Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Celebration

Earn badges and make progress

You're on your way to the next level! Join the Kudos program to earn points and save your progress.

Deleted user Avatar
Deleted user

Level 1: Seed

25 / 150 points

Next: Root

Avatar

1 badge earned

Collect

Participate in fun challenges

Challenges come and go, but your rewards stay with you. Do more to earn more!

Challenges
Coins

Gift kudos to your peers

What goes around comes around! Share the love by gifting kudos to your peers.

Recognition
Ribbon

Rise up in the ranks

Keep earning points to reach the top of the leaderboard. It resets every quarter so you always have a chance!

Leaderboard

Join now to unlock these features and more

Customer Access to Confluence Pages

Edited
Daniel Faltyn
Daniel Faltyn Aug 02, 2019

We're in the process of troubleshooting our SSO Integration

In our current setup for Jira/Confluence/Service Desk, the setup is such that jira and confluence are linked with OAuth(impersonation), and each instance of Service Desk is linked to a Confluence space. Jira and confluence share the same directory, so users that are created in one instance are present in the other after they sync. In a given Service Desk instance, the settings are set to "All active users and customers can access the knowledge base without a Confluence license." and in Confluence we have the settings such that 'Unlicensesd Access' users have permission to view confluence. 

The issues that we're encountering is that a customer is able to search for a KB article, but once they click on the link an Unauthorized message is given (Unauthorized text below).

We do NOT want to set the access to anonymous as the content in the KB articles are sensitive. We have tried to add unlicensed users to a group to ensure access, but we found that the group permissions only work for licenses users. 

While investigating this issue, we generated two call stacks (below). The first call stack is the sequence of events when doing the keyword search and the second call stack comes from selecting one of the search result links. We are unable to determine why the latter is failing. 

The question is, why aren't users able to click the confluence article links? How can we remedy this issue?

