Instant User-Agent parsing

  1. In the EasySSO config screen go to the User-Agent Filtering Configuration tab (via NTLM/Kerberos and Advanced Configuration in EasySSO 4.0+)
  2. When you add a user-agent string into "Instant User-Agent parsing" and click parse, the result returned can be copy/pasted into either the include or exclude rules.

 

How to whitelist a certain type of client browser

Under User-Agent rules, specify each whitelist rule in the following format:

Device Type, OS Family, OS, Browser Type, Browser Family, Browser 

For example:  

Please note, an empty element in the rule will match anything i.e. a whitelist rule with an empty element is more "lax" than one with a specific value.

For example:  

Multiple rules can be specified, one on each line. Empty lines will be ignored.

Lines starting with "#" are considered to be comments - you can use these to record justification notes about whitelisting a browser.

Once a rule is added to whitelist, only those browsers that match the rule will be requested to attempt NTLM/Kerberos Single Sign-On.

Whitelist takes precedence over the blacklist.

If there are no rules entered here or in the blacklist - any browser will be requested to attempt NTLM/Kerberos Single Sign-On.

How to blacklist a certain type of client browser

Under User-Agent Excluded Rules, specify each blacklist rule in the same format:

Device Type, OS Family, OS, Browser Type, Browser Family, Browser 

For example:  

Please note, an empty element in the rule will match anything i.e. a blacklist rule with an empty element is more "broad" than one with a specific value.

For example:  

Multiple rules can be specified, one on each line. Empty lines will be ignored.

Lines starting with "#" are considered to be comments - you can use these to record justification notes about blacklisting a browser

Once a rule is added to blacklist, the browsers that match the rule will not requested to attempt NTLM/Kerberos Single Sign-On.

Whitelist takes precedence over the blacklist.

If there are no rules entered here or in the whitelist - any browser will be requested to attempt NTLM/Kerberos Single Sign-On.

A word about using User-Agent filtering with Application Links

When building links between Atlassian applications NTLMv2 or Kerberos is not supported and as such EasySSO on the "server" end needs to be instructed to ignore the "client" application.
If the "client" application has EasySSO as well, it needs to be configured in a similar way (i.e. to ignore the other one). This can be achieved either with IP Filtering or, more elegantly, with User-Agent Filtering.
For that just insert the exact syntax of the lines below into the User-Agent Excluded rules (i.e. blacklist):

 

 

 

EasySSO articles


Purchase from the Atlassian Marketplace

EasySSO for JIRA, Confluence, Bamboo, Bitbucket and Fisheye/Crucible

Purchase