User agent string parsing is useful if you want to:

  1. automatically authenticate users only within a set of browsers or devices, or exclude known non-working ones
  2. allow other applications that don't support NTLM/Kerberos authentication, to proceed without NTLM/Kerberos authentication. 

In the case of our first example you might want to limit Single Sign-On to pre-approved platforms/browsers, for example to ensure safety compliance e.g treat users with Windows Phone differently from those with iOS or Android devices.

In the case of the second example, proceeding without NTLM/Kerberos authentication, you might want to let search bots access your application without failing to perform SSO. See the example below.

Example: Google Search Appliance

You may observe the following User-Agent string in your access log or jespa.log:

You can copy/paste and use User-Agent Instant Parsing feature in User-Agent Filtering Configuration tab to convert this value into the EasySSO User-Agent rule format:

This can the be added as a blacklist rule as is or used as a basis to build a more relaxed/compact rule. Empty elements in a rule will match any value, so the sample rule shown below blacklists anything that is classified as browser type "ROBOT" and browser family "BOT", while ignoring device, os family, os version and browser version attributes.

The result is that NTLM/Kerberos authentication will not be demanded from GSA, and the bot will be able to proceed without SSO.

A word about using User-Agent filtering with Application Links

When building links between Atlassian applications NTLMv2 or Kerberos is not supported and as such EasySSO on the "server" end needs to be instructed to ignore the "client" application.
If the "client" application has EasySSO as well, it needs to be configured in a similar way (i.e. to ignore the other one). This can be achieved either with IP Filtering or, more elegantly, with User-Agent Filtering.
For that just insert the exact syntax of the lines below into the User-Agent Excluded rules (i.e. blacklist):



EasySSO articles

Purchase from the Atlassian Marketplace

EasySSO for JIRA, Confluence, Bamboo, Bitbucket and Fisheye/Crucible