If you already have a significant user base set up inside JIRA, it makes sense to connect Confluence to JIRA so that user management is centralised and not duplicated. This document outlines how to delegate Confluence's user authentication and group management to JIRA so that you can use your JIRA users to log in to Confluence.
Read Before Proceeding
- The examples used in this document are based on Tomcat Application Server and the MySQL database. The same concepts (but not the verbatim examples) can be applied to other application servers or databases.
- Always install Confluence with a new database. Do not attempt to use the existing JIRA database, with either JDBC or data source. Do not add any spaces or content once Confluence installation is complete. Users in Confluence will no longer be valid once you switch over to using your JIRA users.
- If JIRA is using LDAP for authentication, you should not use JIRA for Confluence user management. Use Add LDAP Integration instead.
- If you have existing users or groups in Confluence, these users will not be available once you switch to using JIRA's user management. Any existing content will no longer be associated with valid users.
- If you run into a problem, check the Troubleshooting section.
Technical Overview
In the configuration described below, Confluence will use JIRA's database for its user and group information. The Confluence application will have two database connections:
- A connection to the primary database, set up during Confluence installation. This database stores all the normal Confluence data: spaces, pages, comments, etc.
- A read-only data source connection to JIRA's database, set up after Confluence is installed. Confluence reads information about users and groups from this database.
The reason this works is because both JIRA and Confluence use the same user management library, OSUser. The OSUser database schema is the same in JIRA and Confluence, so Confluence can easily read from JIRA's tables to get the user and group information.
Step One: Installing Confluence
Skip this step if you have installed Confluence already and completed the setup wizard.
1. If you are running JIRA standalone please follow these instructions for installing Confluence.
2. If you have JIRA deployed under your own tomcat server, please follow these instructions.
3. Ensure that Confluence is running and has been set up, that is, you have completed the setup wizard and verified that you can create pages.
4. Shut down Confluence.
Step Two: Setting up a Datasource to JIRA's Database
In order to delegate all user authentication attempts and group membership queries to JIRA, Confluence needs to be aware of JIRA's database, and hence the user tables in JIRA's database.
In Tomcat this is achieved by specifying JIRA's database as a resource. You will need to declare it inside the <context> descriptor you set up in Step One.
 |
If there is an existing block of <Resource> in the <context> descriptor, please do not replace it. Rather, just add the following <Resource> block inside the <context> descriptor. |
|
If you are running Confluence WAR/EAR version separate to JIRA, or under JIRA standalone 3.3 and later, your Confluence context will be in the confluence.xml file.
If you are running Confluence standalone separate to JIRA, or Confluence WAR/EAR version under an older version of JIRA, your Confluence context will be in the server.xml file. You should never have a Confluence context in both. |
If you are running Confluence standalone (or Confluence inside a JIRA standalone) and aren't sure which version of Tomcat you are using, check your log files. You'll see *INFO: Starting Servlet Engine: Apache Tomcat/5.5.nn* if you are using Tomcat 5.5.
|
The DataSource configuration below is using MySQL as an example. You will need to modify these settings according to the database that you are using. |
- Tomcat 4.x and Tomcat 5.0.x: Sample context descriptor
<Context path="/confluence" docBase="C:/programs/confluence" swallowOutput="true">
<Resource name="jdbc/JiraDS" auth="Container" type="javax.sql.DataSource"/>
<ResourceParams name="jdbc/JiraDS">
<parameter>
<name>username</name>
<value>your_db_username</value>
</parameter>
<parameter>
<name>password</name>
<value>your_db_password</value>
</parameter>
<parameter>
<name>driverClassName</name>
<value>com.mysql.jdbc.Driver</value>
</parameter>
<parameter>
<name>url</name>
<value>jdbc:mysql://your.domain.com/jira_database_name?autoReconnect=true</value>
</parameter>
<parameter>
<name>factory</name>
<value>org.apache.commons.dbcp.BasicDataSourceFactory</value>
</parameter>
</ResourceParams>
</Context>
- Tomcat 5.5.x: This version of Tomcat has a new syntax for specifying resources (note that you don't add a new context to server.xml, just add the Resource to your existing Context):
<Context path="/confluence" docBase="C:/programs/confluence" swallowOutput="true">
<Resource name="jdbc/JiraDS" auth="Container" type="javax.sql.DataSource"
username="your_db_username"
password="your_db_password"
driverClassName="com.mysql.jdbc.Driver"
url="jdbc:mysql://your.domain.com/jira_database_name?autoReconnect=true"/>
</Context>
Step Three: Installing the JDBC Driver
Ensure that your JDBC driver is on the classpath of your application server. In this example, a jar for the mysql driver should be in the /common/lib folder.
