-
Suggestion
-
Resolution: Duplicate
-
None
-
None
-
None
Scenario:
Crowd - confluence/jira SSO implemented
Crowd backed by delegated auth directory to ldap
Confluence backed by crowd user directory - sync interval default to 60m
New user in ldap.
Login to confluence.
Confluence passes auth request to crowd. Crowd passes auth request to ldap. Ldap confirms authentication request. Crowd creates the user, adds default groups (confluence-users).
User login to confluence fails.
Wait 1 hr (default sync time)
Login to confluence.
Login success.
The issue here is there is no way to connect Confluence back to crowd using the delegated auth connector mechanism. While Confluence and Crowd can both delegate authentication back to an LDAP system, there is no way for Confluence to delegate to Crowd to delegate to LDAP.
Directly delegating from Confluence to LDAP is not an option as Crowd is being used for SSO.
Please include a way for Confluence to delegate/connect back to Crowd without having to fail authentication for new user first time login, which will create the user in crowd, then wait for Confluence to sync.
- duplicates
-
CWD-2650 Crowd doesn't create new users automatically in other directories when he first login, but after sometime
-
- Closed
-
Delegated authentication for remote crowd directories would solve this scenario (at the cost of introducing additional complexity), but as this is a special case of
CWD-2650, it would preferable to address it as part of that.