Documentation for Confluence 5.4.
Documentation for Confluence OnDemand and earlier versions of Confluence is available too.

Skip to end of metadata
Go to start of metadata

You can connect your Confluence application to Atlassian Crowd or to JIRA (version 4.3 or later) for management of users and groups, and for authentication (verification of a user's login).

On this page:

(warning) The information on this page does not apply to Confluence OnDemand.

Connecting Confluence to Crowd for User Management

Atlassian Crowd is an application security framework that handles authentication and authorisation for your web-based applications. With Crowd you can integrate multiple web applications and user directories, with support for single sign-on (SSO) and centralised identity management. The Crowd Administration Console provides a web interface for managing directories, users and their permissions. See the Crowd Administration Guide.

When to use this option: Connect to Crowd if you want to use the full Crowd functionality to manage your directories, users and groups. You can connect your Crowd server to a number of directories of all types that Crowd supports, including custom directory connectors.

To connect Confluence to Crowd:

  1. Go to your Crowd Administration Console and define the Confluence application to Crowd. See the Crowd documentation: Adding an Application.
  2. Choose the cog icon  at top right of the screen, then choose Confluence Admin.
  3. Click 'User Directories' in the left-hand panel.
  4. Add a directory and select type 'Atlassian Crowd'. Enter the settings as described below.
  5. Save the directory settings.
  6. Define the directory order by clicking the blue up- and down-arrows next to each directory on the 'User Directories' screen. Here is a summary of how the directory order affects the processing:
    • The order of the directories is the order in which they will be searched for users and groups.
    • Changes to users and groups will be made only in the first directory where the application has permission to make changes.
    For details see Managing Multiple Directories.
  7. If required, configure Confluence to use Crowd for single sign-on (SSO) too. See the Crowd documentation: Integrating Crowd with Atlassian Confluence.

Crowd Settings in Confluence

Setting

Description

Name

A meaningful name that will help you to identify this Crowd server amongst your list of directory servers. Examples:

  • Crowd Server
  • Example Company Crowd

Server URL

The web address of your Crowd console server. Examples:

  • http://www.example.com:8095/crowd/
  • http://crowd.example.com

Application Name

The name of your application, as recognised by your Crowd server. Note that you will need to define the application in Crowd too, using the Crowd administration Console. See the Crowd documentation on adding an application.

Application Password

The password which the application will use when it authenticates against the Crowd framework as a client. This must be the same as the password you have registered in Crowd for this application. See the Crowd documentation on adding an application.

Crowd Permissions

Setting

Description

Read Only

The users, groups and memberships in this directory are retrieved from Crowd and can only be modified via Crowd. You cannot modify Crowd users, groups or memberships via the application administration screens.

Read/Write

The users, groups and memberships in this directory are retrieved from Crowd. When you modify a user, group or membership via the application administration screens, the changes will be applied directly to Crowd. Please ensure that the application has modification permissions for the relevant directories in Crowd. See the Crowd documentation: Specifying an Application's Directory Permissions.

Advanced Crowd Settings

Setting

Description

Enable Nested Groups

Enable or disable support for nested groups. Before enabling nested groups, please check to see if the user directory or directories in Crowd support nested groups. When nested groups are enabled, you can define a group as a member of another group. If you are using groups to manage permissions, you can create nested groups to allow inheritance of permissions from one group to its sub-groups.

Synchronisation Interval (minutes)

Synchronisation is the process by which the application updates its internal store of user data to agree with the data on the directory server. The application will send a request to your directory server every x minutes, where 'x' is the number specified here. The default value is 60 minutes.

Connecting Confluence to JIRA for User Management

Icon

Note that the license tiers for JIRA and Confluence do not need to match to use this feature. For example, you can manage a Confluence 50 user license with JIRA, even if JIRA only has a 25 user license.

 

Subject to certain limitations, you can connect a number of Atlassian web applications to a single JIRA server for centralised user management.

When to use this option: You can only connect to a server running JIRA 4.3 or later. Choose this option as an alternative to Atlassian Crowd, for simple configurations with a limited number of users.

If you are running JIRA 4.2 or earlier, please see Connecting to JIRA 4.2 or Earlier for User Management.

