1.       Configure CROWD

  • Define in CROWD in the internal directory this groups (with the CROWD UI):
    • confluence-administrators
    • crowd-administrators
    • site-admins
    • system-administrators
    • … something group with the same name such as JIRA/Confluence teams
  • New internal directory in CROWD with the JIRA & Confluence internal users and assign the groups. ( this step must be done automatically importing directly the users from JIRA & Confluence). NOTE: CROWD make a mix with the users & permissions & groups with all directories (always sum permissions/groups if the user is the same in all directories)
  • Configure the CROWD Apps with this order of Directories:
    • INTERNAL Crowd server
    • LDAP Enterprise 1
    • LDAP Enterprise 2 Backup
  • Important Note: The CROWD App passwords must be well-known by the Administrators
  • Then synchronize the users (In the CROWD Directories)

2.       Stop JIRA Tomcat JIRA and Confluence Tomcat

  • execute service tomcat stop (or similar, depends of your JIRA installation)

3.       Configure JIRA SSO and Start Service

  • vim /opt/apache-tomcat/webapps/WEB-INF/classes/seraph-config.xml file.
    • Comment <!––>
    • Uncomment  <authenticatorclass="com.atlassian.jira.security.login.SSOSeraphAuthenticator"/>
    • Copy file crowd.properties in /opt/apache-tomcat/webapps/WEB-INF/classes/ ( very the app password is the same configured in CROWD)
    • Start JIRA  service tomcat start

4.       Configurae Confluence SSO and  Start Service

  • vim /opt/apache-tomcat/webapps/wiki/WEB-INF/classes/seraph-config.xml file.
    • Comment <!– –>
    • Uncomment  <authenticatorclass="com.atlassian.confluence.user.ConfluenceCrowdSSOAuthenticator"/>
    • Copy file crowd.properties in /opt/apache-tomcat/webapps/WEB-INF/wiki/classes/ (very the app password is the same configured in CROWD)
    • Start Confluence  service tomcat start

5.    Delete Trusted App Link in JIRA and do the same in the Confluence

6.    From JIRA create another time (by a System Admin user) the Trusted App Link to Confluence. Important Notes:

  • The JIRA & Confluence link must be configured with the internal URL, for example:   (the internal connections with HTTP protocol would be faster like HTTPS)
  • The question, The JIRA users & Confluence Users are the same? Must be completed as YES!

7.    Edit the TrustedAppLink of JIRA and in the Confluence and Activate:

  • TrustedLink Enabled
  • OAuth for Incoming/Outgoing enable ALL checks

8.    Verify in the MySQL:

  • In jiradb must be one record, with this SQL: SELECT * FROM jiradb.trustedapp;
  • In confluencedb verify that is configured as well SELECT * FROM confluencedb.TRUSTEDAPP;  ( The URL must be correct )

9.    Testing:

  • Open new incognito window  (Google Chrome)
  • Enter in jira.example.com
  • Go to Confluence with the upper-left link of JIRA ( The SSO must be operate in this moment and the user password form don’t will be shown)
  • Edit a Confluence page and link an issue (All projects with access must be shown)
  • Go to JIRA with the upper-left link of Confluence ( The SSO must be operate in this moment and the user password form don’t will be shown)
  • Create an issue and link with a Confluence Page (without any error).
  • In the Confluence link, the page name will be shown  ( in the past “No page Access…” error was showed, if the configuration is well, the name of the page will be shown)
Posted by:.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s