User agent restrictions

Owned by Steinar Line
Last updated: Sept 18, 2024
1 min read

Kerberos authentication can be limited to specific users, specific IP address ranges and/or User-Agents. See explanation on what it means that Kerberos challenges are restricted here: Client IP restrictions .

You may also restrict Kerberos from happening for a given User-Agent. This is relevant if you have some clients calling your Atlassian product that does not understand the Kerberos challenge Kantega Single Sign-on provides.

There is an already built-in list of known User Agents that is not Kerberos compatible. The functionality below lets you add your User-Agent restrictions to this list.

image-20240904-130453.png

 

 

Some user agents will not work if you give them a Kerberos challenge. Therefore, Kantega SSO has a built-in list of clients that will not work with Kerberos. This list is currently:

  • AtlassianCompanion

  • AtlassianMobileApp

  • Axis/

  • Bamboo-

  • BB10

  • Bitbucket-

  • BlackBerry

  • Confluence-

  • Confluence/

  • FishEye-

  • GoEdit

  • HttpClient

  • Java/

  • JIRA-

  • JIRA/

  • Monitoring Agent

If you have a client that uses one of the above user agents that wants to use Kerberos, easiest is if you have this client use another user agent value in its request.

If you want to add additional clients that should avoid Kerberos challenges you may add these to the list on the “User Agent Restrictions” page.