What is the problem?

Users who are logged in to Service Desk are able to see KB search results through the Customer Portal, but are forced to log in to Confluence to see the full article.
This is counterintuitive to customers because they feel that if they can see the search results they are already authenticated.
Once customers sign in once with their credentials they are able to view articles.

Who experiences this problem?

This problem exists only in Server (Server/Server or Server/Cloud - if that is a thing).
One of the reporting customers is using JIRA User Directory for their shared user base which does not support SSO.
This is not a problem for Cloud/Cloud instances as they have a shared user base and SSO.
This is also not a problem if the customer is using Crowd and the JSD and Confluence instances have the same domain as this supports SSO.

Why does this happen?

Searching and viewing use different auth contexts.
Search uses impersonation to fetch and return the search results from a Confluence endpoint.
This requires impersonation to be setup through the Applinks which is what the customer has done.
Viewing an article renders an iframe in the page from the Confluence domain which is why it requires further authentication (to get a Confluence session ID).

How do we solve it?

Remove the redirection to Confluence by bringing the login prompt into Service Desk in the modal dialog which currently links to Confluence.