+1 this.
SPNEGO, when implemented well, provides obvious benefit to users on a daily basis. Windows and other users that are already logged-in with their enterprise credentials can simply visit a participating web app and have their browser securely forward their local credentials to the website, thus eliminating another unnecessary login.
Also, there are 150 hits Googling for 'spnego site:atlassian.com' (sans ''). In addition, someone else asked about this anonymously in the Crowd 2.3 FAQ [1].
To support this, would the level of effort be to put together a How To page? It's also surprising that someone hasn't blogged about how to do this yet.
References:
1 Crowd 2.3 FAQ http://confluence.atlassian.com/display/CROWD/Crowd+FAQ?focusedCommentId=69304352#comment-69304352
2 spnego open source project http://spnego.sourceforge.net/
3 SPNEGO support in tomcat https://issues.apache.org/bugzilla/show_bug.cgi?id=48685
4 CAS SPNEGO feature request http://lutung.library.ums.ac.id/software/sso/CAS/docs/CAS/Kerberos.html
5 SPNEGO JAAS / JGSS http://bofriis.dk/files/doc/spnego-jgss-configuration-.pdf
Hi,
We are proud to announce the release of our new add-on, Integrated Windows Authentication for Apps using Crowd (IWAAC) at https://marketplace.atlassian.com/plugins/com.cleito.iwaac
IWAAC uses SPNEGO/Kerberos to allow your Windows domain users to log into Jira, Confluence, or any other web app using Crowd as its user management system without entering a password.
Please check out https://www.cleito.com/products/iwaac/ for more details.
Best regards,
Bruno