Internet Information Services (IIS)

Owned by Jon Espen Ingvaldsen (Unlicensed)
Last updated: Mar 05, 2021 by Steinar Line
2 min read

Please refer to Atlassian documentation on configuring IIS as a reverse proxy.

https://confluence.atlassian.com/kb/proxying-atlassian-server-applications-with-microsoft-internet-information-services-iis-833931378.html

Also, you should navigate to the IP restrictions page in the Kerberos menu and set the correct way of seeing the correct IP:

Getting Kerberos to work on IIS

You should at least disable Windows Authentication for your site to allow Kerberos to work.

SAML: Redirection to identity provider fails with 404

If IIS is being used as a reverse proxy and you're getting 404 when trying to log in with SAML, IIS could be rewriting the identity provider redirect URL to point back to the Atlassian application. An example using ADFS, the browser is redirected to 

https://jira.example.com/adfs/ls/?SAMLRequest=rVLBcpswFPwV... 

instead of 

https://adfs.example.com/adfs/ls/?SAMLRequest=rVLBcpswFPwV...

If this is happening, check any Rewrite rules for IIS and ARR. Then ensure "Reverse rewrite host in response headers" is disabled: Select the IIS server, open the Application Request Routing Cache pane, then select Proxy Settings from the right menu.