Uploaded image for project: 'Confluence Server'
  1. Confluence Server
  2. CONFSERVER-23957

Confluence SSO authenticator class does not copy users on login



    • Type: Bug
    • Status: Closed
    • Priority: Medium
    • Resolution: Fixed
    • Affects Version/s: 3.5, 3.5.13, 4.1, 5.1.3
    • Fix Version/s: 5.10.5
    • Component/s: None
    • Labels:


      If you connect Confluence 3.5+ to Crowd using the connector, and Crowd is backing Confluence with a delegated LDAP directory, a user that is not in the directory will always fail their first login and will not be able to authenticate until the connector syncs.

      Tested in:
      Confluence 3.5.13
      Crowd 2.2.7
      Delegated LDAP Directory pointing to Apache DS
      Delegated LDAP Directory pointing to MSAD

      User jsmith exists in LDAP, but not yet in Crowd. User attempts to login to Confluence. The user it told that their username or password is incorrect. On the Crowd side, the user will be added to the directory successfully, but will continue to fail auth in Confluence until the directory sync with Crowd occurs.

      This only happens when using the com.atlassian.confluence.user.ConfluenceCrowdSSOAuthenticator class. If you are using the default Confluence authenticator class in your serap-config.xml, it works as expected. The user jsmith will attempt to login to Confluence and will be added to Crowd and Confluence.


          Issue Links



              • Votes:
                43 Vote for this issue
                31 Start watching this issue


                • Created:
                  Last commented:
                  2 years, 40 weeks, 6 days ago