Initial port to Confluence

README.md

@@ -1,21 +1,23 @@
-JIRA 4.3+ with mod_auth_kerb SSO
+JIRA/Confluence with Kerberos SSO
 ================================
 Goal
 ----
-Users should transparently log in to JIRA with AD domain credentials.
+Users should transparently log in to JIRA/Confluence with AD domain credentials. 
 
 Overview
 --------
-Apache authenticates users using mod_auth_kerb and passes the authenticated username to JIRA through an AJP proxy. JIRA uses a custom Seraph filter which checks for the remote_user variable set by Apache and logs the user in automatically.
+Apache authenticates users using mod_auth_kerb and passes the authenticated username to JIRA/Confluence through an AJP proxy. JIRA/Confluence uses a custom Seraph filter which checks for the remote_user variable set by Apache and logs the user in automatically.
 
 Installation
-------------
+-----------
+### JIRA
 1. Install Jira using the standard install, listening on port 8080
    * Allow port 8080 through the firewall
 2. Setup LDAP user directory
    * Test logging in using your AD credentials
 3. Setup apache to act as a proxy to Jira using AJP
-   * Add this line to the server.xml (/opt/atlassian/jira/conf/server.xml) file, around line 64. It should end up below the existing "Connector" entry. 
+   * Add this line to the server.xml (/opt/atlassian/jira/conf/server.xml) file, around line 64. It should end up below the existing "Connector" entry.
+
      ```xml
      <Connector port="8009" redirectPort="8443" enableLookups="false" protocol="AJP/1.3" URIEncoding="UTF-8" tomcatAuthentication="false"/>
      ```
@@ -26,6 +28,7 @@ Installation
 5. Add the jar file (RemoteUserJiraAuth-X.Y.jar) to the WEB-INF/lib/ directory (by default it's /opt/atlassian/jira/atlassian-jira/WEB-INF/lib/)
    * Ensure that you've removed any older versions which may exist.
 6. Edit WEB-INF/classes/seraph-config.xml and replace the existing authenticator with the custom one: 
+
    ```xml
    Comment this out:
    <authenticator class="com.atlassian.jira.security.login.JiraSeraphAuthenticator"/>
@@ -35,6 +38,20 @@ Installation
 7. Restart JIRA and Apache
 8. Check to see if it is now working.
 
+### Confluence
+Use the JIRA instructions above with the following changes:
+
+1. Use the base path of your Confluence installation rather than JIRA. (/opt/atlassian/confluence by default) 
+2. If you're running both JIRA and Confluence on the same host, you'll need to use a different port for the AJP connector created in the server.xml file.
+3. When you're replacing the authenticator classname in WEB-INF/classes/seraph-config.xml, use these details instead:
+
+   ```xml
+   Comment this out:
+   <authenticator class="com.atlassian.confluence.user.ConfluenceAuthenticator"/>
+   Add this below it:
+   <authenticator class="anguswarren.confluence.RemoteUserConfluenceAuth"/>
+   ```
+
 Notes
 -----
 ### Kerberos

RemoteUserConfluenceAuth/LICENSE

@@ -0,0 +1,19 @@
+To avoid future confusion, we recommend that you include a license with your plugin.
+This file is simply a reminder.
+
+For a template license you can have a look at: http://www.opensource.org/licenses/
+
+Atlassian releases most of its modules under the Apache2 license: http://opensource.org/licenses/Apache-2.0
+Copyright 2011 Angus Warren
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.

