Cannot log into Confluence as a local user when Crowd SSO is enabled
Platform notice: Server and Data Center only. This article only applies to Atlassian products on the Server and Data Center platforms.
Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.
*Except Fisheye and Crucible
Problem
Local Confluence users, including local admin accounts, are not able to log into Confluence at all. The following error is seen on-screen:
Sorry, your username and password are incorrect. Please try again.
The following generic authentication error appears in the atlassian-confluence.log
:
2013-01-14 21:32:53,855 WARN [http-1432-6] [atlassian.seraph.auth.DefaultAuthenticator] login login : 'admin' tried to login but they do not have USE permission or weren't found. Deleting remember me cookie.
Confluence is configured to achieve SSO through Crowd. That is: <confluence_install>/confluence/WEB-INF/classes/seraph-config.xml has the Crowd SSO authenticator enabled and the default Confluence authenticator disabled:
<!-- The default Confluence authenticator is commented out (disabled) -->
<!-- <authenticator class="com.atlassian.confluence.user.ConfluenceAuthenticator"/> -->
<!-- The Crowd SSO authenticator is uncommented (enabled) -->
<authenticator class="com.atlassian.confluence.user.ConfluenceCrowdSSOAuthenticator"/>
Cause
When Confluence is configured to achieve SSO through Crowd, only users from Crowd will be allowed to authenticate. Local Confluence users, including administrators, will not be able to log in unless Crowd SSO is disabled.
Resolution
You will need to disable Crowd SSO to log in as a local user (or any other non-Crowd user, e.g. an LDAP account):
Shut down Confluence
- Edit <confluence_install>/confluence/WEB-INF/classes/seraph-config.xml
Uncomment the default Confluence authenticator:
<authenticator class="com.atlassian.confluence.user.ConfluenceAuthenticator"/>
Comment out the Crowd SSO authenticator:
<!-- <authenticator class="com.atlassian.confluence.user.ConfluenceCrowdSSOAuthenticator"/> -->
- Start Confluence back up
If you do not remember your local administrator username or password, please see the following documentation on how you can locate or reset its password via the database: Restore Passwords To Recover Admin User Rights
There is an improvement request to allow administrators to edit the Crowd user directory in Confluence when SSO is enabled (without having to first disable SSO): CONF-28031 - Getting issue details... STATUS