Call stack when doing a key word search

2019-08-02 16:48:52,527 INFO [ajp-nio-8009-exec-10] [util.zipkin.impl.ConfluenceSpanCollector] lambda$onCollect$1 Zipkin span
2019-08-02 16:48:54,059 INFO [ajp-nio-8009-exec-11] [oauth.serviceprovider.internal.AuthenticatorImpl] getUserLoginResult Authenticated app 'jira:6d2ec46e-8192-4803-8b32-e363311fa788' as user 'barney@customerhost.com' successfully
2019-08-02 16:48:54,063 DEBUG [ajp-nio-8009-exec-11] [atlassian.seraph.filter.SecurityFilter] doFilter doFilter : Storing the originally requested URL (atlassian.core.seraph.original.url=/rest/knowledge-base/1.0/search?type=page&queryString=%28alpha%29+AND+%28spacekey%3ACR16975%29&xoauth_requestor_id=barney%40customerhost.com)
2019-08-02 16:48:54,064 DEBUG [ajp-nio-8009-exec-11] [atlassian.seraph.filter.SecurityFilter] doFilter doFilter : requiredRoles = []
2019-08-02 16:48:54,067 DEBUG [ajp-nio-8009-exec-11] [atlassian.seraph.filter.SecurityFilter] doFilter doFilter : Setting Auth Context to be 'barney@customerhost.com'
2019-08-02 16:48:54,077 DEBUG [ajp-nio-8009-exec-11] [confluence.user.crowd.CachedCrowdMembershipDao] isUserDirectMember checking direct membership for user [ barney@customerhost.com ] and group [ confluence-administrators ]
2019-08-02 16:48:54,080 DEBUG [ajp-nio-8009-exec-11] [confluence.user.crowd.CachedCrowdMembershipDao] isUserDirectMember checking direct membership for user [ barney@customerhost.com ] and group [ confluence-administrators ]
2019-08-02 16:48:54,082 DEBUG [ajp-nio-8009-exec-11] [confluence.user.crowd.CachedCrowdMembershipDao] isUserDirectMember checking direct membership for user [ barney@customerhost.com ] and group [ confluence-administrators ]
2019-08-02 16:48:54,084 DEBUG [ajp-nio-8009-exec-11] [confluence.user.crowd.CachedCrowdMembershipDao] isUserDirectMember checking direct membership for user [ barney@customerhost.com ] and group [ confluence-administrators ]
2019-08-02 16:48:54,086 DEBUG [ajp-nio-8009-exec-11] [confluence.user.crowd.CachedCrowdMembershipDao] isUserDirectMember checking direct membership for user [ barney@customerhost.com ] and group [ confluence-users ]
2019-08-02 16:48:54,088 DEBUG [ajp-nio-8009-exec-11] [confluence.user.crowd.CachedCrowdMembershipDao] isUserDirectMember checking direct membership for user [ barney@customerhost.com ] and group [ confluence-users ]
2019-08-02 16:48:54,090 DEBUG [ajp-nio-8009-exec-11] [confluence.user.crowd.CachedCrowdMembershipDao] isUserDirectMember checking direct membership for user [ barney@customerhost.com ] and group [ jira-administrators ]
2019-08-02 16:48:54,093 DEBUG [ajp-nio-8009-exec-11] [confluence.user.crowd.CachedCrowdMembershipDao] isUserDirectMember checking direct membership for user [ barney@customerhost.com ] and group [ jira-administrators ]
2019-08-02 16:48:54,096 DEBUG [ajp-nio-8009-exec-11] [confluence.user.crowd.CachedCrowdMembershipDao] isUserDirectMember checking direct membership for user [ barney@customerhost.com ] and group [ jira-users ]
2019-08-02 16:48:54,099 DEBUG [ajp-nio-8009-exec-11] [confluence.user.crowd.CachedCrowdMembershipDao] isUserDirectMember checking direct membership for user [ barney@customerhost.com ] and group [ jira-users ]
2019-08-02 16:48:54,102 DEBUG [ajp-nio-8009-exec-11] [confluence.user.crowd.CachedCrowdMembershipDao] isUserDirectMember checking direct membership for user [ barney@customerhost.com ] and group [ jira-developers ]
2019-08-02 16:48:54,104 DEBUG [ajp-nio-8009-exec-11] [confluence.user.crowd.CachedCrowdMembershipDao] isUserDirectMember checking direct membership for user [ barney@customerhost.com ] and group [ jira-developers ]
2019-08-02 16:48:54,110 DEBUG [ajp-nio-8009-exec-11] [confluence.user.crowd.CachedCrowdMembershipDao] isUserDirectMember checking direct membership for user [ barney@customerhost.com ] and group [ clients ]
2019-08-02 16:48:54,119 DEBUG [ajp-nio-8009-exec-11] [atlassian.confluence.user.DefaultUserAccessor] getAvatarPathOrAttachment Property [confluence.user.profile.picture]not found for user [barney@customerhost.com]
2019-08-02 16:48:54,130 DEBUG [ajp-nio-8009-exec-11] [confluence.user.crowd.CachedCrowdMembershipDao] isUserDirectMember checking direct membership for user [ barney@customerhost.com ] and group [ confluence-administrators ]
2019-08-02 16:48:54,134 DEBUG [ajp-nio-8009-exec-11] [confluence.user.crowd.CachedCrowdMembershipDao] isUserDirectMember checking direct membership for user [ barney@customerhost.com ] and group [ confluence-administrators ]
2019-08-02 16:48:54,137 DEBUG [ajp-nio-8009-exec-11] [confluence.user.crowd.CachedCrowdMembershipDao] parentStringSearch searching for all groups for user [ barney@customerhost.com ]
2019-08-02 16:48:54,141 DEBUG [ajp-nio-8009-exec-11] [confluence.user.crowd.CachedCrowdMembershipDao] parentStringSearch searching for all groups for user [ barney@customerhost.com ]
2019-08-02 16:48:54,145 INFO [ajp-nio-8009-exec-11] [org.hibernate.dialect.Dialect] <init> HHH000400: Using dialect: com.atlassian.confluence.impl.hibernate.dialect.MySQLDialect
2019-08-02 16:48:54,149 INFO [ajp-nio-8009-exec-11] [org.hibernate.dialect.Dialect] <init> HHH000400: Using dialect: com.atlassian.confluence.impl.hibernate.dialect.MySQLDialect
2019-08-02 16:48:54,153 DEBUG [ajp-nio-8009-exec-11] [confluence.user.crowd.CachedCrowdMembershipDao] parentStringSearch searching for all groups for user [ barney@customerhost.com ]
2019-08-02 16:48:54,156 DEBUG [ajp-nio-8009-exec-11] [confluence.user.crowd.CachedCrowdMembershipDao] parentStringSearch searching for all groups for user [ barney@customerhost.com ]
2019-08-02 16:48:54,174 DEBUG [ajp-nio-8009-exec-11] [search.v2.lucene.SearcherWithTokenAction] internalPerform Query time = 13ms, Query = (+(title:alpha^2.0 contentBody:alpha content-name-unstemmed:alpha) +spacekey:CR16975)
2019-08-02 16:48:54,205 DEBUG [ajp-nio-8009-exec-11] [confluence.user.crowd.CachedCrowdMembershipDao] isUserDirectMember checking direct membership for user [ barney@customerhost.com ] and group [ confluence-administrators ]
2019-08-02 16:48:54,208 DEBUG [ajp-nio-8009-exec-11] [confluence.user.crowd.CachedCrowdMembershipDao] isUserDirectMember checking direct membership for user [ barney@customerhost.com ] and group [ confluence-administrators ]
2019-08-02 16:48:54,216 INFO [ajp-nio-8009-exec-11] [event.events.security.LogoutEvent] <init> User barney@customerhost.com logged out by com.atlassian.confluence.user.listeners.UserSessionExpiryListener@2c250f5e

