Confluence: admin session dropped almost immediately

Stefano Luperto January 9, 2012

I have installed Confluence standalone 4.1.2, awith a 64bit tomcat on a 64bit JVM, following instructions found on Atlassian documentation.

I have integrated Confluence with Crowd, 2.3.6.

I have configured also SSO. The two are on two different servers, but in the same domain:

server01.localdomain -> Crowd, Jira, Fisheye

server02.localdomain -> Confluence, Bamboo

Everything works fine, I can log in in one of the applications and then going to another one I'm logged. The same, if I logout I am logged out from every application. So SSO is working.

When in Confluence I try to do an action that requires to take administration rights, I insert my password and start compiling a form. But when I submit, I get again the password request form and when I send the form I get an error message telling that the required authentication token was not present and that I have to restart over. I am still logged in, what i loose in the "sudo" priviledges.

If I can complete the operation in a few seconds (under five seconds) everything is ok, but if I wait even more then 5 seconds I cannot complete the operation.

This is blocking, because I cannot even create a new space, the time required to fill the 3 fileds is too much and I loose the "sudo" session.

I have also tried to disable SSO and it does not fix the problem.

I don't have this problem with any other application, even Jira works fine, (in Jira there is the same "sudo" requirement to administer it).

I don't have any error in the logs, both in Crowd and in Confluence.

3 answers

2 votes
Joe Clark
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
January 10, 2012

This is a grey area for us, sorry to say.


If you use the built-in Confluence Crowd SSO Authenticator, then things should work OK: https://jira.atlassian.com/browse/CONF-22421

Unfortunately, if you're using a custom-built SSO Authenticator, then that is a scenario we have deliberately chosen not to support and you will need to disable Confluence's Secure Administrator Sessions feature (aka web sudo). (https://jira.atlassian.com/browse/CONF-20365)

Stefano Luperto January 10, 2012

I am using the default Confluence SSO authenticator:

<authenticator class="com.atlassian.confluence.user.ConfluenceCrowdSSOAuthenticator"/>

Even disabling it and re-enabling the non-SSO authenticator

<authenticator class="com.atlassian.confluence.user.ConfluenceAuthenticator"/>

I have the same problem.

I disabled the websudo and now it does not ask me for admin login every time I enter an administration page, but I have the same problem: If I try to edit something and I need more than 5 seconds, I get this message:

  • Your session has expired. You may need to re-submit the form or reload the page.
0 votes
David Stauffer February 3, 2014

I was having same issue and I found that I was getting session timeout error in google chrome. But it worked in Internet Explorer.

note: We are using SSO.

0 votes
Colin Goudie
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
January 10, 2012

If you use a browser extension like 'edit this cookie' in chrome, you can check the crowd token information when switching tabs between Crowd and the other application tabs to see if the token is different. If it is, it is going to keep knocking you out and means something in the configuration is a miss. Generally the SSO domain but it sounds like you have that working.

But for somewhere to start, check out the information in the cookies and post back

Suggest an answer

Log in or Sign up to answer
TAGS
AUG Leaders

Atlassian Community Events