Summary

Internal directory user's password needs to match the one in Crowd in the following conditions.

• SSO is enabled
• Jira Internal Directory is in a higher position than Crowd Directory in User Directories setting

Steps to Reproduce

1. Integrating Crowd with Atlassian Jira
2. Create a user who has same username in in each directory as follows
   • Jira Internal Directory:
     • username: testuser
     • password: password1
   • Crowd Directory:
     • username: testuser
     • password: password2
3. Move Jira Internal Directory in a higher position than Crowd Directory in Administration > User management > User Directories
4. Enable SSO with following instruction in the above page
5. Try to login Jira with the latter one (in Crowd Directory) credential
   • Please login Jira from Jira's login page and do not login from Crowd or the other SSO enabled applications

Expected Results

As the document said,

It is possible to define multiple user directories in Jira. However, if you enable SSO integration, you will only be able to authenticate as users from the Crowd server defined in the crowd.properties file.

the credential in Crowd Directory should be used for the authentication and the login should succeed.

Actual Results

The login failed. Even if we try to login with the credential in Jira Internal Directory, it failed as well. It means both of the passwords need to match each other.

Notes

The user seemed to be authenticated twice by both Jira Internal Directory and Crowd Directory in this situation.

There was also a suggestion which asked for disabling other directories than Crowd if SSO was enabled but it was already closed as "Won't Fix".

Workaround

We can still login Jira from other SSO enabled applications' login page.