- Download the mysql driver from here.
- Copy the jar file into the /common/lib folder
Step Four: Modifying osuser.xml
 |
Please perform this step after you have completed the Confluence setup wizard. |
- Find the osuser.xml file in the /confluence/WEB-INF/classes folder and open in a text editor. Comment out the following block of code:
<provider class="bucket.user.providers.CachingCredentialsProvider">
<property name="chain.classname">com.opensymphony.user.provider.hibernate.HibernateCredentialsProvider</property>
<property name="chain.configuration.provider.class">bucket.user.BucketHibernateConfigProvider</property>
</provider>
<provider class="bucket.user.providers.CachingAccessProvider">
<property name="chain.classname">com.opensymphony.user.provider.hibernate.HibernateAccessProvider</property>
<property name="chain.configuration.provider.class">bucketuser.BucketHibernateConfigProvider</property>
</provider>
<provider class="bucket.user.providers.CachingProfileProvider">
<property name="chain.classname">com.opensymphony.user.provider.hibernate.HibernateProfileProvider</property>
<property name="chain.configuration.provider.class">bucket.user.BucketHibernateConfigProvider</property>
</provider>
- Uncomment this block:
<provider class="bucket.user.providers.CachingCredentialsProvider">
<property name="chain.classname">com.atlassian.confluence.user.providers.jira.JiraJdbcCredentialsProvider</property>
<property name="chain.datasource">java:comp/env/jdbc/JiraDS</property>
</provider>
<provider class="bucket.user.providers.CachingAccessProvider">
<property name="chain.classname">com.atlassian.confluence.user.providers.jira.JiraJdbcAccessProvider</property>
<property name="chain.datasource">java:comp/env/jdbc/JiraDS</property>
</provider>
<provider class="bucket.user.providers.CachingProfileProvider">
<property name="chain.classname">com.atlassian.confluence.user.providers.jira.JiraJdbcProfileProvider</property>
<property name="chain.datasource">java:comp/env/jdbc/JiraDS</property>
<property name="chain.configuration.provider.class">bucket.user.BucketHibernateConfigProvider</property>
</provider>
Your osuser.xml should now look like this:
<opensymphony-user>
<!--
Authenticators can take properties just like providers.
This smart authenticator should work for 'most' cases - it dynamically looks up
the most appropriate authenticator for the current server.
