SSO not working

I followed the directions at https://confluence.atlassian.com/display/CROWD/Integrating+Crowd+with+Atlassian+Confluence to set up SSO. The Crowd directory is visible and works within Confluence just fine, and I have disabled Confluence's built-in directory: Logging into Confluence using Crowd accounts works great. No problems there! However, when I get to step 2.2 and switch to the CrowdAuthenticator in seraph-config.xml and modify crowd.properties in /confluence/WEB-INF/classes/crowd.properties to the following, I am unable to log into my Confluence application:

#Fri Nov 16 15:01:18 CST 2012

session.lastvalidation=session.lastvalidation

# changed to application password as defined in Crowd

application.password=PASSWORD_4_APPLICATION

session.isauthenticated=session.isauthenticated

# application name as defined in Crowd

application.name=cvconfluence

crowd.server.url=https ://host_name.ahc.umn.edu :8443/crowd/services/

# added per directions

crowd.base.url=https ://localhost:8443/crowd/

session.validationinterval=0

session.tokenkey=session.tokenkey

application.login.url=https ://host_name.ahc.umn.edu :8443/crowd

I am getting an error of 2012-11-30 12:39:28,841 WARN http-8443-7 atlassian.seraph.auth.DefaultAuthenticator login login : 'gms' tried to login but they do not have USE permission or weren't found. Deleting remember me cookie.

2012-11-30 12:39:40,509 WARN http-8443-7 atlassian.seraph.auth.DefaultAuthenticator login login : 'gms' tried to login but they do not have USE permission or weren't found. Deleting remember me cookie.

2012-11-30 12:40:03,173 WARN http-8443-7 atlassian.seraph.auth.DefaultAuthenticator login login : 'confuser' tried to login but they do not have USE permission or weren't found. Deleting remember me cookie.

Please let me know why this does not work. The directions are pretty clear.

Thanks!

5 answers

1 accepted

Thje problem for me ended up being use of inconsistent URL in my crowd.properties file. That fixed it just fine.

I had exactly the same error. And double (and triple) checking the URL's on crowd.properties solved it! Thanks!

what was the problem with the URL? I am facing the same issue. Also what did you use for you URL? Which URL did you have to change?

Thanks

If you look at the config above, the reference to the Crowd base was to localhost, while the Crowd server was to the actual canonical form of the URL.

Greg--

And wich one did you choose? Please give an example of what actually worked for you.

Hello Greg,

Are you sure that your user is part of a group that has USE permissions inside Confluence?

If you take a look at the document we recommend that the user be placed inside the confluence-users or confluence-administrators group within Crowd. This ensures that they are inside default groups in Confluence.

Also within Confluence we want to make sure that the Crowd User Directory is placed first in the List of directories. If there is a gms user in the Confluence internal, or any other direcotry that is not part of the a permitted groups in Confluence you could be seeing this error.

Those would be the first places I would look. We can dig a bit deeper if necessary.

Hi Daniel,

Just checked my Crowd users, and user gms is definitely in groups that have USE permissions, in particular, I added it to both confluence-users and confluence-admin groups.

However, in Confluence, the Crowd user directory is not first in the list. That being said, gms is not a member of the Confluence directory, just Crowd (see below for user output from the Confluence user console). In any case I can try switching the order of the directories, if you think that would make a difference.

<label class="label">User:</label> gms
<label class="label">Full Name:</label> Greg M Silverman
<label class="label">Email:</label>
<label class="label">Directory:</label> Crowd Server
<label class="label">Created:</label> Nov 28, 2012 13:15
<label class="label">Last Updated:</label> Nov 30, 2012 10:48
<label class="label">Login:</label> Last Login: Nov 30, 2012 17:16Last Failed Login: Nov 30, 2012 12:39Total Failed Login Count: 4Current Failed Login Count: 0
<label class="label">Groups:</label> confluence-administrators
confluence-users
crowd-administrators

Thanks!

Greg--

Greg,

Sorry now just getting back to this issue. The direcotry order would only matter if the user gms was in the directory listed above the crowd directory. As gms is not a member of the Confluence internal directory this should not matter.

The formatting on your post above is a little heard to read. Is this from your Crowd or Confluence interface? Are you able to take a screen shot of the page?

I'm seeing the same thing during an upgrade and it looks more like Confluence not being able to connect to Crowd than anything else. I'm at a loss as to why as i've re-used the various settings from the old install (3.4) which has no issues connecting.

There are also no errors or anything in the crowd log files...

just to update: i chose to simply dump my old crowd configuration files, use the one local confluence user i had and just used the UI to setup the connection to Crowd...

just to update: i chose to simply dump my old crowd configuration files, use the one local confluence user i had and just used the UI to setup the connection to Crowd...

I have the same problem when tried upgrading confluence from 2.8.1 to 5.1.2.

The problem by me was the confluence-administrators and confluence-users group haven't been migrated ( the problem started from version 3.5.x)

I followed the workaround described in https://confluence.atlassian.com/display/DOC/Restoring+Passwords+To+Recover+Admin+User+Rights

  • Create "admin" user
  • Login as "admin" use UI to setup connection to Crowd as Dennis mentioned.
  • After all i deleted "admin" user.

Suggest an answer

Log in or Sign up to answer
Atlassian Community Anniversary

Happy Anniversary, Atlassian Community!

This community is celebrating its one-year anniversary and Atlassian co-founder Mike Cannon-Brookes has all the feels.

Read more
Community showcase
Kesha Thillainayagam
Posted Friday in Confluence

We want to hear how your non-technical teams are using Confluence!

Hi Community! Kesha (kay-sha) from the Confluence marketing team here! Can you share stories with us on how your non-technical (think Marketing, Sales, HR, legal, etc.) teams are using Confluen...

262 views 11 10
Join discussion

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you