Additional Configuration for Java 17

With Java 17 now bundled in Confluence 8.3.x, Jira 9.5+, Bitbucket 8.8+, additional configuration is required for EasySSO DNS-related code to work in NTLM and Kerberos authenticators.

We are investigating options with Atlassian and IOPLEX Jespa to have EasySSO work out of the box, but for now, the following workaround must be applied.

Three values need to be added to the JVM startup parameters. See Configuring System Properties for how to do it.

-Datlassian.org.osgi.framework.bootdelegation.extra=com.sun.security.auth.*
--add-exports=java.base/sun.net.dns=ALL-UNNAMED 
--add-exports=java.base/sun.security.jca=ALL-UNNAMED
--add-exports=java.base/sun.net=ALL-UNNAMED

For Windows Service, please separate these (the example below is for Confluence):

Add to Java Options:

-Datlassian.org.osgi.framework.bootdelegation.extra=com.sun.security.auth.*

Add to Java 9 Options:

--add-exports=java.base/sun.net.dns=ALL-UNNAMED 
--add-exports=java.base/sun.security.jca=ALL-UNNAMED
--add-exports=java.base/sun.net=ALL-UNNAMED

Additional Configuration for Java 17

About us

More info

New Zealand Home Ideas Centre Level 2, 10 Hutt Road, Petone, Wellington PO Box 38906 WMC Box Lobby Lower Hutt 5045	Australia Co-Hort Innovation Space, 16 Nexus Way, Southport, QLD PO Box 1403, Macquarie Centre, North Ryde, NSW 2113
0800 TECHTIME +64 4 570 0048	1800 BE LAZY +61 7 3074 9404
support@techtime.co.nz	info@techtime-initiative.com.au