• 66
    • We collect Confluence feedback from various sources, and we evaluate what we've collected when planning our product roadmap. To understand how this piece of feedback will be reviewed, see our Implementation of New Features Policy.

      Problem Definition

      When using JIT provisioning in Confluence Data Center, you can't access Confluence Administration because the websudo form gives a wrong credentials error.

      Suggested Solution

      I am requesting an enhancement to allow websudo to work with SAML setup as well as to allow websudo to work with other marketplace SAML plugins.

      Workaround

      There are two possible workarounds to access Confluence Administration:

      • Disable the secure sessions, removing the websudo form. As a side-effect, you can go straight into administration functions without confirmation that you should. This poses a security risk.
      • Set a new password for the user that was created with JIT provisioning: JIT provisioning creates a user in Confluence Internal Directory and you can define a password for this user. As a side-effect, an administrator will have 2 passwords - the IdP password to log in Confluence and the Internal password to authenticate in secure-sessions.

            [CONFSERVER-60263] Ability to have the Websudo functionality working with SAML / SSO

            It is a shame that this problem has not been fixed for 4 years. You should actually be able to claim recourse for this.

            Ronny Elflein added a comment - It is a shame that this problem has not been fixed for 4 years. You should actually be able to claim recourse for this.

            This is not a feature - it is a bug and should be listed as such, just as it is a bug with Jira and should also be with Bitbucket.

            Rick Carini added a comment - This is not a feature - it is a bug and should be listed as such, just as it is a bug with Jira and should also be with Bitbucket.

            +1 Yes please.

            Benjamin Ryan added a comment - +1 Yes please.

            Seems like an obvious, high-priority need - you implement the websudo to increase security, then you make it implausible to use because the JIT/SAML doesn't really work for this use case.

            Blake Duffey added a comment - Seems like an obvious, high-priority need - you implement the websudo to increase security, then you make it implausible to use because the JIT/SAML doesn't really work for this use case.

            Erik Liu added a comment -

            This feature must have

            Erik Liu added a comment - This feature must have

            We had also to disable secure administration access, and we don't really feel having two passwords is a convenient thing. 

            This feature would be interesting for us as well

            Pierre Fortes added a comment - We had also to disable secure administration access, and we don't really feel having two passwords is a convenient thing.  This feature would be interesting for us as well

            I'd like to ask if anyone else has the same situation as us: I don't use any of these workarounds, because one day, out of desperation, I tried just redoing it and found out that it works the second time

            Here's the steps I follow:

            When we need to get admin access on our instance, we get a re-authenticate request, which opens a second window to log in, as normal.

            However, when we log in and the window says SAML login has been successful, we THEN get an error message saying that websudo has failed. The specific message is just "Sending Confirmation Failed".

            AFTER the error message shows up, I close the popup, so all that is on screen is the original window still spinning on the reauthenticate attempt. Then I refresh the window, using F5 or Ctrl-R, press the Re-Authenticate button, go through the process one more time, but this second time, and ONLY this second time, it now works. It is a very strange behaviour

             

            Does this happen to anyone else? 

            Abilio Carvalho added a comment - I'd like to ask if anyone else has the same situation as us: I don't use any of these workarounds, because one day, out of desperation, I tried just redoing it and found out that it works the second time .  Here's the steps I follow: When we need to get admin access on our instance, we get a re-authenticate request, which opens a second window to log in, as normal. However, when we log in and the window says SAML login has been successful, we THEN get an error message saying that websudo has failed. The specific message is just "Sending Confirmation Failed". AFTER the error message shows up, I close the popup, so all that is on screen is the original window still spinning on the reauthenticate attempt. Then I refresh the window, using F5 or Ctrl-R, press the Re-Authenticate button, go through the process one more time, but this second time, and ONLY this second time, it now works. It is a very strange behaviour   Does this happen to anyone else? 

            This is must have

            Dmitrijs Kozlovs added a comment - This is must have

              Unassigned Unassigned
              lfaganello@atlassian.com Leonardo Faganello (Inactive)
              Votes:
              98 Vote for this issue
              Watchers:
              64 Start watching this issue

                Created:
                Updated: