Integrated Windows Authentication for Confluence Authenticator supports greylisting of networks where SSO is offered and greylisting of users for whom SSO is accepted.
The following files should be placed in TOMCAT_HOME/kerberos/. All these files must be readable by the Tomcat java process.
You can define networks (CIDR blocks) where SSO is enabled. If this file is empty or not present SSO is whitelisted everywhere. Configuring the networks explicitly you wish SSO to be enabled in is a reasonable place to start using the Enterprise features.
Example:
192.168.0.0/24 192.168.6.0/24 |
You can define networks (CIDR blocks) where SSO is disabled. If this file is empty or not present SSO is not blacklisted anywhere.
Example:
192.168.0.1/32 |
With java regexps you can define users for whom SSO is accepted. If this file is empty or not present SSO is whitelisted for all users.
Example:
^.+$ |
With java regexps you can define define users for whom SSO is not accepted. If this file is empty or not present SSO is not blacklisted for any users.
Example:
adminuser |