Uploaded image for project: 'Confluence Data Center'
  1. Confluence Data Center
  2. CONFSERVER-83369

Companion App fails to connect to Confluence with HTTP 401

    XMLWordPrintable

Details

    Description

      Problem

      When a non-default authenticator is configured in Confluence, attempting to edit an attachment stored on a Confluence page fails with "Unexpected response status code 401" in the Companion App Logs.

      Environment

      • Confluence v7.19.7
        • A non-default authenticator is configured in <confluence-install>/confluence/WEB-INF/classes/seraph-config.xml
      • Companion App v1.4.4

      Steps to Reproduce

      One example when a non-default authenticator is used is Confluence/Crowd SSO integration.

      1. Configure Confluence to use Crowd SSO as described in Enable SSO integration with Crowd (Optional)
      2. Create a Confluence page and attach a .txt document
        • Preview the text document in Confluence
        • Attempt to Edit the text document on the Confluence page (which would typically open the text file through the Companion App)

      Expected Results

      Confluence communicates to the Companion App which would open the text document with the OS associated application (e.g. Notepad or TextEdit).

      Actual Results

      Nothing happens - the OS associated application does not open the document

      Checking the logs of the Companion app will show "Unexpected response status code 401":

      info:   adc:serverauth 2023-05-09T15:19:19.986Z Found trusted domain in database: www.myconfluence.com
error:  adc:ServerFacade 2023-05-09T15:19:20.865Z Could not get temp link information:
error:  adc:ServerFacade 2023-05-09T15:19:20.866Z UnexpectedStatusError: Unexpected response status code 401 from www.myconfluence.com
    at u.expect (/Applications/Atlassian Companion.app/Contents/Resources/app.asar/.webpack/main/index.js:2:26288)
    at processTicksAndRejections (internal/process/task_queues.js:93:5)
    at async h (/Applications/Atlassian Companion.app/Contents/Resources/app.asar/.webpack/main/index.js:2:20817)
    at async t._fn (/Applications/Atlassian Companion.app/Contents/Resources/app.asar/.webpack/main/index.js:8:1326947)
error:  adc:ServerFacade 2023-05-09T15:19:20.866Z UnexpectedStatusError: Unexpected response status code 401 from www.myconfluence.com
    at u.expect (/Applications/Atlassian Companion.app/Contents/Resources/app.asar/.webpack/main/index.js:2:26288)
    at processTicksAndRejections (internal/process/task_queues.js:93:5)
    at async h (/Applications/Atlassian Companion.app/Contents/Resources/app.asar/.webpack/main/index.js:2:20817)
    at async t._fn (/Applications/Atlassian Companion.app/Contents/Resources/app.asar/.webpack/main/index.js:8:1326947)
info:   adc:ErrorHandler -  2023-05-09T15:19:20.866Z Unable to JSON parse and extract response error responseText:  undefined
error:  adc:ProtocolHandler 2023-05-09T15:19:20.867Z Error parsing protocol link
error:  adc:ProtocolHandler 2023-05-09T15:19:20.867Z UnexpectedStatusError: Unexpected response status code 401 from www.myconfluence.com
    at u.expect (/Applications/Atlassian Companion.app/Contents/Resources/app.asar/.webpack/main/index.js:2:26288)
    at processTicksAndRejections (internal/process/task_queues.js:93:5)
    at async h (/Applications/Atlassian Companion.app/Contents/Resources/app.asar/.webpack/main/index.js:2:20817)
    at async t._fn (/Applications/Atlassian Companion.app/Contents/Resources/app.asar/.webpack/main/index.js:8:1326947)
error:  adc:ProtocolHandler 2023-05-09T15:19:20.867Z UnexpectedStatusError: Unexpected response status code 401 from www.myconfluence.com
    at u.expect (/Applications/Atlassian Companion.app/Contents/Resources/app.asar/.webpack/main/index.js:2:26288)
    at processTicksAndRejections (internal/process/task_queues.js:93:5)
    at async h (/Applications/Atlassian Companion.app/Contents/Resources/app.asar/.webpack/main/index.js:2:20817)
    at async t._fn (/Applications/Atlassian Companion.app/Contents/Resources/app.asar/.webpack/main/index.js:8:1326947)

