Come for the products,
stay for the community

The Atlassian Community can help you and your team get more value out of Atlassian products and practices.

Atlassian Community about banner
4,328,481
Community Members
 
Community Events
168
Community Groups

Customer Access to Confluence Pages

Edited

We're in the process of troubleshooting our SSO Integration

In our current setup for Jira/Confluence/Service Desk, the setup is such that jira and confluence are linked with OAuth(impersonation), and each instance of Service Desk is linked to a Confluence space. Jira and confluence share the same directory, so users that are created in one instance are present in the other after they sync. In a given Service Desk instance, the settings are set to "All active users and customers can access the knowledge base without a Confluence license." and in Confluence we have the settings such that 'Unlicensesd Access' users have permission to view confluence. 

The issues that we're encountering is that a customer is able to search for a KB article, but once they click on the link an Unauthorized message is given (Unauthorized text below).

We do NOT want to set the access to anonymous as the content in the KB articles are sensitive. We have tried to add unlicensed users to a group to ensure access, but we found that the group permissions only work for licenses users. 

While investigating this issue, we generated two call stacks (below). The first call stack is the sequence of events when doing the keyword search and the second call stack comes from selecting one of the search result links. We are unable to determine why the latter is failing. 

The question is, why aren't users able to click the confluence article links? How can we remedy this issue?

