I'm running Confluence with Crowd in an SSO configuration, and I cannot login to a user that I created in the Confluence internal directory.
The internal directory is listed first in the directory order, and I've confirmed that the user was created in the internal directory. When I try to login, the UI says the username/password is invalid, but the logs say:
WARN [atlassian.seraph.auth.DefaultAuthenticator] login login : 'internaluser' tried to login but they do not have USE permission or weren't found. Deleting remember me cookie.
I have verified that this user is a member of both the confluence-user (doesn't this enable USE?) and confluence-admin groups.
I'm running Confluence 4.2 and Crowd 2.4.
How do I fix this?
You can't. When SSO is enabled you MUST log in via a Crowd user.
This changed back I think when they added embedded crowd to Confluence
But then it's not possible to edit any properties of the Crowd directory since it's in-use by your active login account.
I want to keep a local admin directory in the internal directory which I can then use to edit the Crowd directory settings.
Is the solution to switch out the SSO authenticator with the default one whenever I need to use the internal directory?
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Yeah pretty much, you disable the SSO authenticator in seraph-config.xml and reboot, do the fixes, and revert, reboot. Very annoying.
I was trying to find the small clause in the documentation that says this but can't find it now. If I find it I'll post it here
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Saying this is ridiculous is an inderstatement. So if I need to make changes to my crowd directory I have to:
- disable sso
- restart jira
- make the changes
- enable sso
- restart jira?
Come on. Those are supposed to be integrated tools by the same vendor!
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You can just change the url to the crowd directorys edit page to still edit it.
right click the "synchronise" link
--> copy url
--> change "sync" to "edit"
--> profit
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Here it is, on this page
https://confluence.atlassian.com/display/CROWD/Integrating+Crowd+with+Atlassian+Confluence
|
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Yeah, I wouldn't call it a feature
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
would this also affect my ability to add users to a newly created group in confluence? cuz i cant add users to groups now.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
What worked for one of my users getting this log message was clearing the browser cache and killing all browser process instances, then starting a fresh browser process. The error no longer occurred.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.