Shibboleth problem

Erkki_Aalto
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
November 4, 2014

We have so far used the Confluence Shibboleth authenticator for our Confluence wiki. Now we are testing the Nordunet Shibboleth authenticator for Crowd and Crowd for authentication.

 

For local users authentication via Crowd is working as it should, but not for Shibboleth users. Shibboleth authentication causes the user to be created to Crowd and syncronized to Confluence correctly. The user is correctly redirected to Confluence, but a Confluence session is not created. How does Crowd transmit the information about the session to Confluence? Where should I look for the problem?

2 answers

1 accepted

0 votes
Answer accepted
Erkki_Aalto
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
November 20, 2014

I had it finally working. There were a number of problems.

When using the Shibboleth autheticator the user is first sent to the SP, then to Crowd that sets the SSO cookie and finally to the application.  It is somewhat complicated and therefore easy to get wrong.

0 votes
Caspar Krieger
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
November 6, 2014

I'm not sure if this helps, but in the traditional way of connecting Confluence to Crowd, Crowd doesn't transmit information about the session to Confluence. Instead, when a user logs in to Confluence, then Confluence sends that username and password to Crowd, and Crowd gives it back a session cookie which Confluence sets in the user's browser. When that user makes subsequent requests to Confluence, then Confluence sends that session cookie back to Crowd, and if that session cookie is valid then Crowd will send back the associated user to Confluence.

I don't know the Shibboleth plugins affect this, but maybe this will help to clarify your understanding.

Suggest an answer

Log in or Sign up to answer
TAGS
AUG Leaders

Atlassian Community Events