Companion App doesn't work properly in parallel with SSO Systems

Still need help?

The Atlassian Community is here for you.

Ask the community

Platform notice: Server and Data Center only. This article only applies to Atlassian products on the Server and Data Center platforms.

Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.

*Except Fisheye and Crucible

Problem

Confluence is integrated with a SSO System. Users try to edit their office files through Companion App. Once Microsoft Office open the downloaded file an error message appears on the Office screen saying that the file is corrupted.

Diagnosis

Environment

  • You must be running Confluence with a SSO System integrated to it and accountable for logging users in.

Diagnostic Steps

  • Attempt editing any Office file with the Companion App. All of them should be flagged as corrupted by Office.

  • Find the directory to which Confluence is downloading the files in your computer by following the instructions outlined in How to access Confluence files edited with the Atlassian Companion app. All files should have exactly the same size. 
    • For example, if a file has 2MBs when you look it on Confluence, it will not be downloaded with 2MBs but rather with a smaller size. Same applies for an Excel or Power Point file. Once you check the downloads folder, all files will have the same size, regardless of their type and original size.
    • Additionally, the content of the files will be the HTML of the SSO login page.

Cause

Given a natural redirect that happens on the SSO layer, Confluence does not download the real Office file to the local computer of a given user but rather create a copy of the file we are attempting to download and dump SSO Redirection text inside it. That's why all files will have the same content if opened through Notepad, for example and that's why they'll all have the same size.

Workaround

If you have Confluence 7.2 or later, see the Single sign-on considerations section of Administering the Atlassian Companion App for information specific to your version of Confluence. 

The workaround below is for Confluence 6.11 to 7.1.  

To workaround this problem one must configure the aforementioned SSO System to exclude the following paths from its redirect logic:

1. <Confluence-Base-URL>/download/*
2. <Confluence-Base-URL>/rest/*


(warning) There's no need to worry about possible security vulnerabilities. If an unauthenticated user tries to access <Confluence-Base-URL>/download/* manually after the SSO System has been configured to skip that URL, the user will end up by being redirect to the traditional Confluence login screen. The user won't be able to access any content or download files while unauthenticated.

DescriptionCompanion App doesn't work properly with SSO Systems.
ProductConfluence

Last modified on Jan 1, 2020

Was this helpful?

Yes
No
Provide feedback about this article
Powered by Confluence and Scroll Viewport.