I have a deployment containing Crowd, JIRA and Confluence.
JIRA and Confluence are set up to talk to Crowd, have public sign-ups enabled, and use SSO.
Crowd has 2 Internal Directories defied... one called Public and one called Internal
In Crowd, the JIRA and Confluence apps are set to authenticate against both the Public and Internal directories, with the appropriate groups jira-users, confluence-users, etc. defined in both directories. Public is set up as the first in the ordering list and allows for Add users permission to the apps. Internal disallows the Add users permission.
Both directories are also allowing nested groups.
In the Internal directory I have the following groups:internal-users, internal-admins
In the Public directory I have public-users
These groups have been added to belong to their respective jira-users confluence-users , etc, in a nested fashion.
For example, a user foo in directory Public that belongs to the group public-users is automatically part (through nesting) of the following groups: jira-users, confluence-users.
Finally, the Options tab for the directory Public specifies that new users should be automatically added to the public-users group (such that they automatically obtain access to jira and confluence).
Both JIRA and Confluence have been set up to access the Crowd directory, enable read/write access and group nesting, and incremental synchronisation.
Once a new user signs up via the JIRA public sign-up link, the user is properly added to the public-users group (and seems to also be added automatically to jira-users, i assume by JIRA itself, which is redundant, but ok). The new user is able to access JIRA just fine, but has trouble accessing Confluence. The user's password is recognized, but a message indicating that the user doesn't have permissions to view the space is displayed. (I have manually triggered a synchronization action to happen before attempting to log in as the new user). At this point, if I log in as administrator to Confluence and go into the page showing the list of users, and look at the details of the new user, in the groups section I only see jira-users, but not the default public-users and confluence-users that I would've expected to see.
With everything set up as described above, the only change to make is to instruct Confluence NOT to do incremental synchronization in the User Directories section for the Crowd directory I've set up. That means that every synchronization attempt will perform FULL synchronization. With FULL synchronization everything works as expected. If I look at the users' details I can see all the groups that are supposed to be there: confluence-users jira-users and public-users.
Hopefully a fix can be implemented so that incremental synchronization works properly.
JIRA does not seem to have this problem, even though incremental synchronization is enabled.
I know it has been some time since you stated this issue. Judging by your comment, it seems to be some problem in the application indeed.
If you are still having this problem, I suggest to open a support request in our support tracker as such we can investigate the root cause for the incremental synchronization not working as expected.
I hope this helps you.
Do you use templates with Confluence? Take part in a remote 1-hr workshop. You'll receive USD $100 for your time! We're looking for people to participate in a remote 1-hr workshop...
Connect with like-minded Atlassian users at free events near you!Find a group
Connect with like-minded Atlassian users at free events near you!
Unfortunately there are no AUG chapters near you at the moment.Start an AUG
You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs