Confluence and Shibboleth

Abeer Ishtiaq aishtiaq at netuitive.com
Tue Aug 21 19:36:12 EDT 2012 

Nate,

Thanks for the sanity check. I am going to proceed with it and start with setting up confluence as an IDP.

Regards,
Abeer

From: users-bounces at shibboleth.net [mailto:users-bounces at shibboleth.net] On Behalf Of Nate Klingenstein
Sent: Tuesday, August 21, 2012 7:34 PM
To: Shib Users
Subject: Re: Confluence and Shibboleth

Abeer,

I am new to the whole Shibboleth stuff. I have spent the last couple of days reading any and everything I can find on it and I am still unclear on some things. Here is what I am trying to do. I have confluence and another web application for which I want to implement SSO. The username information resides in Confluence.

If your user data store is Confluence, then you'll need to operate a SAML IdP that can use the Confluence database as its underlying identity source.  The Shibboleth IdP can probably do this.  I would also double-check that Confluence doesn't intend to change the structure of that user data store.


The idea was if the user is logged into confluence and clicked on this other website's link from within Confluence they wouldn't have to log in again. Shibboleth was suggested and sounded like the right solution, however, now I am not so sure. I read up on the Confluence Shibboleth Authenticator but that ends up making Confluence the SP.

You would want to set up an SP in front of Confluence and in front of the other website.  This, along with an IdP using the Confluence user data, will give your users SSO across both sites.


 But if I configure it that way then what's my idp authenticating the users against since they are in confluence's mysql database?

The database.


Am I going all wrong about this? If not can someone provide some high level pointers?

I think your understanding is pretty good and Shibboleth is a fine solution for your problem.  You just need to remember that Confluence will be acting both as an identity store for an IdP and as an SP receiving that identity data, and there will be a second SP in front of the other website.

Please let us know if, in the event you select Shibboleth software, you have more questions.

Thanks,
Nate.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://shibboleth.net/pipermail/users/attachments/20120821/e6dfd0aa/attachment.html

More information about the users mailing list