RemoteUserConfluenceAuth/pom.xml

@@ -0,0 +1,71 @@
+<?xml version="1.0" encoding="UTF-8"?>
+
+<project xmlns="http://maven.apache.org/POM/4.0.0"
+         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+
+    <modelVersion>4.0.0</modelVersion>
+    <groupId>anguswarren.confluence</groupId>
+    <artifactId>RemoteUserConfluenceAuth</artifactId>
+    <version>1.1</version>
+
+    <organization>
+        <name>Angus Warren</name>
+        <url>http://wiki.warren.bz</url>
+    </organization>
+
+    <name>anguswarren.confluence.RemoteUserConfluenceAuth</name>
+    <description>This is a custom Seraph filter developed by Angus Warren to authenticate based on the remote_user variable set by Apache</description>
+    <packaging>atlassian-plugin</packaging>
+
+    <dependencies>
+        <dependency>
+            <groupId>junit</groupId>
+            <artifactId>junit</artifactId>
+            <version>4.10</version>
+            <scope>test</scope>
+        </dependency>
+        <dependency>
+            <groupId>com.atlassian.confluence</groupId>
+            <artifactId>confluence</artifactId>
+            <version>${confluence.version}</version>
+            <scope>provided</scope>
+        </dependency>
+            <dependency>
+            <groupId>javax.servlet</groupId>
+            <artifactId>servlet-api</artifactId>
+            <version>2.4</version>
+            <scope>provided</scope>
+        </dependency>
+    </dependencies>
+
+    <build>
+        <plugins>
+            <plugin>
+                <groupId>com.atlassian.maven.plugins</groupId>
+                <artifactId>maven-confluence-plugin</artifactId>
+                <version>${amps.version}</version>
+                <extensions>true</extensions>
+                <configuration>
+                    <productVersion>${confluence.version}</productVersion>
+                    <productDataVersion>${confluence.data.version}</productDataVersion>
+                </configuration>
+            </plugin>
+            <plugin>
+                <artifactId>maven-compiler-plugin</artifactId>
+                <configuration>
+                    <source>1.6</source>
+                    <target>1.6</target>
+                </configuration>
+            </plugin>
+        </plugins>
+    </build>
+
+    <properties>
+        <confluence.version>5.7</confluence.version>
+        <confluence.data.version>5.7</confluence.data.version>
+        <amps.version>5.0.13</amps.version>
+        <plugin.testrunner.version>1.2.3</plugin.testrunner.version>
+    </properties>
+
+</project>

RemoteUserConfluenceAuth/src/main/java/anguswarren/confluence/RemoteUserConfluenceAuth.java

@@ -0,0 +1,68 @@
+/**
+ * Copyright 2011 Angus Warren
+ * 
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ * 
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ * 
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package anguswarren.confluence;
+
+import org.apache.log4j.Category;
+import java.security.Principal;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import com.atlassian.confluence.user.ConfluenceAuthenticator;
+
+public class RemoteUserConfluenceAuth extends ConfluenceAuthenticator
+{
+    private static final Category log = Category.getInstance(RemoteUserConfluenceAuth.class);
+
+    public Principal getUser(HttpServletRequest request, HttpServletResponse response)
+    {
+        Principal user = null;
+        try
+        {
+            if(request.getSession() != null && request.getSession().getAttribute(ConfluenceAuthenticator.LOGGED_IN_KEY) != null)
+            {
+                log.debug("Session found; user already logged in");
+                user = (Principal) request.getSession().getAttribute(ConfluenceAuthenticator.LOGGED_IN_KEY);
+                String username = user.getName();
+                user = getUser(username);
+            }
+            else
+            {
+                    log.debug("Trying RemoteUserConfluenceAuth SSO");
+                    String remoteuser = request.getRemoteUser();
+                    log.debug("remote_user set to: " + remoteuser);
+                    if(remoteuser != null)
+                    {
+			String[] username = remoteuser.split("@");
+                        user = getUser(username[0]);
+                        log.debug("Logging in with username: " + user);
+                        request.getSession().setAttribute(ConfluenceAuthenticator.LOGGED_IN_KEY, user);
+                        request.getSession().setAttribute(ConfluenceAuthenticator.LOGGED_OUT_KEY, null);
+                    }
+                    else 
+                    {
+                        log.warn("remote_user is null");
+                        return null;
+                    }
+            }
+        }
+        catch (Exception e)
+        {
+            log.warn("Exception: " + e, e);
+        }
+        return user;
+    }
+
+}

RemoteUserConfluenceAuth/src/main/resources/atlassian-plugin.xml

@@ -0,0 +1,7 @@
+<atlassian-plugin key="${project.groupId}.${project.artifactId}" name="${project.name}" plugins-version="1">
+    <plugin-info>
+        <description>${project.description}</description>
+        <version>${project.version}</version>
+        <vendor name="${project.organization.name}" url="${project.organization.url}" />
+    </plugin-info>
+</atlassian-plugin>