On a test server, I've installed Confluence 4.1.7 and we have a test Crowd instance of 2.4.1. I imported or production data from backup (same versions) into the applications on the test servers. I also have a test JIRA, Bamboo, and Fisheye installation that all can authenticate with the test Crowd instance. After the import I had to go into the database and modify the user password for the admin account and was able to login with that. I setup the Crowd internal Directory and synchronized this directory. I shut down Confluence, changed the crowd.properties file (to use the test crowd) and the seraph-configh.xml file to use the CrowdSSO authenticator. When I started up again I was no longer able to login with any of the accounts. The same accounts are working for my other tools (JIRA, Fisheye, Bamboo, and even Crowd), but not for Confluence. I checked to make sure I had the correct versions of the crowd-integration-xxx.jar files in my Confluence lib directory, but I still can't get it to authenticate against crowd. When attempting to login I get the following message in my Confluence atlassian-confluence.log: [http-8443-3] [atlassian.seraph.auth.DefaultAuthenticator] login login : 'confadmin' tried to login but they do not have USE permission or weren't found. Deleting remember me cookie. When I looked up this error for other people it wasn't the same setup so it didn't relate.
It seems that the problem was related to one of the administrators removing the application link to this instance of Confluence from our production system of Crowd (because we have a test Crowd instance it should have been using but wasn't). After reviewing the crowd.properties file it was resolved by updating the Crowd server entries to use the test Crowd instance and restarted.
After some research on it, I could find an answer regarding the same issue on the logs. I'm not sure if it would help you, but, this behavior is due to our use of the SSO authenticator. The following article is a clue, but don't explain exactly why this was caused:
It is possible to define multiple user directories in JIRA. However, if you enable SSO integration, you will only be able to authenticate as users from the Crowd server defined in the crowd.properties file.
Don't forget that you will only be able to authenticate as users from the Crowd application defined in crowd.properties.
When enabling SSO, you may only use a single directory as your Confluence authentication source.
Hope it helps you!
Thanks for the reply. Unfortunately, it didn't resolve the issue. I've reviewed that documentation and performed the necessary actions, but it's just not getting to Crowd at all. I've installed and upgraded Confluence on both our production and test systems before and run into problems in the past where the Crowd integration has caused more problems than solved. I've setup the seraph-config.xml correctly, updated the crowd.properties file to reflect the settings in Crowd, moved over the necessary .jar files, enabled https, and setup the Crowd User Directory in Confluence. It would be one thing if the log files actually stated an issue in either of the applications (Crowd, Confluence), but there's nothing more than the USE permission update that I mentioned before. It appears as if Confluence isn't even talking to Crowd at all, which doesn't make sense considering it used to and our current production sytem is setup almost identically (with the exception that the IP addresses are different).
Two vulnerabilities have been published for Confluence Server and Data Center recently: March 20, 2019 CVE-2019-3395 / CVE-2019-3396 April 17, 2019 CVE-2019-3398 The goal of this article is...
Connect with like-minded Atlassian users at free events near you!Find a group
Connect with like-minded Atlassian users at free events near you!
Unfortunately there are no AUG chapters near you at the moment.Start an AUG
You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs