Restricting access by subnet and username

Integrated Windows Authentication for Confluence Authenticator supports greylisting of networks where SSO is offered and greylisting of users for whom SSO is accepted.

The following files should be placed in TOMCAT_HOME/kerberos/. All these files must be readable by the Tomcat java process.

subnet-whitelist

You can define networks (CIDR blocks) where SSO is enabled. If this file is empty or not present SSO is whitelisted everywhere. Configuring the networks explicitly you wish SSO to be enabled in is a reasonable place to start using the Enterprise features.

Example:

192.168.0.0/24
192.168.6.0/24

subnet-blacklist

You can define networks (CIDR blocks) where SSO is disabled. If this file is empty or not present SSO is not blacklisted anywhere.

Example:

192.168.0.1/32

username-whitelist

With java regexps you can define users for whom SSO is accepted. If this file is empty or not present SSO is whitelisted for all users.

Example:

^.+$

username-blacklist

With java regexps you can define define users for whom SSO is not accepted. If this file is empty or not present SSO is not blacklisted for any users.

Example:

adminuser