Cannot log into Confluence as a local user when Crowd SSO is enabled

Still need help?

The Atlassian Community is here for you.

Ask the community

Platform notice: Server and Data Center only. This article only applies to Atlassian products on the Server and Data Center platforms.

Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.

*Except Fisheye and Crucible

Problem

Local Confluence users, including local admin accounts, are not able to log into Confluence at all. The following error is seen on-screen:

Sorry, your username and password are incorrect. Please try again.

The following generic authentication error appears in the atlassian-confluence.log:

2013-01-14 21:32:53,855 WARN [http-1432-6] [atlassian.seraph.auth.DefaultAuthenticator] login login : 'admin' tried to login but they do not have USE permission or weren't found. Deleting remember me cookie.

Confluence is configured to achieve SSO through Crowd. That is: <confluence_install>/confluence/WEB-INF/classes/seraph-config.xml has the Crowd SSO authenticator enabled and the default Confluence authenticator disabled:

<!-- The default Confluence authenticator is commented out (disabled) -->
<!-- <authenticator class="com.atlassian.confluence.user.ConfluenceAuthenticator"/> -->
 
<!-- The Crowd SSO authenticator is uncommented (enabled) -->
<authenticator class="com.atlassian.confluence.user.ConfluenceCrowdSSOAuthenticator"/>

Cause

When Confluence is configured to achieve SSO through Crowd, only users from Crowd will be allowed to authenticate. Local Confluence users, including administrators, will not be able to log in unless Crowd SSO is disabled.

Resolution

You will need to disable Crowd SSO to log in as a local user (or any other non-Crowd user, e.g. an LDAP account):

  1. Shut down Confluence

  2. Edit <confluence_install>/confluence/WEB-INF/classes/seraph-config.xml
  3. Uncomment the default Confluence authenticator:

    <authenticator class="com.atlassian.confluence.user.ConfluenceAuthenticator"/>
  4. Comment out the Crowd SSO authenticator:

    <!-- <authenticator class="com.atlassian.confluence.user.ConfluenceCrowdSSOAuthenticator"/> -->
  5. Start Confluence back up

If you do not remember your local administrator username or password, please see the following documentation on how you can locate or reset its password via the database: Restore Passwords To Recover Admin User Rights

There is an improvement request to allow administrators to edit the Crowd user directory in Confluence when SSO is enabled (without having to first disable SSO): CONF-28031 - Getting issue details... STATUS

Last modified on Feb 29, 2016

Was this helpful?

Yes
No
Provide feedback about this article
Powered by Confluence and Scroll Viewport.