Uploaded image for project: 'Bitbucket Data Center'
  1. Bitbucket Data Center
  2. BSERV-7694

Use integrated Windows Auth for Proxy Authentication

XMLWordPrintable

      Hi,
      I'm looking to secure access to the internet via an authenticated proxy and would like to avoid username passwords within init strings.

      https://confluence.atlassian.com/display/JIRAKB/How+to+Configure+an+Outbound+HTTP+and+HTTPS+Proxy+for+JIRA
      describes a scenario where this may be possible, -Dhttp.auth.ntlm.domain=DOMAIN used in conjunction with -Dhttp.proxyAuth=ntlm,basic

      Is this supported if I use the following on the Java service properties?

      -Dhttp.proxyHost=proxy.example.org -Dhttp.proxyPort=8080 -Dhttps.proxyHost=proxy.example.org -Dhttps.proxyPort=8080 -Dhttp.nonProxyHosts=localhost

      Thanks
      Andrew

      Workaround:

      While the problem statement above is a known issue and Atlassian decided not to implement NTLM support for a few products, there is a workaround for that available on the documentation below:

        1. stash_case.zip
          24 kB
        2. stash.zip
          108 kB
        3. stash.zip
          108 kB

          Form Name

            [BSERV-7694] Use integrated Windows Auth for Proxy Authentication

            Andrew Ritchie added a comment -

            I've tried again today, and taken a network trace, however it's too large to upload, so filtered only based on the proxy address,10.13.8.94, which is showing some traffic,
            However the application fails to properly start.

            Andrew Ritchie added a comment - I've tried again today, and taken a network trace, however it's too large to upload, so filtered only based on the proxy address,10.13.8.94, which is showing some traffic, However the application fails to properly start.

            Andrew Ritchie added a comment -

            hopefully the files uploaded

            Andrew Ritchie added a comment - hopefully the files uploaded

            Andrew Ritchie added a comment -

            Thanks Nick,
            I did try this however I got some nasty exceptions, although not sure they were related to the change. However I reverted the configuration.
            I tried initially with the password in the clear within the registry,
            Attached are some of the logs.

            Andrew Ritchie added a comment - Thanks Nick, I did try this however I got some nasty exceptions, although not sure they were related to the change. However I reverted the configuration. I tried initially with the password in the clear within the registry, Attached are some of the logs.

            Nick added a comment -

            Yes - Stash uses the Tomcat webserver (same as JIRA) so following the instructions on https://confluence.atlassian.com/display/JIRAKB/How+to+Configure+an+Outbound+HTTP+and+HTTPS+Proxy+for+JIRA should achieve what you need.

            Nick added a comment - Yes - Stash uses the Tomcat webserver (same as JIRA) so following the instructions on https://confluence.atlassian.com/display/JIRAKB/How+to+Configure+an+Outbound+HTTP+and+HTTPS+Proxy+for+JIRA should achieve what you need.

              Unassigned Unassigned
              e8c5b354e415 Andrew Ritchie
              Affected customers:
              0 This affects my team
              Watchers:
              2 Start watching this issue

                Created:
                Updated:
                Resolved: