diff --git a/README.md b/README.md
index dcb3200..192ab05 100644
--- a/README.md
+++ b/README.md
@@ -1,21 +1,23 @@
-JIRA 4.3+ with mod_auth_kerb SSO
+JIRA/Confluence with Kerberos SSO
================================
Goal
----
-Users should transparently log in to JIRA with AD domain credentials.
+Users should transparently log in to JIRA/Confluence with AD domain credentials.
Overview
--------
-Apache authenticates users using mod_auth_kerb and passes the authenticated username to JIRA through an AJP proxy. JIRA uses a custom Seraph filter which checks for the remote_user variable set by Apache and logs the user in automatically.
+Apache authenticates users using mod_auth_kerb and passes the authenticated username to JIRA/Confluence through an AJP proxy. JIRA/Confluence uses a custom Seraph filter which checks for the remote_user variable set by Apache and logs the user in automatically.
Installation
-------------
+-----------
+### JIRA
1. Install Jira using the standard install, listening on port 8080
* Allow port 8080 through the firewall
2. Setup LDAP user directory
* Test logging in using your AD credentials
3. Setup apache to act as a proxy to Jira using AJP
- * Add this line to the server.xml (/opt/atlassian/jira/conf/server.xml) file, around line 64. It should end up below the existing "Connector" entry.
+ * Add this line to the server.xml (/opt/atlassian/jira/conf/server.xml) file, around line 64. It should end up below the existing "Connector" entry.
+
```xml
```
@@ -26,6 +28,7 @@ Installation
5. Add the jar file (RemoteUserJiraAuth-X.Y.jar) to the WEB-INF/lib/ directory (by default it's /opt/atlassian/jira/atlassian-jira/WEB-INF/lib/)
* Ensure that you've removed any older versions which may exist.
6. Edit WEB-INF/classes/seraph-config.xml and replace the existing authenticator with the custom one:
+
```xml
Comment this out:
@@ -35,6 +38,20 @@ Installation
7. Restart JIRA and Apache
8. Check to see if it is now working.
+### Confluence
+Use the JIRA instructions above with the following changes:
+
+1. Use the base path of your Confluence installation rather than JIRA. (/opt/atlassian/confluence by default)
+2. If you're running both JIRA and Confluence on the same host, you'll need to use a different port for the AJP connector created in the server.xml file.
+3. When you're replacing the authenticator classname in WEB-INF/classes/seraph-config.xml, use these details instead:
+
+ ```xml
+ Comment this out:
+
+ Add this below it:
+
+ ```
+
Notes
-----
### Kerberos
diff --git a/RemoteUserConfluenceAuth/LICENSE b/RemoteUserConfluenceAuth/LICENSE
new file mode 100644
index 0000000..87c9b70
--- /dev/null
+++ b/RemoteUserConfluenceAuth/LICENSE
@@ -0,0 +1,19 @@
+To avoid future confusion, we recommend that you include a license with your plugin.
+This file is simply a reminder.
