Search the SharePoint Connector 1.4 documentation:
Index
[Downloads (PDF, HTML & XML formats)]
[Other versions]
This page is part of the installation guide for the Confluence SharePoint Connector. It tells you how to configure access to SharePoint using basic authentication and SSL via an alternative access URL in SharePoint. These instructions apply to the connector for SharePoint 2010.
On this page:
In this configuration, client browsers authenticate against SharePoint using Integrated Windows Authentication (NTLM or Kerberos). Confluence however, authenticates against SharePoint on a separate port that is configured to use basic authentication over Secure Sockets Layer (SSL). This is accomplished using SharePoint's capability to extend a site collection over multiple web applications. Using alternative access mappings in SharePoint, all hyperlinks in the SharePoint content direct users back to the primary SharePoint site.
This configuration method offers a greater level of security than the method that accesses SharePoint using Integrated Windows Authentication (NTLM Only). The configuration procedure is, however, more complex. You should review the security measures of your internal network before deciding which method is most appropriate for your environment.
If you have not already seen our guide to planning your environment, you can refer to it for information that will help you select the best configuration for your environment.
Enabling SSL requires the installation of a certificate on the SharePoint server. Depending on the way in which you source the certificate, this could involve either an additional financial cost or a number of additional configuration steps.
Use IE7+ when Configuring SharePoint
We recommend that you use Internet Explorer 7 or later to perform the configuration steps described on this page. You may experience unusual behaviour if you use FireFox or other browsers on some SharePoint administrative pages.
Configure all SharePoint Top-Level Sites used by Confluence
You will need to perform these configuration steps for each SharePoint top-level site that is exposed to Confluence.
Screenshot: Extending the SharePoint site to another IIS web site
SSL will secure the password information
Because this endpoint will be using Secure Sockets Layer (SSL), the password will not be sent in clear text even though basic authentication is used.
Screenshot: Editing the IIS authentication settings
In this step you will remove the default public URL that SharePoint created during the previous step and replace it with an internal URL mapping.
In this step you will ensure that your IIS web site is configured for SSL and import an SSL certificate into the IIS web site.
SharePoint already accepting SSL?
If your SharePoint Server already accepts SSL traffic, then you already have a certificate installed on your SharePoint server. If this is the case, please skip ahead to step 4.3 below.
You need an X.509 certificate that you can import into IIS. IIS will use the certificate to encrypt the SSL channel and prove the server's identity to clients. In the table below are the two ways of obtaining a certificate.
免責事項
Atlassian does not endorse or represent any of the example certificate issuers listed below.
Atlassian cannot accept responsibility for the veracity of any digital certificate issued by a third party. You should ensure that any certificate you use is from a provider that you trust.
オプション |
Example Provider |
メリット |
Drawback |
---|---|---|---|
Obtain a certificate from a trusted certificate authority |
Most major certificate authorities are automatically trusted by most modern operating systems, so no configuration is required on the client to trust your certificate. |
The certificate authority may charge a fee for issuing the certificate and/or an annual renewal fee. |
|
Generate your own certificate |
Free |
Client computers may require configuration to trust your certificate's authenticity. |
Once you have generated or obtained a certificate, you will usually receive:
pfx
.Follow these instructions to import the certificate into IIS:
Test your configuration
Make sure that you test your SSL configuration by accessing the SharePoint site in a web browser, before proceeding any further.
As an additional layer of security, you should configure your SSL-secured web site to allow access from the Confluence server only.
Confluence must have a static IP address or DHCP lease reservation
You will only be able to perform this step if your Confluence server has a static IP address. If your Confluence server has a dynamic IP address, then speak to your network administrator about adding a static IP address or a DHCP lease reservation for the Confluence server.
Screenshot: IP restriction on IIS web site
Skip all of step 1 if you obtained a certificate from a trusted CA
If you purchased a certificate from a trusted certificate authority, then your certificate is already trusted by the Confluence server and you can skip this step. Go to step 2 below. If you generated your own certificate or obtained one from a less well-known certificate authority, please follow the steps below.
To configure Confluence to trust the certificate on your SharePoint server, you must add the certificate's public key to the Java runtime's Certificate Authority keystore as described below.
.cer
FileSkip step 1.1 if you already have a .cer file
The certificate's public key must be imported into the Java keystore as a certificate file in .cer
file format. If you already have a .cer
file you can skip this step and go to step 1.2 below. If you only have a .pfx
file and need to create the .cer file, read on!
A simple way to create the required file is to import and export the certificate in and out of the Windows certificate store. This works because the export operation allows you to choose the export format.
The first step is to import the certificate into Windows:
.pfx
certificate file. (You may need to set the 'Files of type' filter to 'Personal Information Exchange (.pfx, *.p12)*'.At this point, your certificate should appear in the 'Personal' folder of the 'Certificates' snap-in.
Screenshot: Personal certificates
Now you can export the certificate in the desired .cer
format:
.cer
File onto the Confluence ServerWe have provided a batch script (see below) for Windows environments. If you are running Confluence on UNIX, please perform the import manually. The batch script uses the Java runtime's keytool command to import the certificate into the required location on the Confluence server. The script will add the certificate to the root Java Secure Sockets Extensions keystore, which is located in your Java Runtime Enviroment's (JRE's) lib\security
directory with the name jssecacerts
. This is the required location in order for the certificate to be trusted by Confluence.
要件
This script assumes the following about your environment:
%JAVA_HOME%
environment variable has been set correctly..cer
file created in step 1.1 above to the C:
drive of your Confluence server.Copy and execute this batch script (Windows) to add the certificate to the keystore:
@echo off set keytool="%JAVA_HOME%\bin\keytool.exe" set keystore="%JAVA_HOME%\jre\lib\security\jssecacerts" set certificatefile=C:\sharepoint.cer %keytool% -import -alias sharepoint -keystore %keystore% -storepass changeit -file %certificatefile%
The final step is to configure your Confluence server to communicate via the new URL you have set up.