Call stack when clicking on the result of a key word search

2019-08-02 16:51:23,705 INFO [ajp-nio-8009-exec-5] [util.zipkin.impl.ConfluenceSpanCollector] lambda$onCollect$1 Zipkin span
2019-08-02 16:51:23,799 INFO [ajp-nio-8009-exec-1] [oauth.serviceprovider.internal.AuthenticatorImpl] getUserLoginResult Authenticated app 'jira:6d2ec46e-8192-4803-8b32-e363311fa788' as user 'barney@customerhost.com' successfully
2019-08-02 16:51:23,803 DEBUG [ajp-nio-8009-exec-1] [atlassian.seraph.filter.SecurityFilter] doFilter doFilter : Storing the originally requested URL (atlassian.core.seraph.original.url=/rest/api/content/41254914?xoauth_requestor_id=barney%40customerhost.com)
2019-08-02 16:51:23,804 DEBUG [ajp-nio-8009-exec-1] [atlassian.seraph.filter.SecurityFilter] doFilter doFilter : requiredRoles = []
2019-08-02 16:51:23,807 DEBUG [ajp-nio-8009-exec-1] [atlassian.seraph.filter.SecurityFilter] doFilter doFilter : Setting Auth Context to be 'barney@customerhost.com'
2019-08-02 16:51:23,817 DEBUG [ajp-nio-8009-exec-1] [confluence.user.crowd.CachedCrowdMembershipDao] isUserDirectMember checking direct membership for user [ barney@customerhost.com ] and group [ confluence-administrators ]
2019-08-02 16:51:23,821 DEBUG [ajp-nio-8009-exec-1] [confluence.user.crowd.CachedCrowdMembershipDao] isUserDirectMember checking direct membership for user [ barney@customerhost.com ] and group [ confluence-administrators ]
2019-08-02 16:51:23,824 DEBUG [ajp-nio-8009-exec-1] [confluence.user.crowd.CachedCrowdMembershipDao] isUserDirectMember checking direct membership for user [ barney@customerhost.com ] and group [ confluence-administrators ]
2019-08-02 16:51:23,826 DEBUG [ajp-nio-8009-exec-1] [confluence.user.crowd.CachedCrowdMembershipDao] isUserDirectMember checking direct membership for user [ barney@customerhost.com ] and group [ confluence-administrators ]
2019-08-02 16:51:23,828 DEBUG [ajp-nio-8009-exec-1] [confluence.user.crowd.CachedCrowdMembershipDao] isUserDirectMember checking direct membership for user [ barney@customerhost.com ] and group [ confluence-users ]
2019-08-02 16:51:23,831 DEBUG [ajp-nio-8009-exec-1] [confluence.user.crowd.CachedCrowdMembershipDao] isUserDirectMember checking direct membership for user [ barney@customerhost.com ] and group [ confluence-users ]
2019-08-02 16:51:23,833 DEBUG [ajp-nio-8009-exec-1] [confluence.user.crowd.CachedCrowdMembershipDao] isUserDirectMember checking direct membership for user [ barney@customerhost.com ] and group [ jira-administrators ]
2019-08-02 16:51:23,835 DEBUG [ajp-nio-8009-exec-1] [confluence.user.crowd.CachedCrowdMembershipDao] isUserDirectMember checking direct membership for user [ barney@customerhost.com ] and group [ jira-administrators ]
2019-08-02 16:51:23,837 DEBUG [ajp-nio-8009-exec-1] [confluence.user.crowd.CachedCrowdMembershipDao] isUserDirectMember checking direct membership for user [ barney@customerhost.com ] and group [ jira-users ]
2019-08-02 16:51:23,839 DEBUG [ajp-nio-8009-exec-1] [confluence.user.crowd.CachedCrowdMembershipDao] isUserDirectMember checking direct membership for user [ barney@customerhost.com ] and group [ jira-users ]
2019-08-02 16:51:23,841 DEBUG [ajp-nio-8009-exec-1] [confluence.user.crowd.CachedCrowdMembershipDao] isUserDirectMember checking direct membership for user [ barney@customerhost.com ] and group [ jira-developers ]
2019-08-02 16:51:23,843 DEBUG [ajp-nio-8009-exec-1] [confluence.user.crowd.CachedCrowdMembershipDao] isUserDirectMember checking direct membership for user [ barney@customerhost.com ] and group [ jira-developers ]
2019-08-02 16:51:23,845 DEBUG [ajp-nio-8009-exec-1] [confluence.user.crowd.CachedCrowdMembershipDao] isUserDirectMember checking direct membership for user [ barney@customerhost.com ] and group [ clients ]
2019-08-02 16:51:23,859 DEBUG [ajp-nio-8009-exec-1] [atlassian.confluence.user.DefaultUserAccessor] getAvatarPathOrAttachment Property [confluence.user.profile.picture]not found for user [abdullah]
2019-08-02 16:51:23,892 DEBUG [ajp-nio-8009-exec-1] [confluence.user.crowd.CachedCrowdMembershipDao] isUserDirectMember checking direct membership for user [ barney@customerhost.com ] and group [ confluence-administrators ]
2019-08-02 16:51:23,894 DEBUG [ajp-nio-8009-exec-1] [confluence.user.crowd.CachedCrowdMembershipDao] isUserDirectMember checking direct membership for user [ barney@customerhost.com ] and group [ confluence-administrators ]
2019-08-02 16:51:23,901 INFO [ajp-nio-8009-exec-1] [event.events.security.LogoutEvent] <init> User barney@customerhost.com logged out by com.atlassian.confluence.user.listeners.UserSessionExpiryListener@2c250f5e

 

Unauthorized message content

Unauthorized

This server could not verify that you are authorized to access the document requested. Either you supplied the wrong credentials (e.g., bad password), or your browser doesn't understand how to supply the credentials required.

Comment
Watch
Like Be the first to like this
486 views

0 comments

Comment

Log in or Sign up to comment
Jira
Jira
TAGS
AUG Leaders

Atlassian Community Events

See all events