Cannot authenticate to Crowd as Administrator in Confluence

In my Test environment, using Confluence 4.2.6 and Crowd 2.5.1 (on a different server), I am able to login to the confluence application with my ID and AD password. But when I try to browse to Confluence Admin, I get the Administrator Access page and when I enter the same exact password, I get a System Error page, with:


at com.atlassian.crowd.embedded.core.CrowdServiceImpl.convertOperationFailedException(


caused by: com.atlassian.crowd.exception.ApplicationPermissionException: <html><head><title>Apache Tomcat/6.0.32 [...] HTTP Status 403 - Client with address &quot;; is forbidden from making requests to the application, {2}.</h1><HR size="1" noshade="noshade"><p><b>type</b> Status report</p><p><b>message</b> <u>Client with address &quot;; is forbidden from making requests to the application, {2}.</u></p><p><b>description</b> <u>Access to the specified resource (Client with address &quot;; is forbidden from making requests to the application, {2}.) has been forbidden. [...]

But that IP is listed under Remote Addresses in (Test) Crowd for this application as well as in the Crowd Administration Trusted Proxy Servers area. I have the same exact version of Confluence running under 2 instances in Production, pointing to the Production version of Crowd 2.5.1, and that all works fine, but to further complicate matters, if I point my Test Confluence at my Prod Crowd, in IE I cannot login at all (as the mortal user) -- just get bounced back to the Login page, whereas in Chrome, I can login as the mortal user, but I get the same failure as before when I try to become the Administrator :-).

I've compared setups and can't find much different. Ideas?


Tom Pfannkoch

2 answers

1 accepted

0 votes
Accepted answer

Hey Tom,

Is SSO turned on? Confluence doesn't work very well with websudo + SSO, so i would recommend disabling websudo by adding this to your Java startup parameter: -Dpassword.confirmation.disabled=true

This will prevent that additional prompt to enter your password again when attempting to browse into the Confluence Administration screen.

But if SSO is not turned on, then we will need to look to why is not allowed to login to the application. Why is that IP address added to the Trusted Proxies? Is the IP address of your proxy, or isit the IP address of Confluence?


Hi Foogie,

I was able to disable the secondary authentication by adding the Java startup parameter you recommended, and that let me get in to do the necessary admin work (disable add-ons, etc) so I can put up the next target version of Confluence. Mind you, this is a workaround and not exactly the answer to why things don't work in my test environment. It will be interesting to see how things work after I install 5.0.3 :-).



1 vote
I would make sure the crowd directory URL is configured correctly under user directories. If you took a back from Prod to Test, it is likely that it still points to Prod Crowd. If that is right, another thing to check will be the application details used. Make sure the remote address is added under the right application.

Suggest an answer

Log in or Sign up to answer
Community showcase
Posted Feb 06, 2019 in Confluence

Try out the new editing experience

Hi team, I’m Avinoam, a product manager on Confluence Cloud, and today I’m really excited to let the Community know that all customers can now try out the new editing experience and see some of the ...

1,030 views 51 8
Join discussion

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you