CONF-23957 should be visible once again.

Me too: seems to be an "internal" permission

@Lukasz Pater - I'm unable to view: CONF-23957

Hi all.

We've identified two bugs that might be causing this behaviour:

• during authentication when the user is missing, we should create the user, and add him to all the groups that he or she belongs to in the remote directory. However if the user belonged to a group that didn't exist in the local cache yet, the group membership was not copied over, until the next synchronisation
• when using SSO through the Crowd SSO connector (JIRA/Confluence) a missing user wasn't copied at all

Going through the comments and support cases related to this issue, most seem to be related to the latter.

Both of these will be fixed in Crowd 2.10. However to actually see the problem fixed in products (notably JIRA/Confluence, which were suffering from the latter issue) they'll need to integrate the updated Crowd libraries. Please watch the related issues JRA-60747 and CONF-23957 for the exact versions that will include those.

Just to clearify things:
This cannot be corrected in Crowd directly. The problem is at the (crowd = sso) seraph authenticators of each application. So Atlassian has to fix at least the ones for JIRA and Confluence. As far as I remember Bitbucket Server doesn't have the problem. I don't remember for Bamboo.

What to to:
The seraph-authenticator has to store the user in local cache of the app (JIRA, Confluence, ...) after he succesfully authenticated against crowd. That's all and shouldn't be too hard to fix!

The problem is self corrected within an hour typically

Thats, right but in a service desk environment (with Crowd + LDAP) this is a bad behavior and needs to be fixed.

Example:
A customer (e.g. a new employee who needs something to start his work on the first day) is going to report an issue trough service desk and get's another issue because he is not in jira-service-desk-users. When this issue is solved (forced sync or self corrected), maybe by email because he can't login into JIRA and report his issue
But only if he knows who is the JIRA Administrator or who can help.

Regards,
Tim

My Crowd license renewal is coming up soon, and we are considering other options. Since this issue is a really ugly pain point and constantly causes problems for new users. Really it is something that should have been fixed a long long time ago. Such a basic piece of functionality being broken should be a major embarrassment for the Crowd application team.

What is the point of a user database system that causes more problems than it solves?

3 years 1 month and 18 days since this was opened. @Atlassian, any chance for a fix at some point?

@Ralf Martin, would you care to elaborate on your fix so we can try it here at Domino's? I've encountered this (and CONF-23957 which is related) while building our new DevOps infrastructure.

Thanks spocksbeard - our Crowd workflow is perhaps a little more open than it should be, but generally it hasn't been a problem. Anyway, I've reverted the issue to the correct state of Verified.

Hey Atlassian - what about your workflow - anonymous can start progress???

Btw - we fixed that here at Volkswagen at our laboratory. @Atlassian get in contact with us if you're interested in details...