I'm running Confluence 3.5.13.
I've got SSO authentication against our Active Directory forest working using the NTLMv2 plugin from TechTime.
Users with an active account in Confluence are logged in automatically, and users with no account can browse spaces as anonymous. No problem here.
There is an issue, though, with users who have an account in the Confluence database which has been disabled. Whatever they try to access they get a page which says, "You are not permitted to perform this action".
My question is this: Is it possible to configure Confluence so that a person with a disabled account is able to browse as an anonymous user can?
Deleteing the user's account is not feasible due to references from content they have contributed in the past. They can log out, but as soon as they go to another page the SSO authenticates them again and they're denied access.
I think I need a way to give users with disabled accounts the "Use Confluence" global permission while maintaining their disabled status for other purposes.
Well, my first attempt at the answer would be... ask TechTime? Oh, wait, that's us :) Thanks for linking!
So, let's try this again...
1) It is possible to force IOPlex Jespa (the library that actually does NTLM authenticaton under the bonnet) to install an anonymous identitiy into the session on logout. This will prevent users from getting logged in again immediately after explicit logout, but it will also remove the possibility of logging back in again by just clicking on anything outside of logout page. If you do want to go this route, just add/change this in Jespa filter definition in web.xml:
This tells Jespa 3 things:
2) This specific use case is valid IMHO, disabled users should NOT be logged in into Jira/Confluence even if they pass NTLM authentication. I will add logic to handle this into our plugin. Watch this space!
This community is celebrating its one-year anniversary and Atlassian co-founder Mike Cannon-Brookes has all the feels.Read more
Hi Community! Kesha (kay-sha) from the Confluence marketing team here! Can you share stories with us on how your non-technical (think Marketing, Sales, HR, legal, etc.) teams are using Confluen...
Connect with like-minded Atlassian users at free events near you!Find a group
Connect with like-minded Atlassian users at free events near you!
Unfortunately there are no AUG chapters near you at the moment.Start an AUG
You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs