According to Crowd's documentation on crowd.properties, here is the definition of Crowd Server URL and Base URL:

• Server URL: The URL to use when connecting with the integration libraries to communicate with the Crowd server.
• Base URL: The URL used by Crowd to create the full URL to be sent to users that reset their passwords.

However, this is not the case. Crowd uses Base URL when integrating with Confluence, JIRA or other applications that use crowd.properties file.

Steps to Reproduce

1. Set up Confluence SSO integration with Crowd (or other Atlassian application like JIRA)
2. Ensure that the SSO is working fine by logging into Confluence. Check if you are automatically logged into Crowd.
3. Stop Confluence
4. Open crowd.properties in <confluence-install>/confluence/WEB-INF/classes
5. Change crowd.base.url to an incorrect URL that is not accessible

Expected Results

User can still log into Confluence without any problems, since Crowd is using Server URL

Actual Results

User is not able to log into Confluence at all. Try to set an incorrect crowd.server.url and correct crowd.base.url. The result is that: user is able to log into Confluence

Environment Information

Tested on Crowd 2.6.2 and Confluence 5.1.3 (SSO)

Findings

I have done some more investigation by doing remote debugging. Here are the steps:

1. Set up Confluence SSO integration with Crowd (or other Atlassian application like JIRA)
2. Prepare the Crowd source code for remote debugging in Intellij or Eclipse with port 5008
3. Open ClientPropertiesImpl.java in atlassian-crowd/components/crowd-integration-client-common/src/main/java/com/atlassian/crowd/service/client/
4. Add a new breakpoint at line 126, which contains this code:

   String baseURL = loadPropertyString(properties, Constants.PROPERTIES_FILE_BASE_URL);

5. Enable remote debugging in Confluence by adding the following JAVA args in setenv.bat or setenv.sh

   -Xdebug -Xrunjdwp:transport=dt_socket,server=y,suspend=n,address=5008 

6. Restart Confluence
7. As soon as Confluence starts, run the Crowd debugging in IntelliJ/Eclipse. Confluence will load crowd.properties during the startup

Here's the code that we are interested in:

    private String loadBaseURL(Properties properties)
    {
        String baseURL = loadPropertyString(properties, Constants.PROPERTIES_FILE_BASE_URL);
        if (StringUtils.isBlank(baseURL))
        {
            baseURL = generateBaseURL(properties);
        }

        return StringUtils.removeEnd(baseURL, "/");
    }

As you can see from the above code (and also I can see this during remote debugging), that the Base URL is loaded first. It is only when the Base URL is empty that the Server URL is then used. This does not match with the documentation description as mentioned above.