Many companies use Confluence and as a result there is a lot of information in the wiki pages that you would certainly also like to find via the Microsoft 365 search. Connecting the Search Connector to the Confluence cloud offering is not as difficult as with an on-prem installation. How is it done I will explain here.
Preparation of the Confluence environment
Install Microsoft Graph Connector Agent
In order to include Confluence data center content in the Microsoft 365 Search Index, the Microsoft Graph Connector Agent must be installed on the server that is on-prem and registered in the tenant. Set up this server and the Graph Connector Agent first.
https://docs.microsoft.com/en-us/microsoftsearch/graph-connector-agentConfigure Confluence Application Link
With the OAuth1 method, the Connector logs in to Confluence as a REST service rather than as a user directly. This establishes a mutual trust relationship and secures it with certificates. Nevertheless, a service account is required in Confluence, since the service endpoint that is created is executed in the context of the service account. For this purpose, a corresponding service must be set up in the Confluence environment, which is linked to this service user. The security of this connection is better compared to Basic Authentication and should therefore be used for productive environments. If you have not yet created a service account in Confluence that exposes the data for the index, then this should be the first step.
Create RSA public/private key pair
Microsoft's instructions refer to Attlasian's documentation for creating the key pairs. To create the keys, they reference openssl in a Unix environment. For this purpose, an already existing Linux environment can be used, for example, or the WSL under Windows.
In terminal, run the following openssl commands. You can do this anywhere in your file system but note that this is where the files will be created.
# 1. Generate a 1024-bit private key: openssl genrsa -out jira_privatekey.pem 1024 # 2. Create an X509 certificate: openssl req -newkey rsa:1024 -x509 -key jira_privatekey.pem -out jira_publickey.cer -days 365 # 3. Extract the private key (PKCS8 format) to the jira_privatekey.pcks8 file: openssl pkcs8 -topk8 -nocrypt -in jira_privatekey.pem -out jira_privatekey.pcks8 # 4. Extract the public key from the certificate to the jira_publickey.pem file: openssl x509 -pubkey -noout -in jira_publickey.cer > jira_publickey.pem
Creating the application link in Confluence
In order to access Confluence with OAuth, an application link must be set up. To do this, go to Confluence with admin rights on the gear wheel in the upper right corner and select General Configuration in the menu. In the left menu, look for the Administration section and click on the Application Links entry.
To create a new entry, enter a url in the text field and click on the button Create new link. The url you enter has no meaning for our configuration. You can enter here for example https://www.office.com.
A window opens with the message: "No response was received from the URL you entered. It may not be valid. Please fix the URL below, if needed, and click Continue." Ignore the message and simply confirm your entry with the Continue button.
In the settings, define the name of your new application under Application Name. Under Application Type select Generic Application and make sure that you have confirmed and set the Create incoming link.
If you have selected everything, confirm the entries with the Continue button.
In the next step, enter the consumer key in the corresponding field and remember the name, because this will be required when setting up the connector.
Define the name of the Linked Application in the Consumer Name field. Copy the key from the file confluence_publickey.pem into the field Public Key and confirm everything with the button Continue.
In Confluence Data Center version 7.4.11 there is an error in the configuration when creating a Linked Application. Some settings cannot be configured directly when creating a Linked Application and have to be entered afterwards.
Open the Linked Application you have just created by clicking on the pen icon in the right row in the Actions column. A window with the configuration of the Linked Application will open. Select Incoming Authentication in the left menu, scroll to the end and click on the Delete button to delete the configuration.
Enter the values for the field Consumer Key, Consumer Name and Public Key again. Then activate the setting Allow 2-Legged OAuth. In the Execute as field, enter the Confluence Service account that has sufficient rights to read all necessary pages. Activate the setting Allow user impersonation through 2-Legged OAuth and confirm everything with the Save button.
Connector setup
Selection
Use the connector that Microsoft offers in the Admin center. This is located under Settings > Search & Intelligence > Data Sources. Select Add here and select the connector Confluence - Connect to Confluence.
Set up the connector until you reach the dialog where you select the deployment mode.
Deployment mode
You can choose between Cloud and Server or Data center. In this case, the Confluence Server is installed on-prem, so we need the Server or Data center option.
- Your Confluence instance URL
Use only the domain name of the server without directories. for example https://wiki.domain.tld - Graph connector agent
Select the name of the instance in the list, the server that should be used to access Confluence. - Authentication type
You can choose between Basic and OAuth1
For productive use OAuth1 should be used. - Consumer Key
Entry in the string you choose for Application / Consumer Key. - Private Key
The private key from the confluence_privatekey.pcks8 file is entered in the connector.The key in the confluence_privatekey.pcks8 file is block formatted and contains line breaks. The field in which the key is entered must not contain line breaks. Therefore it is necessary to reduce the string to one line in a text editor before.
- Verification Code
The Verification Code appears in a pop-up window after you have successfully logged in to Confluence with the Consumer and Private Key. Use the service account you created in Confluence to log in. Copy and paste the code from the window into the field and confirm with Finish Sign-In.
The remaining steps
Test the connection between the connector and the Confluence server. If everything works, you can complete the remaining steps of the connector setup. Have fun browsing the wiki pages.
