Confluence and Shibboleth

Peter Schober peter.schober at univie.ac.at
Wed Aug 22 11:00:18 EDT 2012 

* Abeer Ishtiaq <aishtiaq at netuitive.com> [2012-08-22 16:12]:
> - I have installed Shibboleth IDP per instructions on:
> https://wiki.shibboleth.net/confluence/display/SHIB2/IdPInstall I
> was able to successfully do this and get the OK on the status
> page. Question: in the before you begin section, it states: an SSL
> certificate that you'll use to secure your IdP's browser-facing HTTP
> connection Is this required? Also do I need apache in front of the
> tomcat I configured for the IDP?

SSL cert: Unless you have some other mechanism of protecting users'
credentials during transport, yes. But really that's up to you, the
software doesn't force you to use SSL, AFAIR.

Apache httpd: The docs make no mention of using httpd, so unless you
assume they are incorrect and incomplete, following the documentation
will get you a working IdP.

How you configure your Java Servlet container (and it doesn't have to
be Tomcat) and how SSL is enabled for that, is out of scope here.
Use the existing documentation for your software.

> - I have configured the Confluence Shibboleth Authenticator per
> instructions on:
> https://studio.plugins.atlassian.com/wiki/display/SHBL/How+to+Shibbolize+Confluence
> Question: Is this all I need to do to make Confluence an SP? I ask
> because when I got back to Configuring the Shibbleth IDP, the first
> step is to communicate with an SP and in that the first step is to
> load it's metadata
> (https://wiki.shibboleth.net/confluence/display/SHIB2/IdPMetadataProvider). I
> can't figure out what I would need to do in this step for
> Confluence.

No. It's not all. It's the last thing you do after you have a SAML IDP
and one or two SAML SPs up and running and communicating properly.
Then you can integrate a working, properly installed and configured
version of Confluence with the Shibboleth SP.

I.e., you'll need to install and configure the IdP and the SP (which
also includes exchanging metadata, as covered in the documentation)
first and only after that works look at the confluence integration.
There's no shortcut to learning the individual pieces only because you
need them all at once.

Or, as mentioned by Scott and Leif, forget about SAML and Shibboleth
and do the integration of Confluence with your "other webapp" via
Atlassian's Crowd software. That's not a question for this list,
though.
-peter

More information about the users mailing list