without entering a password. Please check out https://www.cleito.com/products/iwaac/ for more details. Best regards, Bruno

            J M added a comment -

            We're interested in SSO solutions, especially ones that integrate nicely with Atlassian products but the lack of SPNEGO (Kerberos version) immediately rules it out for us too.

            J M added a comment - We're interested in SSO solutions, especially ones that integrate nicely with Atlassian products but the lack of SPNEGO (Kerberos version) immediately rules it out for us too.

            Agree. Using Jira in a corporate environment is a great thing. Requiring users to re-authenticate is troublesome at best and very problematic when using 2-factor mechanisms. When will Jira be kerberized?

            Phil Letowt added a comment - Agree. Using Jira in a corporate environment is a great thing. Requiring users to re-authenticate is troublesome at best and very problematic when using 2-factor mechanisms. When will Jira be kerberized?

            +1 this.

            SPNEGO, when implemented well, provides obvious benefit to users on a daily basis. Windows and other users that are already logged-in with their enterprise credentials can simply visit a participating web app and have their browser securely forward their local credentials to the website, thus eliminating another unnecessary login.

            Also, there are 150 hits Googling for 'spnego site:atlassian.com' (sans ''). In addition, someone else asked about this anonymously in the Crowd 2.3 FAQ [1].

            To support this, would the level of effort be to put together a How To page? It's also surprising that someone hasn't blogged about how to do this yet.

            References:

            1 Crowd 2.3 FAQ http://confluence.atlassian.com/display/CROWD/Crowd+FAQ?focusedCommentId=69304352#comment-69304352
            2 spnego open source project http://spnego.sourceforge.net/
            3 SPNEGO support in tomcat https://issues.apache.org/bugzilla/show_bug.cgi?id=48685
            4 CAS SPNEGO feature request http://lutung.library.ums.ac.id/software/sso/CAS/docs/CAS/Kerberos.html
            5 SPNEGO JAAS / JGSS http://bofriis.dk/files/doc/spnego-jgss-configuration-.pdf

            Barry Allard added a comment - +1 this. SPNEGO, when implemented well, provides obvious benefit to users on a daily basis. Windows and other users that are already logged-in with their enterprise credentials can simply visit a participating web app and have their browser securely forward their local credentials to the website, thus eliminating another unnecessary login. Also, there are 150 hits Googling for 'spnego site:atlassian.com' (sans ''). In addition, someone else asked about this anonymously in the Crowd 2.3 FAQ [1] . To support this, would the level of effort be to put together a How To page? It's also surprising that someone hasn't blogged about how to do this yet. References: 1 Crowd 2.3 FAQ http://confluence.atlassian.com/display/CROWD/Crowd+FAQ?focusedCommentId=69304352#comment-69304352 2 spnego open source project http://spnego.sourceforge.net/ 3 SPNEGO support in tomcat https://issues.apache.org/bugzilla/show_bug.cgi?id=48685 4 CAS SPNEGO feature request http://lutung.library.ums.ac.id/software/sso/CAS/docs/CAS/Kerberos.html 5 SPNEGO JAAS / JGSS http://bofriis.dk/files/doc/spnego-jgss-configuration-.pdf
            Rodrigo Prado Brandao [Atlassian] created issue -

              Unassigned Unassigned
              rbrandao Rodrigo Prado Brandao [Atlassian]
              Votes:
              16 Vote for this issue
              Watchers:
              10 Start watching this issue

                Created:
                Updated: