Confluence and Shibboleth

Nate Klingenstein ndk at internet2.edu
Tue Aug 21 19:33:43 EDT 2012 

Abeer,

> I am new to the whole Shibboleth stuff. I have spent the last couple  
> of days reading any and everything I can find on it and I am still  
> unclear on some things. Here is what I am trying to do. I have  
> confluence and another web application for which I want to implement  
> SSO. The username information resides in Confluence.

If your user data store is Confluence, then you'll need to operate a  
SAML IdP that can use the Confluence database as its underlying  
identity source.  The Shibboleth IdP can probably do this.  I would  
also double-check that Confluence doesn't intend to change the  
structure of that user data store.

> The idea was if the user is logged into confluence and clicked on  
> this other website’s link from within Confluence they wouldn’t have  
> to log in again. Shibboleth was suggested and sounded like the right  
> solution, however, now I am not so sure. I read up on the Confluence  
> Shibboleth Authenticator but that ends up making Confluence the SP.

You would want to set up an SP in front of Confluence and in front of  
the other website.  This, along with an IdP using the Confluence user  
data, will give your users SSO across both sites.

>  But if I configure it that way then what’s my idp authenticating  
> the users against since they are in confluence’s mysql database?

The database.

> Am I going all wrong about this? If not can someone provide some  
> high level pointers?

I think your understanding is pretty good and Shibboleth is a fine  
solution for your problem.  You just need to remember that Confluence  
will be acting both as an identity store for an IdP and as an SP  
receiving that identity data, and there will be a second SP in front  
of the other website.

Please let us know if, in the event you select Shibboleth software,  
you have more questions.

Thanks,
Nate.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://shibboleth.net/pipermail/users/attachments/20120821/4701018b/attachment.html

More information about the users mailing list