Certain Users Cannot Authenticate when Confluence Is Protected by Siteminder

Still need help?

The Atlassian Community is here for you.

Ask the community

Symptoms

Certain people cannot log in to Confluence via Siteminder. An exception in the log is thrown along these lines:


com.atlassian.user.impl.DuplicateEntityException: User [username] already exists in: Hibernate Repository

Cause

Siteminder uses an internal password to log a user into Confluence using the API. When a user resets their password using "Change my password" or "Forgot Password" from Confluence, Confluence will reset the internal password to be different from the Siteminder password.

According to SiteMinder Custom Seraph Authenticator for Confluence:

Once a user has logged into Siteminder, when they access Confluence, the custom authenticator will extract their Siteminder credentials and then ( i ) try and log the user in, and if that fails, (ii) create a new user using the Siteminder credentials.


if (login(request, response, username, password, false) == true)

UserAccessor userAccessor = (UserAccessor) bucket.container
.ContainerManager.getInstance().getContainerContext().getComponent("userAccessor");
String[] defaultGroup={"confluence-users"};
User newUser = userAccessor.addUser(username, password, email, fullname, defaultGroup);

If Siteminder authentication to Confluence fails (due to the user changing the Confluence password manually), then Siteminder assumes (in this case, incorrectly) that this user has never logged into Confluence. It then tries to add the user to Confluence, to which Confluence throws a duplicate user exception: This user already exists.

Resolution

Log into Confluence as a Confluence Administrator. Use the Manage Users interface to reset the user's password back to the Siteminder password and clear the caches using the Caching Statistics interface.


Last modified on Mar 30, 2016

Was this helpful?

Yes
No
Provide feedback about this article
Powered by Confluence and Scroll Viewport.