-->
<authenticator class="com.opensymphony.user.authenticator.SmartAuthenticator"/>
<!-- JIRA User management (with caching) -->
<!-- Note: Do not add any line breaks or spaces when specifying the chain.classname, otherwise a ClassNotFoundException will be thrown -->
<provider class="bucket.user.providers.CachingCredentialsProvider">
<property name="chain.classname">com.atlassian.confluence.user.providers.jira.JiraJdbcCredentialsProvider</property>
<property name="chain.datasource">java:comp/env/jdbc/JiraDS</property>
</provider>
<provider class="bucket.user.providers.CachingAccessProvider">
<property name="chain.classname">com.atlassian.confluence.user.providers.jira.JiraJdbcAccessProvider</property>
<property name="chain.datasource">java:comp/env/jdbc/JiraDS</property>
</provider>
<provider class="bucket.user.providers.CachingProfileProvider">
<property name="chain.classname">com.atlassian.confluence.user.providers.jira.JiraJdbcProfileProvider</property>
<property name="chain.datasource">java:comp/env/jdbc/JiraDS</property>
<property name="chain.configuration.provider.class">bucket.user.BucketHibernateConfigProvider</property>
</provider>
<!--
<provider class="bucket.user.providers.CachingCredentialsProvider">
<property name="chain.classname">com.opensymphony.user.provider.hibernate.HibernateCredentialsProvider</property>
<property name="chain.configuration.provider.class">bucket.user.BucketHibernateConfigProvider</property>
</provider>
<provider class="bucket.user.providers.CachingAccessProvider">
<property name="chain.classname">com.opensymphony.user.provider.hibernate.HibernateAccessProvider</property>
<property name="chain.configuration.provider.class">bucket.user.BucketHibernateConfigProvider</property>
</provider>
<provider class="bucket.user.providers.CachingProfileProvider">
<property name="chain.classname">com.opensymphony.user.provider.hibernate.HibernateProfileProvider</property>
<property name="chain.configuration.provider.class">bucket.user.BucketHibernateConfigProvider</property>
</provider>
-->
<!--<provider class="com.opensymphony.user.provider.memory.MemoryCredentialsProvider" />
<provider class="com.opensymphony.user.provider.memory.MemoryAccessProvider" />
<provider class="com.opensymphony.user.provider.memory.MemoryProfileProvider" />-->
</opensymphony-user>
Please make sure your file looks like this.
In this example, JiraDS is the name of the JIRA datasource you are sharing with Confluence. If you have changed the name in step 2 of this documentation, you will need change all occurences of the value here too.
You can also download the already configured file here.
Step Five: Customising osuser.xml
In some cases you may need to customise the behaviour of the JiraJdbc classes. You can do this by setting properties within the osuser.xml file.
This process is documented here.
Step Six: Modifying atlassian-user.xml
This step is only applicable for Confluence 2.7 and later .
Please comment-out/remove the following line from your <Confleunce-Install>/confluence/WEB-INF/classes/atlassian-user.xml file:
and add this line instead:
Step Seven: Creating Confluence Groups in JIRA
- Add confluence-users and confluence-administrators groups in JIRA
- Add yourself to both these groups.
- To give your existing JIRA users access to Confluence, you have two options.
- Manually edit the groups of these users inside JIRA and give them membership to one or both of these confluence groups OR
- Start up Confluence. Log in using your JIRA account, and go to Administration and then Global Permissions. Now assign the 'can use' permission to your desired JIRA groups.
| In order to use Confluence, users must be a member of the confluence-users group (or have Confluence 'can use' permission). |
Step Eight: Activating External User Management
Since user management is now conducted in JIRA and outside of Confluence, you will need to switch external user management on.
NOTE: Activating external user management will remove user and group management options from Confluence. Your users will also no longer be able to edit their full name or email address inside Confluence. (If they want to, they would have to do so in JIRA).
To switch external user management on:
- Log into Confluence using your JIRA account.
- Go to the Administration Console and click General Configuration in the left-hand panel
- Click 'Edit' at the bottom of the 'Options and Settings' screen.
- Select 'ON' beside 'External User Management'.
For answers relating to JIRA User Management, click on any query below.
Troubleshooting
Confluence login page loads with 'NullPointerException' system error
If the page loads with 'System error' with cause 'java.lang.NullPointerException at com.atlassian.user.impl.osuser.OSUUserManager.getOpensymphonyUser(OSUUserManager.java:85)' and output logs shows 'user.provider.jdbc.BaseJDBCProvider] init Could not look up DataSource using JNDI location' error, either the Resource for the DataSource is not being loaded by the application server, or it is being loaded but the resource names do not match. Check the names first, so if '/confluence/WEB-INF/classes/osuser.xml' specifies a datasource named 'java:comp/env/jdbc/JiraDS', the datasource specified in server.xml or confluence.xml must be 'jdbc/JiraDS'.
