Uploaded image for project: 'Confluence Server and Data Center'
  1. Confluence Server and Data Center
  2. CONFSERVER-21692

Security configuration cannot be updated using custom authenticator or password.confirmation.disabled

    XMLWordPrintable

Details

    Description

      There are several ways to configure Confluence so that web-sudo (password-confirmation for admin options) is not available at all. See CONF-20958. In 3.4 (maybe 3.3 too) setting any of these options prevents saving the security configuration.

      When an admin tries to change the security configuration, they are always returned to the edit screen, and are given no feedback.

      There is a bug in the security config validation where it checks for valid values of the websudo options, even though none are submitted from the form and none are used.

      The worst part of this bug is that the validation is a field error, which would usually be displayed underneath the field with the error. Since the field is not displayed at all in this case, there is no feedback to the user about the validation problem at all.

      Attachments

        Activity

          People

            don.willis@atlassian.com Don Willis
            don.willis@atlassian.com Don Willis
            Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: