It's not the same without you

Join the community to find out what other Atlassian users are discussing, debating and creating.

Atlassian Community Hero Image Collage

Unable to login to internal directory user

I'm running Confluence with Crowd in an SSO configuration, and I cannot login to a user that I created in the Confluence internal directory.

The internal directory is listed first in the directory order, and I've confirmed that the user was created in the internal directory. When I try to login, the UI says the username/password is invalid, but the logs say:

WARN [atlassian.seraph.auth.DefaultAuthenticator] login login : 'internaluser' tried to login but they do not have USE permission or weren't found. Deleting remember me cookie.

I have verified that this user is a member of both the confluence-user (doesn't this enable USE?) and confluence-admin groups.

I'm running Confluence 4.2 and Crowd 2.4.

How do I fix this?

3 answers

1 accepted

8 votes
Answer accepted

You can't. When SSO is enabled you MUST log in via a Crowd user.

This changed back I think when they added embedded crowd to Confluence

But then it's not possible to edit any properties of the Crowd directory since it's in-use by your active login account.

I want to keep a local admin directory in the internal directory which I can then use to edit the Crowd directory settings.

Is the solution to switch out the SSO authenticator with the default one whenever I need to use the internal directory?

Yeah pretty much, you disable the SSO authenticator in seraph-config.xml and reboot, do the fixes, and revert, reboot. Very annoying.

I was trying to find the small clause in the documentation that says this but can't find it now. If I find it I'll post it here

it's been taking long time to fix this problem for me. I disabled SSO and finally I can login with a internal account !!

Saying this is ridiculous is an inderstatement. So if I need to make changes to my crowd directory I have to:

- disable sso

- restart jira

- make the changes

- enable sso

- restart jira?

Come on. Those are supposed to be integrated tools by the same vendor!

Here it is, on this page

It is possible to define multiple user directories in Confluence. However, if you enable SSO integration, you will only be able to authenticate as users from the Crowd server defined in the file.

Yeah, I wouldn't call it a feature

Thanks Collin. Not the answer I hoped for, but at least I can quit searching.

would this also affect my ability to add users to a newly created group in confluence? cuz i cant add users to groups now.

What worked for one of my users getting this log message was clearing the browser cache and killing all browser process instances, then starting a fresh browser process. The error no longer occurred.

Suggest an answer

Log in or Sign up to answer
This widget could not be displayed.
This widget could not be displayed.
Community showcase
Published Thursday in Confluence

Confluence CVEs and common questions

Two vulnerabilities have been published for Confluence Server and Data Center recently: March 20, 2019 CVE-2019-3395 / CVE-2019-3396 April 17, 2019 CVE-2019-3398 The goal of this article is...

350 views 0 12
Read article

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you