Client JavaScript Rendering
The Confluence Page web part has SSO code to render client script to the browser. This is done in the Web part's CreateChildControls overload. The code checks to see if the Microsoft SSO service has been configured for the "Confluence" application. If it's been configured, it uses the built-in SSO provider to reserve a credential ticket. This ticket is a generated string token that can be used later to retrieve a user's credentials.

This code in Listing 1 renders the JavaScript in Listing 2 to the browser. Most if it is in the SsoClientScriptFormatted constant, with the exception of the SSO ticket.

The call to createXMLHttpRequest is called as the browser is rendering one of the Confluence Web parts. This call sets up the xmlHTTP object appropriate to the browser (Internet Explorer 6/7, Firefox, etc.). The next call to getCredentials makes a separate HTTP request to ConfluenceSettings.aspx to redeem the ticket/token that was originally sent to the browser. Once the call to ConfluenceSettings.aspx returns, another request is sent to Confluence with the specific user's credentials. This establishes a session (and authenticates the user) between Confluence and the user's browser session.

Confluence Page Request
For the Confluence Page Web part to render the Confluence page content, the Web part must request the data from Confluence using the SSO credentials. This is done in the OnPreRender overload of the Web part as shown in Listing 3.

This code checks to determine if SSO credentials have been stored for the current user. If they haven't been, the call to GetConfluecePage will throw an exception. This exception will be handled by the SingleSignonException handler that provides a link so the end user can provide SSO credentials.

SSO Settings and Authentication Ticket Verification Code
The ConfluenceSettings.aspx page has been set up to respond with a Confluence login URL if a particular query string is provided with an appropriate token. This is used by the JavaScript emitted in Listing 2.

In Listing 4 we show snippets of the OnLoad method for the page. This method pulls the credentials for the current user with a call to the GetCredentials method. A separate call is made to GetCredentialsUsingTicket. If both the username/password match from the credentials returned from both calls, then the credentials are returned to the browser through the JavaScript request.

The call to GetCredentialsUsingTicket is executed with elevated privileges as shown Listing 4. This had to be done because the call requires SSO administrative-level privileges. It also requires the SSO Administrative account to be a site collection administrator.

Summary
In Part 1 of this article we covered the primary points of content embedding. In Part 2 we covered integrated search and single sign-on. Unfortunately we weren't able to cover some other aspects of this project, such as how we deployed the SharePoint Connector for Confluence into two SharePoint features and provided a MSI for installation. Nor did we get into our agile process for working with the Atlassian team on the other side of the U.S., not to mention its development team in Australia - that resulted in a couple of late nights!

We would like to thank Lawrence Liu and Deb Bannon of Microsoft for introducing ThreeWill to Atlassian. We would also like to thank Jonathan Nolen of Atlassian for managing the requirements and giving guidance as well as Brendan Patterson who wrote the Confluence plug-in for SharePoint.

Resources

1. Confluence: www.atlassian.com/software/confluence/
2. SharePoint Connector for Confluence features: /www.atlassian.com/sharepoint/features.jsp
3. SharePoint Connector for Confluence homepage: http://confluence.atlassian.com/display/CONFEXT/SharePoint+Connector+for+Confluence
4. Protocol Handlers: http://msdn2.microsoft.com/en-us/library/ms917418.aspx
5. Crawling forms-based authentication web sites: http://support.microsoft.com/kb/934577
6. Access Control List: http://en.wikipedia.org/wiki/Access_control_list
7. Custom security trimmer: http://msdn2.microsoft.com/en-us/library/aa981236.aspx
8. Register a security trimmer programmatically: http://blogs.threewill.com/implementingsharepoint/Lists/Posts/Post.aspx?ID=22
9. Start the SSO service: http://technet2.microsoft.com/Office/en-us/library/ 34d6aeca-2a18-4416-8824-85d709d1b0da1033.mspx?mfr=true
10. Manage settings for SSO: http://technet2.microsoft.com/Office/en-us/library/ cd4f4a25-e393-4e1b-9c26-a0bed175d3a21033.mspx?pf=true
11. SharePoint 2007 Single Sign-on Setup Blog: http://www.sharepointblogs.com/llowevad/archive/ 2007/06/25/sharepoint-2007-single-sign-on-setup.aspx.

About Atlassian
Atlassian develops affordable lightweight software that helps enterprises collaborate better. Its products include Confluence, widely recognized as the most advanced enterprise wiki, and JIRA, one of the world's most popular issue trackers for IT project management. The company has more than 9,000 customers worldwide, including 30 of the world's top 50 corporations. See www.atlassian.com.