Page tree

Upgrading to Jira 8? - Important notice: https://docs.kantega.no/pages/viewpage.action?pageId=57278555





Skip to end of metadata
Go to start of metadata

Requirements

Internet Explorer requires the user to be logged into the computer with a domain account. IE will only send Kerberos tickets to sites which are in the Local Intranet Security Zone.

Edge and Google Chrome will also allow Kerberos to sites in the Local Intranet Zone.

Manual configuration and inspection

For testing purposes, you might be able to configure Zone settings locally in Internet Explorer. 

Go to Tools / Internet Options / Security / Local Intranet / Sites / Advanced

However, in most organizations, the zone assignment is done centrally through the use of Group Policy Objects. 

Ensure "Display company intranet sites in compatibility view" is disabled for IE. Jira/Confluence will not work properly in compatibility mode. See the following for further details.


Group Policy configuration

In this example we create a new policy to hold the settings. 

Create the new Group Policy and edit it after creation

Setting appropriate values

Right clicking and select Edit your Policy (see screenshot below):


In Group Policy Management Editor that comes up, navigate to:

Computer Configuration / Policies  / Administrative Templates / Windows Components  / Internet Explorer / Internet Control Panel / Security Page / Site to Zone Assignment List. 

And press "Show" button on the left to edit list.

Place the site host from the URL (e.g. issues.example.com) in zone 1, Intranet Zone.

The address can be specified with a wildcard (*.example.com), or with a FQDN (issues.example.com)

Chrome has been known to interpret wildcard and FQDN differently in some cases. If Kerberos does not work with Chrome, try adding FQDN of the server URL to zone 1

Verifying the settings in Group Policy Management

Choose the newly created policy and Settings to the right. Verify that the Site to Zone Assignment List is correct.

If the settings is applied to Computer Configuration, the policy must be placed on an OU with computers or placed so that the policy is inherited.

If the settings is applied to User Configuration, the policy must be placed on an OU with users or placed so that the policy is inherited.

 

 

Verifying the settings on the client 

Navigate to Internet Options - Security - Local Intranet - Sites - Advanced 

Verify that the settings from Group Policy are applied.


Verifying wheter the site has been added to Local Intranet Zone can also be checked by access ing https://issues.example.com and checking the Zone value.





  • No labels