      Checking the Confluence Tomcat access logs will show "HTTP/1.1 401" for the "/rest/token-auth/api/previews/templinksresource/companion/attachment" end point:

      [19/May/2023:10:21:20 +1000] - http-nio-21315-exec-10 0:0:0:0:0:0:0:1 GET /rest/token-auth/api/previews/templinksresource/companion/attachment?attachmentId=983043&jwt=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1N....i8fU66SKg-d2dpycQcXY7tVlclw_rA HTTP/1.1 401 30ms 148 - Mozilla/5.0 (Macintosh; Intel Mac OS X 12_6_5) AppleWebKit/537.36 (KHTML, like Gecko) AtlassianCompanion/1.4.4 Chrome/80.0.3987.163 Electron/8.5.5 Safari/537.36

      Workaround

      Workaround 1 (when using Crowd SSO) - Disable Crowd SSO

      1. Backup <confluence-install>/confluence/WEB-INF/classes/seraph-config.xml
      2. Edit <confluence-install>/confluence/WEB-INF/classes/seraph-config.xml
        • Revert back to the default Confluence authenticator
          Make sure this is enabled
              <!-- Default Confluence authenticator, which uses the configured user management for authentication. -->
    <authenticator class="com.atlassian.confluence.user.ConfluenceAuthenticator"/>
          Make sure this is commented out
              <!-- Authenticator with support for Crowd single-sign on (SSO). -->
    <!-- <authenticator class="com.atlassian.confluence.user.ConfluenceCrowdSSOAuthenticator"/> -->
      3. Restart Confluence (on each node)
      4. Confluence/Crowd SSO will no longer be active but editing attachments via Companion App will work again

      Workaround 2 (only when using Crowd DC) - Change to Crowd SSO 2.0

      Migrate Confluence/Crowd SSO to be using Crowd SSO2 (SAML based SSO) which is not affected by this issue.

      Workaround 3 (when using re:solution Deny Password Authenticator v3.2.0) - Disable Deny Password Authenticator

      1. Backup <confluence-install>/confluence/WEB-INF/classes/seraph-config.xml
      2. Edit <confluence-install>/confluence/WEB-INF/classes/seraph-config.xml
        • Revert back to the default Confluence authenticator
          Make sure this is enabled
              <!-- Default Confluence authenticator, which uses the configured user management for authentication. -->
    <authenticator class="com.atlassian.confluence.user.ConfluenceAuthenticator"/>
          Make sure this is commented out
              <!-- <authenticator class="de.resolution.samlsso.authenticator.ConfluenceDenyPasswordAuthenticator" /> -->
      3. Restart Confluence (on each node)

      Workaround 4 (when using MIDAN Authenticator) - Disable MIDAN Authenticator

      1. Backup <confluence-install>/confluence/WEB-INF/classes/seraph-config.xml
      2. Edit <confluence-install>/confluence/WEB-INF/classes/seraph-config.xml
        • Revert back to the default Confluence authenticator
          Make sure this is enabled
              <!-- Default Confluence authenticator, which uses the configured user management for authentication. -->
    <authenticator class="com.atlassian.confluence.user.ConfluenceAuthenticator"/>
          Make sure MIDAN authenticator is commented out
              <!-- <authenticator class="eu.midan.MIDANAuthenticator"/> -->
          Make sure Confluence Crowd SSO is commented out
              <!-- <authenticator class="com.atlassian.confluence.user.ConfluenceCrowdSSOAuthenticator"/> -->
      3. Restart Confluence (on each node)
      4. Confluence/Crowd SSO will no longer be active but editing attachments via Companion App will work again

      Attachments

        Issue Links

          mentioned in

          Page Loading...

          Wiki Page

          Wiki Page Loading...

          Activity

            People

              2ac182705928 Ragan Martinez
              63948a2d3746 Marco Salvi
              Votes:
              13 Vote for this issue
              Watchers:
              32 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: