Uploaded image for project: 'Jira Software Data Center'
  1. Jira Software Data Center
  2. JSWSERVER-26461

Kerberos support for outbound traffic

XMLWordPrintable

    • Icon: Suggestion Suggestion
    • Resolution: Unresolved
    • None
    • Security
    • None
    • 1
    • 1
    • We collect Jira feedback from various sources, and we evaluate what we've collected when planning our product roadmap. To understand how this piece of feedback will be reviewed, see our Implementation of New Features Policy.

      Challenges in configuring Kerberos authentication for Jira Data Center when the Jira instance operates behind an outbound proxy and is intended to integrate with Active Directory for Single Sign-On (SSO).
      Despite all the following setup and configuration efforts on Active Directory, Jira, and the proxy, Kerberos authentication is not functioning as expected.

      • Create a dedicated service account in Active Directory.
      • Configure krb5.ini with the Kerberos realm and KDC details, placing it in C:/Windows.
      • Create jaas.conf in C:/Windows, configured for Krb5LoginModule.
      • Configure Jira's User Directory as "Active Directory" with "Delegated Authentication" enabled.
      • Jira Startup Java Options: Add the following Java options to Jira's startup configuration: 
        -Djava.security.auth.login.config=C:/Windows/jaas.conf
-Djava.security.krb5.conf=C:/Windows/krb5.conf
-Djavax.security.auth.useSubjectCredsOnly=false
-Dhttp.proxyHost=your.proxy.server
-Dhttp.proxyPort=proxy-port
-Dhttp.proxyUser=your-kerberos-username
-Dhttp.proxyPassword=your-kerberos-password
-Dhttp.proxyScheme=kerberos
-Dhttps.proxyUser=your-kerberos-username
-Dhttps.proxyPassword=your-kerberos-password
-Dhttp.proxyAuth=negotiate,basic

            [JSWSERVER-26461] Kerberos support for outbound traffic

            SET Analytics Bot made changes -
            UIS New: 1
            SET Analytics Bot made changes -
            Support reference count New: 1
            skavatekar made changes -
            Security Original: Reporter and Atlassian Staff [ 10751 ]
            Sen made changes -
            Security New: Reporter and Atlassian Staff [ 10751 ]
            skavatekar created issue -

              Unassigned Unassigned
              f956e0e022e9 skavatekar
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Created:
                Updated: