Solutions : Jespa Plugin for Jira 4.

4 and up
This page last changed on 2012/02/21 by techtime.

1. Obtain the latest Jespa libraries and prepare them a. download the latest libraries from IOPlex Download Page. At the time of writing the latest version is 1.1.11 b. Extract the files from the archive c. If you have a lisense file from IOPlex place it into a sub-directory called jespa and add to the Jespa library jar. For example using zip and unzip on Linux or Unix system

user$ unzip jespa-1.1.11.zip Archive: jespa-1.1.11.zip creating: jespa-1.1.11/ ... user$ mkdir jespa-1.1.11/jespa user$ cp license.key jespa-1.1.11/jespa user$ cd jespa-1.1.11 user$ zip jespa-1.1.11.jar jespa/license.key adding: jespa/license.key (stored 0%)

2. Add required libraries to JIRA_DIR/WEB-INF/lib a. the attached techtime-ntlm.jar b. the latest JCIFS library available from http://jcifs.samba.org/src/ (pick the .jar file) c. the Jespa library jar re-licensed in the previous step 3. Edit Seraph config - add custom authenticator by TechTime Replace reference to the authenticator class in JIRA_DIR/WEB-INF/classes/seraph-config.xml by replacing

<authenticator class="com.atlassian.jira.security.login.JiraSeraphAuthenticator"/>

with

<authenticator class="org.techtime.jira.authenticators.JespaAuthenticator"/>

4. Add Jespa filter to web.xml Edit JIRA_DIR/WEB-INF/web.xml Immediately after the declaration of "login" filter

<filter> <filter-name>login</filter-name> <filter-class>com.atlassian.jira.web.filters.JiraLoginFilter</filter-class> </filter>

add the following lines replacing the %variables% with the appropriate values (see Jespa's Operators Manual if in doubt) JESPALOG - the absolute path to the Jespa log file e.g. /jira/logs/jespa.log JESPALOGLEVEL - recommended log-level is 3 for tests, 2 or 1 for production JESPABINDSTR - usually the domain e.g. example.com JESPASERVICEACCOUNT - the account in the Active Directory to be used for authentication purposes JESPASERVICEPASSWORD - the password for the account above JESPAACCOUNTCANONICALFORM - see Jespa's Operators Manual, usually recommended value is 2 JESPANETBIOSNAME - any constant to identify this instance of Jespa e.g. JESPA_JR JIRA_CONTEXT - depending on how your Jira instance is installed e.g. / when Jira is available from the root of your webserver or /jira/ if from jira sub-context

Document generated by Confluence on 2012/02/21 00:27

Page 1

<filter> <filter-name>jespa</filter-name> <filter-class>org.techtime.jira.servlets.JespaFilter</filter-class> <init-param> <param-name>jespa.log.path</param-name> <param-value>%JESPALOG%</param-value> </init-param> <init-param> <param-name>jespa.log.level</param-name> <param-value>%JESPALOGLEVEL%</param-value> </init-param> <init-param> <param-name>jespa.bindstr</param-name> <param-value>%JESPABINDSTR%</param-value> </init-param> <init-param> <param-name>jespa.service.acctname</param-name> <param-value>%JESPASERVICEACCOUNT%</param-value> </init-param> <init-param> <param-name>jespa.service.password</param-name> <param-value>%JESPASERVICEPASSWORD%</param-value> </init-param> <init-param> <param-name>jespa.account.canonicalForm</param-name> <param-value>%JESPAACCOUNTCANONICALFORM%</param-value> </init-param> <init-param> <param-name>jespa.localhost.netbios.name</param-name> <param-value>%JESPANETBIOSNAME%</param-value> </init-param> <init-param> <param-name>fallback.location</param-name> <param-value>%JIRA_CONTEXT%login.jsp?anon=1</param-value> </init-param> <init-param> <param-name>excludes</param-name> <param-value>/login.jsp,/secure/Logout!default.jspa,/images/*,/styles/ global_printable.css,/styles/global.css,/rpc/*</param-value> </init-param> <init-param> <param-name>http.parameter.anonymous.name</param-name> <param-value>anon</param-value> </init-param> </filter>

5. Add Jespa filter url-mapping to web.xml in front of the login filter mapping Insert in front of the following text

<filter-mapping> <filter-name>login</filter-name> <url-pattern>/*</url-pattern> <dispatcher>REQUEST</dispatcher> <dispatcher>FORWARD</dispatcher> </filter-mapping>

the text below

Document generated by Confluence on 2012/02/21 00:27

Page 2

<filter-mapping> <filter-name>jespa</filter-name> <url-pattern>/*</url-pattern> <dispatcher>REQUEST</dispatcher> <dispatcher>FORWARD</dispatcher> </filter-mapping>

6. Edit file logout.jsp inside your Jira archive dir Change the logout link that specifies /secure/ to /login.jsp?anon=1 1. Your JIRA should be ready for authentication with NTLM You can test access from a workstation logged into domain. Start with Internet Explorer first, make sure the website is recognized as belonging to the Intranet Zone, add it manually if required. Other browsers (Firefox) need to be configured to allow NTLM authentication. See: http://support.mozilla.com/en-US/kb/Firefox+asks+for+user+name+and+password+on +internal+sites As per Apple's documentation Safari supports NTLMv2 http://images.apple.com/macosx/security/ docs/MacOSX_Security_TB.pdf. Please note, Google Chrome doesn't support NTLM at the moment. See: http://www.google.com/ support/chrome/bin/static.py?page=known_issues.cs If you encounter problems please review Jespa logs and send them to us to eliminate the possibility that the issue is a related to the plugin wrapper. Most likely you will have to mail the logs to IOPlex support. Because at level 3 of logging the logs are getting huge pretty soon, it is recommended to switch to level 2 or 1 once in production

Document generated by Confluence on 2012/02/21 00:27

Page 3