Cannot authenticate to Crowd as Administrator in Confluence

In my Test environment, using Confluence 4.2.6 and Crowd 2.5.1 (on a different server), I am able to login to the confluence application with my ID and AD password. But when I try to browse to Confluence Admin, I get the Administrator Access page and when I enter the same exact password, I get a System Error page, with:

Cause

com.atlassian.crowd.exception.runtime.OperationFailedException
at com.atlassian.crowd.embedded.core.CrowdServiceImpl.convertOperationFailedException(CrowdServiceImpl.java:869)

[...]

caused by: com.atlassian.crowd.exception.ApplicationPermissionException: <html><head><title>Apache Tomcat/6.0.32 [...] HTTP Status 403 - Client with address &quot;10.10.40.111&quot; is forbidden from making requests to the application, {2}.</h1><HR size="1" noshade="noshade"><p><b>type</b> Status report</p><p><b>message</b> <u>Client with address &quot;10.10.40.111&quot; is forbidden from making requests to the application, {2}.</u></p><p><b>description</b> <u>Access to the specified resource (Client with address &quot;10.10.40.111&quot; is forbidden from making requests to the application, {2}.) has been forbidden. [...]

But that IP is listed under Remote Addresses in (Test) Crowd for this application as well as in the Crowd Administration Trusted Proxy Servers area. I have the same exact version of Confluence running under 2 instances in Production, pointing to the Production version of Crowd 2.5.1, and that all works fine, but to further complicate matters, if I point my Test Confluence at my Prod Crowd, in IE I cannot login at all (as the mortal user) -- just get bounced back to the Login page, whereas in Chrome, I can login as the mortal user, but I get the same failure as before when I try to become the Administrator :-).

I've compared setups and can't find much different. Ideas?

Regards,

Tom Pfannkoch

2 answers

1 accepted

Hey Tom,

Is SSO turned on? Confluence doesn't work very well with websudo + SSO, so i would recommend disabling websudo by adding this to your Java startup parameter: -Dpassword.confirmation.disabled=true

This will prevent that additional prompt to enter your password again when attempting to browse into the Confluence Administration screen.

But if SSO is not turned on, then we will need to look to why 10.10.40.111 is not allowed to login to the application. Why is that IP address added to the Trusted Proxies? Is 10.10.40.111 the IP address of your proxy, or isit the IP address of Confluence?


Foogie

Hi Foogie,

I was able to disable the secondary authentication by adding the Java startup parameter you recommended, and that let me get in to do the necessary admin work (disable add-ons, etc) so I can put up the next target version of Confluence. Mind you, this is a workaround and not exactly the answer to why things don't work in my test environment. It will be interesting to see how things work after I install 5.0.3 :-).

Regards,

Tom

1 vote
I would make sure the crowd directory URL is configured correctly under user directories. If you took a back from Prod to Test, it is likely that it still points to Prod Crowd. If that is right, another thing to check will be the application details used. Make sure the remote address is added under the right application.

Suggest an answer

Log in or Sign up to answer
How to earn badges on the Atlassian Community

How to earn badges on the Atlassian Community

Badges are a great way to show off community activity, whether you’re a newbie or a Champion.

Learn more
Community showcase
Posted Tuesday in Confluence

We want to see the templates you've created in Confluence!

Hi Community, Jessica here from the Confluence Product Marketing team!  July’s community challenge is all about sharing pictures  — and as an extension of our first post on what ...

378 views 16 9
Join discussion

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you