Skip to end of metadata
Go to start of metadata

SSO Authenticator for AD/ADFS/LDAP and Atlassian Servers (via Kerberos)

Single sign-on authenticator for Active Directory/Active Directory Federation Service/LDAP, including full support for Confluence, JIRA, Bitbucket Server (formerly Stash), Crowd, Bamboo, FishEye, Crucible, SVN

NTLM v1 or v2 or Kerberos


Atlassian applications (Confluence, JIRA, Crowd, Fisheye, etc..) have no out-of-the-box support for single sign-on in an Active Directory environment.


What is NTLM and Kerberos in the first place?

The table below describes these Microsoft technologies in quick terms. We'll resort to Wikipedia for the official definitions to get you up to speed quickly (or to confuse more. Hmm.)

In short, SSO authentication protocols that work within MS Active Directory/Windows environments:








Meant for Win9X, NT 3.51

Libraries available in deprecated version of open source JCIFS

IE and Windows only, very crackable, susceptible to man-in-the-middle attacks, chatty on network


Meant for NT 4.0 SP4

More secure than NTLMv1.

  • IE and Windows only, not a part of Java 6's implementation of SPNEGO
  • Requires 3rd party libraries (e.g., jespa or VSJ)
  • Chatty on network


Default authentication for Active Directory

  • Included in Java 6 implementation of SPNEGO
  • More secure than NTLMv2
  • Open standard
  • Cross platform (Windows, Linux, Unix)
  • Cross browser (IE, Firefox)
  • Less chatty than NTLM

Client machine must be joined to domain

Our Recommended Solution

AppFusions currently supports deployments to with:

  • JIRA
  • Confluence
  • Bamboo
  • FishEye/Crucible (per repository permissions not supported)
  • Crowd (SSO for the admin accts to Crowd - not distributed amongst connected applications)
  • SVN (not an Atlassian product, but still)


Client applications that call Atlassian web services protected by custom Integrated Windows Authentication plugin need to authenticate with IWA, as well as use the token obtained by passing in username and password to login method.

Deploy it?

Please email us and lets get you going!