Confluence login page loads with 'HTTP Status 404' and output log shows 'java.lang.ClassNotFoundException' for driver, eg 'com.mysql.jdbc.Driver'
Missing the database driver library. On standalone or Apache Tomcat, download the database jar to the common\lib directory.
Confluence login page loads but login fails with 'Username and password are incorrect' and output log shows 'Access denied for user'
Caused by an incorrect database URL or login in the datasource.
Confluence login page loads but login fails with 'Username and password are incorrect' and output log shows 'Cannot create JDBC driver'
If your log outputs an error with "FATAL [user.provider.jdbc.JDBCCredentialsProvider] Could not list users. org.apache.commons.dbcp.SQLNestedException: Cannot create JDBC driver of class '' for connect URL 'null'", you are using the incorrect Tomcat format for specifying the Datasource resource. You should check your Tomcat version and use the alternative format.
I cannot get my JIRA integration to work, where can I get technical support?
RELATED TOPICS
Comments (40)
Jun 03, 2004
Eric Hansen says:
See http://jira.atlassian.com/browse/CONF-950. You apparently need to run throu...See http://jira.atlassian.com/browse/CONF-950. You apparently need to run through setup with external user management turned off. Wheh you finish setup, you can turn on external user management.
Jan 28, 2005
Nitin Chaumal says:
Are there any pointers for integrating JIRA+Confluence into Weblogic/Jetspeed po...Are there any pointers for integrating JIRA+Confluence into Weblogic/Jetspeed portal and delegate the user management to these portals. This will help in having a single sign on for the entire portal not just JIRA+Confluence.
You guys are doing a fantastic job.
Jan 28, 2005
Nitin Chaumal says:
I completed this process successfully. I created a project in JIRA giving the li...I completed this process successfully. I created a project in JIRA giving the link to a confluence page for project documentation.
I log into JIRA and click on this link but i am asked to login again.
I also created a link on one of the confluence pages to a JIRA roject page, clicking on this link in confluence also takes me to the JIRA login page nstead of the project page. Is there a way to get over this.
Feb 16, 2005
Nick Faiz says:
Hi Nitin, It's probably a good idea to shoot emails through to confluence-sup...Hi Nitin,
It's probably a good idea to shoot emails through to confluence-support@atlassian.com , comments won't always have a timely response.
Currently, we do not have single sign on between applications. While users can be shared across applications they must authenticate for each.
Cheers,
Nick
Apr 11, 2005
Anonymous says:
The jira Context stuff in in the jira.xml file on my installation. Where would ...The jira Context stuff in in the jira.xml file on my installation. Where would the confluence context stuff then go?
CHarlie
Apr 18, 2005
Anonymous says:
you can create them in tomcat_home/conf/catalina/localhostyou can create them in tomcat_home/conf/catalina/localhost
Jun 16, 2005
Jason Dillon says:
Note, in the example to "uncomment this block": <provider class="bucket.pro...Note, in the example to "uncomment this block":
<provider class="bucket.providers.CachingProfileProvider">Should be:
<provider class="bucket.user.providers.CachingProfileProvider">Jun 25, 2005
Anonymous says:
Are there any pointers for integrating JIRA+Confluence into Resin. I don't know ...Are there any pointers for integrating JIRA+Confluence into Resin. I don't know what will Tomcat <context> be in Resin!!!!
Jul 01, 2005
David Loeng says:
The most crucial step in delegating user management is setting up a datasource i...The most crucial step in delegating user management is setting up a datasource in your Confluence webapp (regardless of what application server you are using) to point to JIRA's database.
So in your resin.conf, you need a datasource that looks something like this:
<resource-ref> <res-ref-name>jdbc/JiraDS</res-ref-name> <res-type>javax.sql.DataSource</res-type> <init-param driver-name="org.postgresql.Driver"/> <init-param url="jdbc:postgresql://localhost/jiradb"/> <init-param user="postgres"/> <init-param password="postgres"/> <init-param max-connections="20"/> <init-param max-idle-time="30"/> </resource-ref>Obviously you have to ensure that the appropriate JDBC drivers are in the classpath for your chosen application server too.