Call stack when doing a key word search

2019-08-02 16:48:52,527 INFO [ajp-nio-8009-exec-10] [util.zipkin.impl.ConfluenceSpanCollector] lambda$onCollect$1 Zipkin span
2019-08-02 16:48:54,059 INFO [ajp-nio-8009-exec-11] [oauth.serviceprovider.internal.AuthenticatorImpl] getUserLoginResult Authenticated app 'jira:6d2ec46e-8192-4803-8b32-e363311fa788' as user 'barney@customerhost.com' successfully
2019-08-02 16:48:54,063 DEBUG [ajp-nio-8009-exec-11] [atlassian.seraph.filter.SecurityFilter] doFilter doFilter : Storing the originally requested URL (atlassian.core.seraph.original.url=/rest/knowledge-base/1.0/search?type=page&queryString=%28alpha%29+AND+%28spacekey%3ACR16975%29&xoauth_requestor_id=barney%40customerhost.com)
2019-08-02 16:48:54,064 DEBUG [ajp-nio-8009-exec-11] [atlassian.seraph.filter.SecurityFilter] doFilter doFilter : requiredRoles = []
2019-08-02 16:48:54,067 DEBUG [ajp-nio-8009-exec-11] [atlassian.seraph.filter.SecurityFilter] doFilter doFilter : Setting Auth Context to be 'barney@customerhost.com'
2019-08-02 16:48:54,077 DEBUG [ajp-nio-8009-exec-11] [confluence.user.crowd.CachedCrowdMembershipDao] isUserDirectMember checking direct membership for user [ barney@customerhost.com ] and group [ confluence-administrators ]
2019-08-02 16:48:54,080 DEBUG [ajp-nio-8009-exec-11] [confluence.user.crowd.CachedCrowdMembershipDao] isUserDirectMember checking direct membership for user [ barney@customerhost.com ] and group [ confluence-administrators ]
2019-08-02 16:48:54,082 DEBUG [ajp-nio-8009-exec-11] [confluence.user.crowd.CachedCrowdMembershipDao] isUserDirectMember checking direct membership for user [ barney@customerhost.com ] and group [ confluence-administrators ]
2019-08-02 16:48:54,084 DEBUG [ajp-nio-8009-exec-11] [confluence.user.crowd.CachedCrowdMembershipDao] isUserDirectMember checking direct membership for user [ barney@customerhost.com ] and group [ confluence-administrators ]
2019-08-02 16:48:54,086 DEBUG [ajp-nio-8009-exec-11] [confluence.user.crowd.CachedCrowdMembershipDao] isUserDirectMember checking direct membership for user [ barney@customerhost.com ] and group [ confluence-users ]
2019-08-02 16:48:54,088 DEBUG [ajp-nio-8009-exec-11] [confluence.user.crowd.CachedCrowdMembershipDao] isUserDirectMember checking direct membership for user [ barney@customerhost.com ] and group [ confluence-users ]
2019-08-02 16:48:54,090 DEBUG [ajp-nio-8009-exec-11] [confluence.user.crowd.CachedCrowdMembershipDao] isUserDirectMember checking direct membership for user [ barney@customerhost.com ] and group [ jira-administrators ]
2019-08-02 16:48:54,093 DEBUG [ajp-nio-8009-exec-11] [confluence.user.crowd.CachedCrowdMembershipDao] isUserDirectMember checking direct membership for user [ barney@customerhost.com ] and group [ jira-administrators ]
2019-08-02 16:48:54,096 DEBUG [ajp-nio-8009-exec-11] [confluence.user.crowd.CachedCrowdMembershipDao] isUserDirectMember checking direct membership for user [ barney@customerhost.com ] and group [ jira-users ]
2019-08-02 16:48:54,099 DEBUG [ajp-nio-8009-exec-11] [confluence.user.crowd.CachedCrowdMembershipDao] isUserDirectMember checking direct membership for user [ barney@customerhost.com ] and group [ jira-users ]
2019-08-02 16:48:54,102 DEBUG [ajp-nio-8009-exec-11] [confluence.user.crowd.CachedCrowdMembershipDao] isUserDirectMember checking direct membership for user [ barney@customerhost.com ] and group [ jira-developers ]
2019-08-02 16:48:54,104 DEBUG [ajp-nio-8009-exec-11] [confluence.user.crowd.CachedCrowdMembershipDao] isUserDirectMember checking direct membership for user [ barney@customerhost.com ] and group [ jira-developers ]
2019-08-02 16:48:54,110 DEBUG [ajp-nio-8009-exec-11] [confluence.user.crowd.CachedCrowdMembershipDao] isUserDirectMember checking direct membership for user [ barney@customerhost.com ] and group [ clients ]
2019-08-02 16:48:54,119 DEBUG [ajp-nio-8009-exec-11] [atlassian.confluence.user.DefaultUserAccessor] getAvatarPathOrAttachment Property [confluence.user.profile.picture]not found for user [barney@customerhost.com]
2019-08-02 16:48:54,130 DEBUG [ajp-nio-8009-exec-11] [confluence.user.crowd.CachedCrowdMembershipDao] isUserDirectMember checking direct membership for user [ barney@customerhost.com ] and group [ confluence-administrators ]
2019-08-02 16:48:54,134 DEBUG [ajp-nio-8009-exec-11] [confluence.user.crowd.CachedCrowdMembershipDao] isUserDirectMember checking direct membership for user [ barney@customerhost.com ] and group [ confluence-administrators ]
2019-08-02 16:48:54,137 DEBUG [ajp-nio-8009-exec-11] [confluence.user.crowd.CachedCrowdMembershipDao] parentStringSearch searching for all groups for user [ barney@customerhost.com ]
2019-08-02 16:48:54,141 DEBUG [ajp-nio-8009-exec-11] [confluence.user.crowd.CachedCrowdMembershipDao] parentStringSearch searching for all groups for user [ barney@customerhost.com ]
2019-08-02 16:48:54,145 INFO [ajp-nio-8009-exec-11] [org.hibernate.dialect.Dialect] <init> HHH000400: Using dialect: com.atlassian.confluence.impl.hibernate.dialect.MySQLDialect
2019-08-02 16:48:54,149 INFO [ajp-nio-8009-exec-11] [org.hibernate.dialect.Dialect] <init> HHH000400: Using dialect: com.atlassian.confluence.impl.hibernate.dialect.MySQLDialect
2019-08-02 16:48:54,153 DEBUG [ajp-nio-8009-exec-11] [confluence.user.crowd.CachedCrowdMembershipDao] parentStringSearch searching for all groups for user [ barney@customerhost.com ]
2019-08-02 16:48:54,156 DEBUG [ajp-nio-8009-exec-11] [confluence.user.crowd.CachedCrowdMembershipDao] parentStringSearch searching for all groups for user [ barney@customerhost.com ]
2019-08-02 16:48:54,174 DEBUG [ajp-nio-8009-exec-11] [search.v2.lucene.SearcherWithTokenAction] internalPerform Query time = 13ms, Query = (+(title:alpha^2.0 contentBody:alpha content-name-unstemmed:alpha) +spacekey:CR16975)
2019-08-02 16:48:54,205 DEBUG [ajp-nio-8009-exec-11] [confluence.user.crowd.CachedCrowdMembershipDao] isUserDirectMember checking direct membership for user [ barney@customerhost.com ] and group [ confluence-administrators ]
2019-08-02 16:48:54,208 DEBUG [ajp-nio-8009-exec-11] [confluence.user.crowd.CachedCrowdMembershipDao] isUserDirectMember checking direct membership for user [ barney@customerhost.com ] and group [ confluence-administrators ]
2019-08-02 16:48:54,216 INFO [ajp-nio-8009-exec-11] [event.events.security.LogoutEvent] <init> User barney@customerhost.com logged out by com.atlassian.confluence.user.listeners.UserSessionExpiryListener@2c250f5e

