[CONFSERVER-20958] Confluence features that require password confirmation (websudo, captcha) do not work with custom authentication

Type: Bug
Resolution: Fixed
Priority: Medium
Fix Version/s: 3.4
Affects Version/s: 3.3, 3.4
Component/s: None
Labels:

Bug Fix Policy:
View Atlassian Server bug fix policy

When user is required to confirm the password, Confluence always checks the entered password against the internally stored user/password. If an instance is configured to use custom authentication which is different from atlassian-user, the password validation will fail.

Resolution

This is fixed in Confluence 3.4 and later versions. We check if the Confluence instance is configured to use a non-default seraph authenticator and automatically disable the functionality that relies on password confirmation:

web sudo
captcha
password confirmation on email change

To overwrite this behavior use password.confirmation.disabled flag. If you set this flag to false than even if you have a custom authenticator, password confirmation will still work as configured and will try to validate the password against the user managment configured through atlassian-user.xml.

Note that web sudo and other password confirmation screens should probably be disabled if you use an SSO authenticator. Confluence is typically not able to verify a user's password, so we recommend using some other mechanisms for your administrative security.

is related to

CONFSERVER-21855 AD/Crowd authenticated administrators using Confluence-controlled password (not the AD one)

Closed

relates to

CONFSERVER-22421 websudo does not work with Confluence when it's integrated with Crowd SSO

Closed

was cloned as

CONFSERVER-22875 Support web sudo and other password confirmation features with custom authenticators

Closed

Form Name

Katherine Yabut made changes - 13/Nov/2018 4:45 AM

Workflow

Original: JAC Bug Workflow v3 [ 2898588 ]

New: CONFSERVER Bug Workflow v4 [ 2993184 ]

Owen made changes - 11/Oct/2018 9:05 AM

Workflow	Original: JAC Bug Workflow v2 [ 2791038 ]	New: JAC Bug Workflow v3 [ 2898588 ]
Status	Original: Resolved [ 5 ]	New: Closed [ 6 ]

Owen made changes - 29/Aug/2018 11:16 PM

Workflow

Original: JAC Bug Workflow [ 2721140 ]

New: JAC Bug Workflow v2 [ 2791038 ]

Owen made changes - 02/Jul/2018 6:57 AM

Workflow

Original: Confluence Workflow - Public Facing - Restricted v5 - TEMP [ 2400089 ]

New: JAC Bug Workflow [ 2721140 ]

Katherine Yabut made changes - 22/Jun/2017 6:53 AM

Workflow

Original: Confluence Workflow - Public Facing - Restricted v5 [ 2299299 ]

New: Confluence Workflow - Public Facing - Restricted v5 - TEMP [ 2400089 ]

Katherine Yabut made changes - 31/May/2017 5:40 AM

Workflow

Original: Confluence Workflow - Public Facing - Restricted v5.1 - TEMP [ 2233825 ]

New: Confluence Workflow - Public Facing - Restricted v5 [ 2299299 ]

Katherine Yabut made changes - 31/May/2017 5:00 AM

Workflow

Original: Confluence Workflow - Public Facing - Restricted v5 - TEMP [ 2195504 ]

New: Confluence Workflow - Public Facing - Restricted v5.1 - TEMP [ 2233825 ]

Katherine Yabut made changes - 31/May/2017 2:05 AM

Workflow

Original: Confluence Workflow - Public Facing - Restricted v5 [ 1921128 ]

New: Confluence Workflow - Public Facing - Restricted v5 - TEMP [ 2195504 ]

Katherine Yabut made changes - 03/Apr/2017 3:57 AM

Workflow

Original: Confluence Workflow - Public Facing - Restricted v3 [ 1724615 ]

New: Confluence Workflow - Public Facing - Restricted v5 [ 1921128 ]

Katherine Yabut made changes - 28/Feb/2017 6:33 AM

Workflow

Original: CONF Bug Subtask WF (TEMP) [ 1673118 ]

New: Confluence Workflow - Public Facing - Restricted v3 [ 1724615 ]

Assignee:: Unassigned

Reporter:: Anatoli

Affected customers:: 3 This affects my team

Watchers:: 8 Start watching this issue

Created:: 05/Oct/2010 12:52 AM

Updated:: 11/Oct/2018 9:05 AM

Resolved:: 19/Apr/2011 1:03 AM

Details

Description

Resolution

Attachments

Issue Links

Forms

Activity

People

Dates