Uploaded image for project: 'Crowd Data Center'
  1. Crowd Data Center
  2. CWD-3661

Crowd backed by delegated auth fails login to connected applications first time

    • Icon: Suggestion Suggestion
    • Resolution: Duplicate
    • None
    • None
    • None
    • Our product teams collect and evaluate feedback from a number of different sources. To learn more about how we use customer feedback in the planning process, check out our new feature policy.

      Scenario:
      Crowd - confluence/jira SSO implemented
      Crowd backed by delegated auth directory to ldap
      Confluence backed by crowd user directory - sync interval default to 60m

      New user in ldap.
      Login to confluence.

      Confluence passes auth request to crowd. Crowd passes auth request to ldap. Ldap confirms authentication request. Crowd creates the user, adds default groups (confluence-users).

      User login to confluence fails.
      Wait 1 hr (default sync time)
      Login to confluence.
      Login success.

      The issue here is there is no way to connect Confluence back to crowd using the delegated auth connector mechanism. While Confluence and Crowd can both delegate authentication back to an LDAP system, there is no way for Confluence to delegate to Crowd to delegate to LDAP.

      Directly delegating from Confluence to LDAP is not an option as Crowd is being used for SSO.

      Please include a way for Confluence to delegate/connect back to Crowd without having to fail authentication for new user first time login, which will create the user in crowd, then wait for Confluence to sync.

            [CWD-3661] Crowd backed by delegated auth fails login to connected applications first time

            Delegated authentication for remote crowd directories would solve this scenario (at the cost of introducing additional complexity), but as this is a special case of CWD-2650, it would preferable to address it as part of that.

            Caspar Krieger (Inactive) added a comment - Delegated authentication for remote crowd directories would solve this scenario (at the cost of introducing additional complexity), but as this is a special case of CWD-2650 , it would preferable to address it as part of that.

            This also happens for jira, not only confluence. Didn't try for the other atlassian tools, but I wouldn't be surprise the issue is the same for all of them.

            Javier Perez added a comment - This also happens for jira, not only confluence. Didn't try for the other atlassian tools, but I wouldn't be surprise the issue is the same for all of them.

              Unassigned Unassigned
              rgoodwin Ryan Goodwin (Inactive)
              Votes:
              1 Vote for this issue
              Watchers:
              3 Start watching this issue

                Created:
                Updated:
                Resolved: