Access Confluence using Standard Authentication with Secure Store Service on SP 2010 (v 1.9)
This page is part of the installation guide for the Confluence SharePoint Connector. It tells you how to configure access to Confluence using the standard Confluence authentication with Microsoft Secure Store Service. These instructions apply to the connector for SharePoint 2010.
On this page:
Overview
In this configuration, SharePoint and all client browsers are authenticated using Confluence's built-in authentication module, which is a style of Forms-based Authentication. The Microsoft Secure Store Service acts as a 'man-in-the-middle', performing mappings between Confluence and SharePoint user accounts.
Use this Configuration when...
- You have no specific authentication requirements for your environment. You do not need your users to have pass-through authentication to Confluence via their desktop logins.
- The usernames and passwords in your Confluence user repository do not exactly match the usernames and passwords in your SharePoint user repository (such as Active Directory).
- You are not able to configure Confluence to synchronize its user repository with Active Directory (see Confluence LDAP user management).
If you have not already seen our guide to planning your environment, you can refer to it for information that will help you select the best configuration for your environment.
Caveats
Caching of Username and Password
The Microsoft Secure Store Service caches users' credentials for external applications such as Confluence. The first time a user accesses Confluence, they will be prompted to enter their username and password. Subsequent logins to Confluence will use the cached credentials.
Hardening the Secure Store Service
The Microsoft TechNet article on Planning the Secure Store Service has a number of guidelines on how to run the service in a manner that is as secure as possible. You should read through these guidelines and apply them to your environment, where practical.
Installation Instructions
After installing the SharePoint Connector, follow the instructions below to configure the Secure Store Service to work with Confluence.
Step 1. Ensure that the Secure Store Service is running
By default, the Secure Store Service is already set up and started on new installations of SharePoint Server 2010. This step of the guide just ensures that the Secure Store Service is running in your environment.
- Log in to your SharePoint Central Administration site with a user account that has farm administration privileges.
- Click 'Manage Service Applications'.
- In the table of service applications, locate the 'Secure Store Service Application'.
- Ensure that the 'Status' of the service application is set to 'Started'.
If the Secure Store Service is not started, or is not listed in the table, then follow the instructions below to configure a new instance of the Secure Store Service. Otherwise, skip to step 2.
Step 1.1. Start a New Instance of the Secure Store Service
- From the ribbon on the 'Manage Service Applications' page, click 'New' and select 'Secure Store Service'.
- The 'Create New Service Store Service Application' popup window appears. Enter the details of the new service application. The settings should satisfy the recommended guidelines for the Secure Store Service (see the corresponding TechNet article).
- Click 'OK'.
- Once the new Secure Store Service Application has been created successfully, click 'OK' again.
Step 2. Configure a Secure Store Application for Confluence
The next step involves creating a new target 'application' in the Secure Store database that will hold the credentials for your Confluence server.
- Click the name of the Secure Store Service Application (see step 1 above) in the 'Manage Service Applications' table.
Step 2.1. Generate New Key
You only need to perform this step if, upon loading the Secure Store Service Application page, you receive the following error:
- In the ribbon at the top of the page, click 'Generate New Key'.
- The 'Generate New Key' popup window appears. Enter a new passphrase for encrypting the credentials in the Secure Store Service.
- Click 'OK'.
Step 2.2 Create New Application
- In the ribbon at the top of the page, click 'New'.
- Set the 'Target Application ID' to 'Confluence'.
- Enter a 'Display Name' and 'Contact E-mail' for the application.
- Set the 'Target Application Type' to 'Individual'.
- Ensure that the 'Use default page' option under 'Target Application Page URL' is selected.
- Set the 'Ticket Timeout' to 2 (minutes).
- Click 'Next'.
- Create two fields for the application, matching the example shown below:
- Click 'Next'.
- Add the current user to the 'Target Application Administrators' group.
- Click 'OK'.
Next Step
To continue with the installation of the SharePoint Connector, please install and configure the SharePoint feature. When configuring the SharePoint web part make sure that you select 'Access Confluence with the Secure Store Service' as your authentication method.