Date: Fri, 29 Mar 2024 04:05:33 +1300 (NZDT) Message-ID: <1785724101.95.1711638333972@ec2-52-63-119-232.ap-southeast-2.compute.amazonaws.com> Subject: Exported From Confluence MIME-Version: 1.0 Content-Type: multipart/related; boundary="----=_Part_94_2076521632.1711638333949" ------=_Part_94_2076521632.1711638333949 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Content-Location: file:///C:/exported.html
For installations with Java 11 please read: Additional Configuration for Java 11<= /p>
Once installed click Configure in UPM to proceed to=
the configuration wizard. You can also arrive to this screen by clicking <=
strong>EasySSO link under "TechTime Add-Ons" section usually locat=
ed in the left panel of the Admin screen.
Click on NTLM/Kerberos
Follow the link on the screen to obtain the IOPLEX Jespa library and upload=
it into EasySSO screen.
=
An "About" dialog will popup. "Trial period" refers to IOPLEX Jespa Free tr=
ial period when it operates in unlimited number of users mode. After this p=
eriod it will automatically revert to 25 unique users only mode. If you req=
uire more time to evaluate, once you renewed EasySSO evaluation license via=
Marketplace, repeat this very step, downloading a fresh IOPLEX Jespa distr=
ibution.
See the screenshots on the right. Read more about the role of IOPLEX Jespa library in EasySSO product=
.
<= /p>
5. Read the IOPLEX EULA.
Continuing past this point signifies your acceptance of the terms of IOP= LEX EULA.
6. Go to "EasySSO Configuration" tab
7. Fill in your domain name. If you don't= know what your domain is it is better to consult your Active Directory Adm= in or you can use the method described in our "Determining AD forest" FAQ page. One of the val= ues returned will be the domain name ("Dom Name").
Alternatively:
s= ysteminfo | findstr /B /C:"Domain"
8. Obtain a computer Active Directory account with a password= em> in your Domain from your Active Directory administrator.<= /p>
This is the most important part of the co= nfiguration. If this takes more time than expected, you can save the values= already entered on this screen (if any) and return to this screen later.= p>
You will need a new/dedicated com= puter account with a password. It's not a user account or what is known a "= service" account. Please do not re-use computer accounts created for other = instances of EasySSO (e.g. test environment or other Atlassian applications= ) - for details see: I HAVE MULTIPLE INSTANCES OF EASYSSO - HOW = MANY COMPUTER ACCOUNTS DO I NEED? in our <= strong>FAQ
Since creating this requires one to be lo= gged in as an Active Directory administrator - we cannot automate this task= , please work with your Active Directory administrators on this.
The account can be created (also known as=
"pre-staged") using standard Microsoft tools as described in this Technet article.
Password for the computer account can be set from the command line using "n=
et user <computer account$> <password> /domain" command describ=
ed in this Technet article.
Alternatively you can do it with a PowerShell cmdlet "Set-ADAccountPassword=
-Identity <computer account$> -Reset -NewPassword <password>" =
as described in this article.
These command can be run on any domain-co= nnected workstation, but do require the user who runs them to be an Active = Directory administrator.
If you or your AD admin requires more det= ails, please read IOPLEX Jespa = Operators Manual about these (pages 7-8). The manual is = also available for download from the link on the EasySSO Configuration tab = and the About screen once you've uploaded IOPLEX Jespa .zip package. <= /p>
Please pass IOPLEX Jespa .zip package to = your administrators =E2=80=93 it contains the Operators Manual as well as t= he necessary command-line scripts to help them accomplish this task (if for= some reason they do not like the standard ones mentioned above).
IOPLEX Jespa package contains two .vbs sc= ripts =E2=80=93 one script is a full wizard that will create the computer a= ccount and set the password - you will need to be an Active Directory = administrator to be able to run these scripts. The other one can be used by= your domain administrators to set a password on computer account if they c= reate it manually using default tools from Microsoft.
If you are an Active Directory administra= tor yourself =E2=80=93 the download link 'SetComputerPassword.= vbs script' is available on the EasySSO Configuration tab (in= the help hint of the password field). You will have to rename the file to = *.vbs (as browsers won't download it as is). The script is plain text - fee= l free to open it up in a any text editor and review.
9. Ent=
er computer account credentials. Press Test Connection. EasySSO will attemp=
t to discover you Domain Controllers automatically from DNS and connect to =
one of them via NETLOGON protocol. If you receive an error message, please =
examine logs, specifically jespa.log - here is how to get the logs. M=
ost of the common errors are described in Troubleshooting section
10. On= ce the connection works, SSO should work too. Test in Incognito/In-Private = mode or with another browser. If you are kicked out to login page or logout= after successful SSO, make sure you close the browser window (to clear out= the cookies) and then navigate to the Atlassian application again in a new= browser window. If you receive any error messages or observe some une= xpected behaviour (e.g. domain credentials popup), please review items belo= w, and examine logs, specifically jespa.log - = ; here is how= to get the logs. Chat to our 24x7 support (bottom right of this very p= age) and we will assist you.
11.&nb= sp; Proxi= es:  = ;If you are running behind a reverse proxy e.g Apache - see Co= nfiguring Apache as a reverse proxy for EasySSO in our FAQ for the additional config that needs to be done to these front= -facing web servers. If you are using NGINX - see How to Configure NGINX in our FAQ . If you are using IIS - see Configuring IIS as reverse prox= y in our= FAQ
12. If you are installing EasySSO into multiple Atlassian a= pplications, that are integrated via Application Links you will need to con= figure mutual filtering between applications as NTLM/Kerberos is not suppor= ted when building or verifying the application link.
This can be done either using <= /span> IP Filtering or User-Agent filtering to disable NTLM/Kerberos when for example JIR= A contacts Confluence and vice versa. User-Agent filtering seems to be pref= erred by most customers. =
In our = FAQ we specifically answer the question "My Application Links don't= work after installing EasySSO?" with instructions on how to configure = User-Agent filtering.
13. Browser Setting: For the duration of your testing, especially if this is done in a fr= eshly build test environment - you may need to change the browser settings = according to these instructi= ons. Once you are deploying to production - usually the corresponding s= ettings are applied via domain global policies automatically.
14= . Take a look at our FAQs page = to see if there are any scenarios that apply to you which could make = your life easier.
15= . If you want to configure EasySSO further please read the Advanced= configuration for EasySSO  = ;instructions. Here you will find information on:
a) Specifying log levels and log file loc= ations
b) the AD site configuration - please rea= d our FAQ article: Determining existing AD sites
c) choosing the canonical form of your us= er accounts - make sure it matches the form of the usernames used in Atlass= ian application
d) configuring Kerberos (please make sure that = NTLM SSO works first!)
Pair EasySSO with User Management fo= r JIRA and Confluence. Visit the Atlassian Marketplace for = more information.