Issue Summary

We are facing an issue when user have a bookmarked page (Confluence admin pages e.g https://<confluence-base-url>/admin ) and when they directly try to launch the bookmarked URL we see that there is a redirection between sign-on url and Confluence url. This redirection keeps going on in a loop. The only way to come out of it is by closing the browser.

Use Case: Admin users sometimes need to sign in with a non-admin user account for test purposes. Eventually, an admin page may be incorrectly accessed, incurring in a loop solved only when closing the browser.

Steps to Reproduce

• SAML enabled:
  • We used Okta and SSO 2.0 on Confluence
  • Confuence Internal Directory
• Bookmark an URL from the admin secure section, for instance the admin generic landing page at https://<confluence base URL>/admin
• Open a new incognito browser and sign in using a non-admin user
• Copy and Paste the URL bookmarked as above

Expected Results

• Permission denied error message, landing at the user dashboard page
  or
• Permission denied error message, landing at the login page with the URL cleaned

Actual Results

• There is a redirection between sign-on url and Confluence url. This redirection keeps going on in a loop.

Workaround

• Close the browser to interrupt the loop
• Edit the bookmark, removing the restricted page