Uploaded image for project: 'Crowd Data Center'
  1. Crowd Data Center
  2. CWD-4963

When using a read only Crowd/JIRA Directory, users attempting to change their password get an unhelpful error message

XMLWordPrintable

    • 21

    • Our product teams collect and evaluate feedback from a number of different sources. To learn more about how we use customer feedback in the planning process, check out our new feature policy.

      NOTE: This suggestion is for Confluence Server. Using Confluence Cloud? See the corresponding suggestion.

      Steps to Reproduce
      1. Set up JIRA and Confluence
      2. Enable JIRA User Server, and allow Confluence to connect to it
        • When defining the directory, set the directory as read only
      3. As a user from the JIRA directory, attempt to reset your password

      Note: the above steps for reproduction are also applicable to Crowd.

      Expected Results

      Because the directory is read-only, the password cannot be reset. A message similar to the following would be helpful:

      Your account is managed by <application name>, and cannot be updated at Confluence. Please visit <application url> to make changes to your account. If you're having trouble, please consult your system administrators.

      This lets the user know their account cannot be changed at the current application, and where to go for managing it.

      • We know the directory is read-only
      • We also know which directory a user logs in through
      • We're also aware of where that directory is located (since we have this configuration as a part of the directory)
      Actual Results

      The update fails, and the following message appears:

      An internal error occured when trying to change your password.

      Users must contact the administrator, rather than being able to self-service.

      Workaround

      Setting the directory Read/Write allows users to reset their passwords in Crowd and JIRA from a downstream application such as Confluence. However, there are some cases where this may not be desirable - Confluence should fail gracefully, and guide the user to a location where they can change their password.

            [CWD-4963] When using a read only Crowd/JIRA Directory, users attempting to change their password get an unhelpful error message

            Edward Simmonds added a comment -

            I can't login with my password. I request to change password ("Forgot Password"). I get an email with a link to change the password. I change the password and get a message back that indicates the password change was successful. I try to log in and can't because it says the password was incorrect.

            Also, after clicking the "Report a bug" link, it is not clear how to create a report. 

            I'm dead in the water for using this software/system.

            Edward Simmonds added a comment - I can't login with my password. I request to change password ("Forgot Password"). I get an email with a link to change the password. I change the password and get a message back that indicates the password change was successful. I try to log in and can't because it says the password was incorrect. Also, after clicking the "Report a bug" link, it is not clear how to create a report.  I'm dead in the water for using this software/system.

            Michael Woffenden added a comment -

            We're still struggling with this here in 2021.  We have JSM and Confluence and sometimes users try to change their Confluence password, generating support tickets and frustration for all.

            Fact is, Confluence should have some code/smarts (as previously suggested by others) to direct users automatically to the source Crowd application (in our case JSM).  We think this is preferred over just displaying a message.

            Atlassian - can someone look at this and fix it?

            Michael Woffenden added a comment - We're still struggling with this here in 2021.  We have JSM and Confluence and sometimes users try to change their Confluence password, generating support tickets and frustration for all. Fact is, Confluence should have some code/smarts (as previously suggested by others) to direct users automatically to the source Crowd application (in our case JSM).  We think this is preferred over just displaying a message. Atlassian - can someone look at this and fix it?

            Manfred Lauterbach added a comment -

            +1

            Manfred Lauterbach added a comment - +1

            Deleted Account (Inactive) added a comment -

            This problem is literally the #1 nuisance for our JIRA/Bitbucket/Crowd/etc. support team. The number of issues opened for this issue is monumental. Why do ATLASSIAN tools not tell us the right place to go for resetting passwords when they are linked to Crowd SSO?

            Please, PLEASE fix this.

            Deleted Account (Inactive) added a comment - This problem is literally the #1 nuisance for our JIRA/Bitbucket/Crowd/etc. support team. The number of issues opened for this issue is monumental. Why do ATLASSIAN tools not tell us the right place to go for resetting passwords when they are linked to Crowd SSO? Please, PLEASE fix this.

            Ian Lee [LLNL] added a comment - - edited

            I successfully stumbled upon this myself in Confluence 5.9.3, and can confirm that it is an issue. See also: CWDSUP-13066

            As far as the work around, one other consideration is: if the Crowd directory is in Read-only mode (on purpose) then it might be preferable to direct the end-user to another site to change the password. E.g. some kind of central LDAP / AD authentication service. Currently the only way to get that sort of behavior would be to dig into the Confluence source templates and modify the "Forgot my password" link.

            Ian Lee [LLNL] added a comment - - edited I successfully stumbled upon this myself in Confluence 5.9.3, and can confirm that it is an issue. See also: CWDSUP-13066 As far as the work around, one other consideration is: if the Crowd directory is in Read-only mode (on purpose) then it might be preferable to direct the end-user to another site to change the password. E.g. some kind of central LDAP / AD authentication service. Currently the only way to get that sort of behavior would be to dig into the Confluence source templates and modify the "Forgot my password" link.

            lewyoung@deloitte.com.au added a comment - - edited

            Thanks @dnorton for raising this.

            This issue caused significant disruption to our business operations nationwide for most of a day, before Dave kindly responded to my support ticket with the workaround described on this issue. A helpful error message (and easily-discoverable documentation on this issue for sysadmins) would have enormously reduced the impact of this problem for our operations.

            lewyoung@deloitte.com.au added a comment - - edited Thanks @dnorton for raising this. This issue caused significant disruption to our business operations nationwide for most of a day, before Dave kindly responded to my support ticket with the workaround described on this issue. A helpful error message (and easily-discoverable documentation on this issue for sysadmins) would have enormously reduced the impact of this problem for our operations.

              Unassigned Unassigned
              dnorton@atlassian.com Dave Norton
              Votes:
              29 Vote for this issue
              Watchers:
              30 Start watching this issue

                Created:
                Updated: