Uploaded image for project: 'Confluence Server and Data Center'
  1. Confluence Server and Data Center
  2. CONFSERVER-22875

Support web sudo and other password confirmation features with custom authenticators

    XMLWordPrintable

Details

    • We collect Confluence feedback from various sources, and we evaluate what we've collected when planning our product roadmap. To understand how this piece of feedback will be reviewed, see our Implementation of New Features Policy.

    Description

      NOTE: This suggestion is for Confluence Server. Using Confluence Cloud? See the corresponding suggestion.

      By default, web sudo and other password confirmation features in Confluence 3.5 and later are disabled if a custom authenticator is detected. However, there is an override flag that was added as part of CONF-20958 that allows administrators to turn it on again.

      If it is turned on manually, in most cases it won't work properly. When user is required to confirm the password, Confluence always checks the entered password against the internally stored user/password. If an instance is configured to use custom authentication which is different from atlassian-user, the password validation will fail.

      Technical notes

      The reason behind this is that there is no public authenticate(String username, String password) method in Seraph's Authenticator interface that can be used to determine whether a user's password is valid, so Confluence just looks at its internal user management system.

      We could potentially use Authenticator.login(), but that has a number of side-effects in the Confluence code, including logging out the user if the web sudo authentication fails. That would not be desirable.

      Given the difficulty of changing Seraph's primary interface and updating all the implementations, this is unlikely to be an easy issue to resolve.

      Attachments

        Issue Links

          incorporates

          Bug - A problem which impairs or prevents the functions of the product. CONFSERVER-20365 Enable Web Sudo to work with other single-sign-on solutions

          • High - High priority issues
          • Closed
          is cloned from

          Bug - A problem which impairs or prevents the functions of the product. CONFSERVER-20958 Confluence features that require password confirmation (websudo, captcha) do not work with custom authentication

          • Medium - Medium priority issues
          • Closed
          is related to

          Bug - A problem which impairs or prevents the functions of the product. CONFSERVER-21855 AD/Crowd authenticated administrators using Confluence-controlled password (not the AD one)

          • High - High priority issues
          • Closed
          relates to

          Bug - A problem which impairs or prevents the functions of the product. CONFSERVER-22421 websudo does not work with Confluence when it's integrated with Crowd SSO

          • Low - Low priority issues
          • Closed

          Suggestion - CONFCLOUD-22875 Support web sudo and other password confirmation features with custom authenticators

          • Closed

          Activity

            People

              Unassigned Unassigned
              bmallow Brad Mallow [Atlassian]
              Votes:
              1 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: