-
Suggestion
-
Resolution: Unresolved
-
None
-
None
-
1
-
1
-
Challenges in configuring Kerberos authentication for Jira Data Center when the Jira instance operates behind an outbound proxy and is intended to integrate with Active Directory for Single Sign-On (SSO).
Despite all the following setup and configuration efforts on Active Directory, Jira, and the proxy, Kerberos authentication is not functioning as expected.
- Create a dedicated service account in Active Directory.
- Configure krb5.ini with the Kerberos realm and KDC details, placing it in C:/Windows.
- Create jaas.conf in C:/Windows, configured for Krb5LoginModule.
- Configure Jira's User Directory as "Active Directory" with "Delegated Authentication" enabled.
- Jira Startup Java Options: Add the following Java options to Jira's startup configuration:
-Djava.security.auth.login.config=C:/Windows/jaas.conf -Djava.security.krb5.conf=C:/Windows/krb5.conf -Djavax.security.auth.useSubjectCredsOnly=false -Dhttp.proxyHost=your.proxy.server -Dhttp.proxyPort=proxy-port -Dhttp.proxyUser=your-kerberos-username -Dhttp.proxyPassword=your-kerberos-password -Dhttp.proxyScheme=kerberos -Dhttps.proxyUser=your-kerberos-username -Dhttps.proxyPassword=your-kerberos-password -Dhttp.proxyAuth=negotiate,basic