If you have usernames containing (German) Umlauts in Confluence or Jira authenticated by Active Directory, the automatic Single Sign On with Kantega’s SSO plugin won’t work by default.
Manual login with username and password will work as expected.
Cause of Problem
The Java Kerberos Library does not allow non UTF-8 characters (= Windows coded Umlauts) by default. Windows uses non UTF-8 encoding for Umlauts in usernames. 😞
Solution
Non UTF-8 special characters must be enabled explicitly by adding the parameter “-Dsun.security.krb5.msinterop.kstring=true” to the (Tomcat) startup script.
Configuration Example
This applies to Atlassian’s server and data-center product family.
- Locate the startup script for your product.
It’s usualy below the base directory inin/setenv.sh. - Add a line like
before export
CATALINA_OPTS="-Dsun.security.krb5.msinterop.kstring=true ${CATALINA_OPTS}"CATALINA_OPTS. - And restart your Atlassian application.
Related external links
- Kantega vendor page in the Atlassian Marketplace
Currently the plugin is available for …- Confluence
- JIRA
- Bitbucket
- Bamboo
- Crucible
- Kantega Support FAQ for this plugins