You're on your way to the next level! Join the Kudos program to earn points and save your progress.
Level 1: Seed
25 / 150 points
1 badge earned
Challenges come and go, but your rewards stay with you. Do more to earn more!
What goes around comes around! Share the love by gifting kudos to your peers.
Keep earning points to reach the top of the leaderboard. It resets every quarter so you always have a chance!
Join now to unlock these features and more
We have configured Crowd so that we can login with the default authenticator.
Our next step was to prepare SSO. So I followed the instructions and switched the authenticator lines in seraph-config.xml and copied and edited the crowd.properties file as required.
After the confluence restart I cannot login any more. In the confluence log I see:
2018-04-20 12:46:01,066 WARN [http-nio-8090-exec-1] [atlassian.seraph.auth.DefaultAuthenticator] login login : 'mchjbaus' tried to login but they do not have USE permission or weren't found. Deleting remember me cookie.
-- referer: http://dolly2.abg.fsc.net:8090/login.action?os_destination=%2Fadmin%2Fusers%2Fdosearchusers.action&permissionViolation=true | url: /dologin.action | traceId: 3af9dd70be01ca8a
In the Crowd log I see a LOT of lines like:
2018-04-20 12:45:45,863 http-nio-8095-exec-15 INFO [plugin.rest.filter.BasicApplicationAuthenticationFilter] Application 'confluence' failed authentication
I have already reset the application's password so I am sure that the password in Crowd and the crowd.properties file is identical.
When I try to log in, I can see in the Crowd log that my userID is passed over to Crowd and is processed there via LDAP, but the result is always 'invalid user or password'.
The error you are seeing:
Application 'confluence' failed authentication
is caused by the application properties in Crowd not matching what is being sent to Crowd from Confluence, one way or another. It can be caused by the source IP, the URL, the application name or password not matching what Crowd is expecting.
When you added /confluence to the Confluence URL, was that in the crowd.properties or did you change the Base URL? Either way, if you add a context path it will need to be in the connector directive of the server.xml, as described in Configuring the Server Base URL. If you have a proxy in front of Crowd, please make sure the server.xml file discussed in that guide has the proxyName, proxyPort and scheme in the connector directive, as well.
Special characters in the application password need to be escaped in the crowd.properties file to log into a Crowd application: Special Characters in application password will break SSO authentication