The rest of the setup steps should be similar.
Cheers,
Dave
Jul 05, 2005
Barrow Kwan says:
We are currently using LDAP for authentication ( basically it is just password c...We are currently using LDAP for authentication ( basically it is just password checking ). Can you do a mix of it ( JIRA/Confluence/LDAP ) ? ie Confluence will use JIRA's user database but authentication ( password checking ) will be done through LDAP?
Jul 05, 2005
Jens Schumacher says:
Yes, that is possible. Simply follow the steps in [How to delegate user man...Yes, that is possible.
Simply follow the steps in [How to delegate user management in Confluence to JIRA] and [Enable LDAP authentication] to setup this environment.
Oct 26, 2006
Buhi Mume says:
Can somebody update the links? Thank you.Can somebody update the links? Thank you.
Nov 21, 2006
Ivan Benko says:
Sorry about it Ldap integration Delegate User management to JIRASorry about it
Ldap integration
Delegate User management to JIRA
Aug 22, 2005
Jason shao says:
Is it possible to take setup an install of Confluence with external user managem...Is it possible to take setup an install of Confluence with external user management, and then import data from an install which was not setup to delegate to JIRA?
e.g. can I follow the direction above, then:
Aug 23, 2005
David Loeng says:
Firstly, unless you intend this, importing a site backup from another install of...Firstly, unless you intend this, importing a site backup from another install of Confluence will wipe out everything in your current install.
If you do intend this, user entries will not be autocreated in JIRA (remember the bridge from Confluence to JIRA is read only - Confluence cannot write to JIRA's user database).
Space imports are fine.
Cheers,
Dave
Sep 11, 2005
Ricardo Sueiras says:
If you have an existing Confluence setup and running, and you are deploying Jira...If you have an existing Confluence setup and running, and you are deploying Jira, but want to defer all user management to Jira (i.e. so there will be only one user profile, one place to mange permissions, etc) can you take all you existing users/groups/profiles from the confluence database, and import them into the jira user database?
Sep 12, 2005
Jens Schumacher says:
You could transfer the users via a script or sql directly. However, you will hav...You could transfer the users via a script or sql directly. However, you will have to take care of the user email since the property set is stored in a different column in Jira. You will also have to join the user groups and add them into the jira database.
Another way would be to create the users via the remote API. You will have to write a script which queries your database for the right data and creates the user in Jira via the remote API. The drawback there is that the user will have to change his password since there is no way to access and insert the current password.
If you need any assistance with this task, please let us know and send an email to: confluence-support@atlassian.com
Cheers,
Jens
Sep 12, 2005
Ricardo Sueiras says:
Thanks Jens. We will be using a custom authenticator so passwords will not be a...Thanks Jens.
We will be using a custom authenticator so passwords will not be an issue, as the password stored in the database will not be used.
When you say "join the user groups and add them into the jira database" what exactly do you mean? Do you mean add all the users into the "jira-users" group (or equiv) that is stored in the jira database?
Thanks.
Sep 12, 2005
Jens Schumacher says:
Ricardo, in order to keep the permissions set in Confluence working, you will h...Ricardo,
in order to keep the permissions set in Confluence working, you will have to make sure that you move over all relationships between users and groups to your jira database.
However, it is a little bit to complex to discuss this in the comment section of this page. Please write us an email to confluence-support@atlassian.com and we will happily assist you with the migration of your user database.
Cheers,
Jens
Dec 15, 2005
joe elliott says:
Is there a particular reason that the first step of the directions specifically ...Is there a particular reason that the first step of the directions specifically say that the WAR version should be installed?
I went through the whole process of setting up a clean Tomcat 5.5.12 instance, adding the Confluence webapp, etc. It ran, but I quickly blew up with a Java out of memory error. If there are any particular pointers in tuning a clean tomcat install, that would be nice.
But irrelevant to that, I decided to just go back to my original standalone Confluence install and add the JiraDS config, and that seemed to work just fine. (once i figured out that needed to use the Tomcat 4.x syntax for the data source config)