+
+For a template license you can have a look at: http://www.opensource.org/licenses/
+
+Atlassian releases most of its modules under the Apache2 license: http://opensource.org/licenses/Apache-2.0
+Copyright 2011 Angus Warren
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
diff --git a/RemoteUserConfluenceAuth/pom.xml b/RemoteUserConfluenceAuth/pom.xml
new file mode 100644
index 0000000..c5aef92
--- /dev/null
+++ b/RemoteUserConfluenceAuth/pom.xml
@@ -0,0 +1,71 @@
+
+
+
+
+ 4.0.0
+ anguswarren.confluence
+ RemoteUserConfluenceAuth
+ 1.1
+
+
+ Angus Warren
+ http://wiki.warren.bz
+
+
+ anguswarren.confluence.RemoteUserConfluenceAuth
+ This is a custom Seraph filter developed by Angus Warren to authenticate based on the remote_user variable set by Apache
+ atlassian-plugin
+
+
+
+ junit
+ junit
+ 4.10
+ test
+
+
+ com.atlassian.confluence
+ confluence
+ ${confluence.version}
+ provided
+
+
+ javax.servlet
+ servlet-api
+ 2.4
+ provided
+
+
+
+
+
+
+ com.atlassian.maven.plugins
+ maven-confluence-plugin
+ ${amps.version}
+ true
+
+ ${confluence.version}
+ ${confluence.data.version}
+
+
+
+ maven-compiler-plugin
+
+ 1.6
+ 1.6
+
+
+
+
+
+
+ 5.7
+ 5.7
+ 5.0.13
+ 1.2.3
+
+
+
diff --git a/RemoteUserConfluenceAuth/src/main/java/anguswarren/confluence/RemoteUserConfluenceAuth.java b/RemoteUserConfluenceAuth/src/main/java/anguswarren/confluence/RemoteUserConfluenceAuth.java
new file mode 100644
index 0000000..b32f066
--- /dev/null
+++ b/RemoteUserConfluenceAuth/src/main/java/anguswarren/confluence/RemoteUserConfluenceAuth.java
@@ -0,0 +1,68 @@
+/**
+ * Copyright 2011 Angus Warren
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package anguswarren.confluence;
+
+import org.apache.log4j.Category;
+import java.security.Principal;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import com.atlassian.confluence.user.ConfluenceAuthenticator;
+
+public class RemoteUserConfluenceAuth extends ConfluenceAuthenticator
+{
+ private static final Category log = Category.getInstance(RemoteUserConfluenceAuth.class);
+
+ public Principal getUser(HttpServletRequest request, HttpServletResponse response)
+ {
+ Principal user = null;
+ try
+ {
+ if(request.getSession() != null && request.getSession().getAttribute(ConfluenceAuthenticator.LOGGED_IN_KEY) != null)
+ {
+ log.debug("Session found; user already logged in");
+ user = (Principal) request.getSession().getAttribute(ConfluenceAuthenticator.LOGGED_IN_KEY);
+ String username = user.getName();
+ user = getUser(username);
+ }
+ else
+ {
+ log.debug("Trying RemoteUserConfluenceAuth SSO");
+ String remoteuser = request.getRemoteUser();
+ log.debug("remote_user set to: " + remoteuser);
+ if(remoteuser != null)
+ {
+ String[] username = remoteuser.split("@");
+ user = getUser(username[0]);
+ log.debug("Logging in with username: " + user);
+ request.getSession().setAttribute(ConfluenceAuthenticator.LOGGED_IN_KEY, user);
+ request.getSession().setAttribute(ConfluenceAuthenticator.LOGGED_OUT_KEY, null);
+ }
+ else
+ {
+ log.warn("remote_user is null");
+ return null;
+ }
+ }
+ }
+ catch (Exception e)
+ {
+ log.warn("Exception: " + e, e);
+ }
+ return user;
+ }
+
+}
diff --git a/RemoteUserConfluenceAuth/src/main/resources/atlassian-plugin.xml b/RemoteUserConfluenceAuth/src/main/resources/atlassian-plugin.xml
new file mode 100644
index 0000000..31ae603
--- /dev/null
+++ b/RemoteUserConfluenceAuth/src/main/resources/atlassian-plugin.xml
@@ -0,0 +1,7 @@
+
+
+ ${project.description}
+ ${project.version}
+
+
+
diff --git a/builds/RemoteUserConfluenceAuth-1.1.jar b/builds/RemoteUserConfluenceAuth-1.1.jar
new file mode 100644
index 0000000..8bdc353
Binary files /dev/null and b/builds/RemoteUserConfluenceAuth-1.1.jar differ
diff --git a/builds/RemoteUserConfluenceAuth-1.1.tar.gz b/builds/RemoteUserConfluenceAuth-1.1.tar.gz
new file mode 100644
index 0000000..355857a
Binary files /dev/null and b/builds/RemoteUserConfluenceAuth-1.1.tar.gz differ