Call stack when clicking on the result of a key word search

2019-08-02 16:51:23,705 INFO [ajp-nio-8009-exec-5] [util.zipkin.impl.ConfluenceSpanCollector] lambda$onCollect$1 Zipkin span
2019-08-02 16:51:23,799 INFO [ajp-nio-8009-exec-1] [oauth.serviceprovider.internal.AuthenticatorImpl] getUserLoginResult Authenticated app 'jira:6d2ec46e-8192-4803-8b32-e363311fa788' as user 'barney@customerhost.com' successfully
2019-08-02 16:51:23,803 DEBUG [ajp-nio-8009-exec-1] [atlassian.seraph.filter.SecurityFilter] doFilter doFilter : Storing the originally requested URL (atlassian.core.seraph.original.url=/rest/api/content/41254914?xoauth_requestor_id=barney%40customerhost.com)
2019-08-02 16:51:23,804 DEBUG [ajp-nio-8009-exec-1] [atlassian.seraph.filter.SecurityFilter] doFilter doFilter : requiredRoles = []
2019-08-02 16:51:23,807 DEBUG [ajp-nio-8009-exec-1] [atlassian.seraph.filter.SecurityFilter] doFilter doFilter : Setting Auth Context to be 'barney@customerhost.com'
2019-08-02 16:51:23,817 DEBUG [ajp-nio-8009-exec-1] [confluence.user.crowd.CachedCrowdMembershipDao] isUserDirectMember checking direct membership for user [ barney@customerhost.com ] and group [ confluence-administrators ]
2019-08-02 16:51:23,821 DEBUG [ajp-nio-8009-exec-1] [confluence.user.crowd.CachedCrowdMembershipDao] isUserDirectMember checking direct membership for user [ barney@customerhost.com ] and group [ confluence-administrators ]
2019-08-02 16:51:23,824 DEBUG [ajp-nio-8009-exec-1] [confluence.user.crowd.CachedCrowdMembershipDao] isUserDirectMember checking direct membership for user [ barney@customerhost.com ] and group [ confluence-administrators ]
2019-08-02 16:51:23,826 DEBUG [ajp-nio-8009-exec-1] [confluence.user.crowd.CachedCrowdMembershipDao] isUserDirectMember checking direct membership for user [ barney@customerhost.com ] and group [ confluence-administrators ]
2019-08-02 16:51:23,828 DEBUG [ajp-nio-8009-exec-1] [confluence.user.crowd.CachedCrowdMembershipDao] isUserDirectMember checking direct membership for user [ barney@customerhost.com ] and group [ confluence-users ]
2019-08-02 16:51:23,831 DEBUG [ajp-nio-8009-exec-1] [confluence.user.crowd.CachedCrowdMembershipDao] isUserDirectMember checking direct membership for user [ barney@customerhost.com ] and group [ confluence-users ]
2019-08-02 16:51:23,833 DEBUG [ajp-nio-8009-exec-1] [confluence.user.crowd.CachedCrowdMembershipDao] isUserDirectMember checking direct membership for user [ barney@customerhost.com ] and group [ jira-administrators ]
2019-08-02 16:51:23,835 DEBUG [ajp-nio-8009-exec-1] [confluence.user.crowd.CachedCrowdMembershipDao] isUserDirectMember checking direct membership for user [ barney@customerhost.com ] and group [ jira-administrators ]
2019-08-02 16:51:23,837 DEBUG [ajp-nio-8009-exec-1] [confluence.user.crowd.CachedCrowdMembershipDao] isUserDirectMember checking direct membership for user [ barney@customerhost.com ] and group [ jira-users ]
2019-08-02 16:51:23,839 DEBUG [ajp-nio-8009-exec-1] [confluence.user.crowd.CachedCrowdMembershipDao] isUserDirectMember checking direct membership for user [ barney@customerhost.com ] and group [ jira-users ]
2019-08-02 16:51:23,841 DEBUG [ajp-nio-8009-exec-1] [confluence.user.crowd.CachedCrowdMembershipDao] isUserDirectMember checking direct membership for user [ barney@customerhost.com ] and group [ jira-developers ]
2019-08-02 16:51:23,843 DEBUG [ajp-nio-8009-exec-1] [confluence.user.crowd.CachedCrowdMembershipDao] isUserDirectMember checking direct membership for user [ barney@customerhost.com ] and group [ jira-developers ]
2019-08-02 16:51:23,845 DEBUG [ajp-nio-8009-exec-1] [confluence.user.crowd.CachedCrowdMembershipDao] isUserDirectMember checking direct membership for user [ barney@customerhost.com ] and group [ clients ]
2019-08-02 16:51:23,859 DEBUG [ajp-nio-8009-exec-1] [atlassian.confluence.user.DefaultUserAccessor] getAvatarPathOrAttachment Property [confluence.user.profile.picture]not found for user [abdullah]
2019-08-02 16:51:23,892 DEBUG [ajp-nio-8009-exec-1] [confluence.user.crowd.CachedCrowdMembershipDao] isUserDirectMember checking direct membership for user [ barney@customerhost.com ] and group [ confluence-administrators ]
2019-08-02 16:51:23,894 DEBUG [ajp-nio-8009-exec-1] [confluence.user.crowd.CachedCrowdMembershipDao] isUserDirectMember checking direct membership for user [ barney@customerhost.com ] and group [ confluence-administrators ]
2019-08-02 16:51:23,901 INFO [ajp-nio-8009-exec-1] [event.events.security.LogoutEvent] <init> User barney@customerhost.com logged out by com.atlassian.confluence.user.listeners.UserSessionExpiryListener@2c250f5e

 

Unauthorized message content

Unauthorized

This server could not verify that you are authorized to access the document requested. Either you supplied the wrong credentials (e.g., bad password), or your browser doesn't understand how to supply the credentials required.

0 comments

Comment

Log in or Sign up to comment