To connect Confluence to JIRA 4.3 or later:

  1. Go to your JIRA administration screen and define the Confluence application to JIRA:
    • For JIRA 4.3.x, select 'Other Applications' from the 'Users, Groups & Roles' section of the 'Administration' menu.
    • For JIRA 4.4 or later, select 'Users' > 'JIRA User Server' in Administration mode.
    • Click 'Add Application'.
    • Enter the application name and password that Confluence will use when accessing JIRA.
    • Enter the IP address or addresses of your Confluence server. Valid values are:
      • A full IP address, e.g. 192.168.10.12.
      • A wildcard IP range, using CIDR notation, e.g. 192.168.10.1/16. For more information, see the introduction to CIDR notation on Wikipedia and RFC 4632.
    • Save the new application.
  2. Set up the JIRA user directory in Confluence:
    • Choose the cog icon  at top right of the screen, then choose Confluence Admin.
    • Click 'User Directories' in the left-hand panel.
    • Add a directory and select type 'Atlassian JIRA'.
    • Enter the settings as described below. When asked for the application name and password, enter the values that you defined for your Confluence application in the settings on JIRA.
    • Save the directory settings.
    • Define the directory order by clicking the blue up- and down-arrows next to each directory on the 'User Directories' screen. Here is a summary of how the directory order affects the processing:
      • The order of the directories is the order in which they will be searched for users and groups.
      • Changes to users and groups will be made only in the first directory where the application has permission to make changes.
      For details see Managing Multiple Directories.
  3. In order to use Confluence, users must be a member of the confluence-users group or have Confluence 'can use' permission. Follow these steps to configure your Confluence groups in JIRA:
    1. Add the confluence-users and confluence-administrators groups in JIRA.
    2. Add your own username as a member of both of the above groups.
    3. Choose one of the following methods to give your existing JIRA users access to Confluence:
      • Option 1: In JIRA, find the groups that the relevant users belong to. Add the groups as members of one or both of the above Confluence groups.
      • Option 2: Log in to Confluence using your JIRA account and go to the Confluence Administration Console. Click 'Global Permissions' and assign the 'can use' permission to the relevant JIRA groups.


Icon

Ensure that you have added Confluence URL into JIRA Whitelist in JIRA Administration >> System >> Security >> Whitelist. For example: https://confluence.atlassian.com/ or refer to this guide: Configuring the Whitelist

JIRA Settings in Confluence

Setting

Description

Name

A meaningful name that will help you to identify this JIRA server amongst your list of directory servers. Examples:

  • JIRA Server
  • My Company JIRA

Server URL

The web address of your JIRA server. Examples:

  • http://www.example.com:8080
  • http://jira.example.com

Application Name

The name used by your application when accessing the JIRA server that acts as user manager. Note that you will also need to define your application to that JIRA server, via the 'Other Applications' option in the 'Users, Groups & Roles' section of the 'Administration' menu.

Application Password

The password used by your application when accessing the JIRA server that acts as user manager.

JIRA Permissions

Setting

Description

Read Only

The users, groups and memberships in this directory are retrieved from the JIRA server that is acting as user manager. They can only be modified via that JIRA server.

Advanced JIRA Settings

Setting

Description

Enable Nested Groups

Enable or disable support for nested groups. Before enabling nested groups, please check to see if nested groups are enabled on the JIRA server that is acting as user manager. When nested groups are enabled, you can define a group as a member of another group. If you are using groups to manage permissions, you can create nested groups to allow inheritance of permissions from one group to its sub-groups.

Synchronisation Interval (minutes)

Synchronisation is the process by which the application updates its internal store of user data to agree with the data on the directory server. The application will send a request to your directory server every x minutes, where 'x' is the number specified here. The default value is 60 minutes.

Diagrams of Some Possible Configurations

Gliffy Zoom Zoom

Diagram above: Confluence, JIRA and other applications connecting to Crowd for user management.

Diagram above: Confluence connecting to JIRA for user management.

Diagram above: Confluence connecting to JIRA for user management, with JIRA in turn connecting to LDAP.

Troubleshooting

Below are some error messages you may encounter. If you run into problems, you should turn on WARN logging for the relevant class. See Configuring Logging

ErrorMessageCause

error.jirabaseurl.connection.refused

Connection refused. Check if an instance of JIRA 4.3 or later is running on the given url
 

This may be because:

  • JIRA url is incorrect 
  • JIRA instance is not running on the specified url.
  • JIRA instance running on the specified url is not 4.3 or later.
error.applicationlink.connection.refusedFailed to establish application link between JIRA server and Confluence server.

Unable to create an application link between JIRA and Confluence. This may be because:

  • Confluence or JIRA url is incorrect
  • the instance is not running on the specified url
  • credentials are incorrect.

Refer to the Confluence log files for further troubleshooting information.

error.jirabaseurl.not.validThis is not a valid url for JIRA 4.3 or later.A runtime exception has occured. Refer to the Confluence log files for further troubleshooting information.

 

RELATED TOPICS

Configuring User Directories

11 Comments

  1. Anonymous

    I connected Confluence to Jira for User Management, but I ran into the problem, that Confluence loaded the User-Management-Data into the cache before I set up the 'confluence-users' and 'confluence-administrators' groups. That way, I could log into confluence but every page I tried to access was redirected to the "forbidden" page.

    So if you run into the same problem, just restart confluence after you set up the groups in JIRA correctly. That should solve the problem!

    1. Anonymous

      Was pulling my hair out about this. Sometimes it can be so easy... thanks! I had to restart both Jira and Confluence though...

  2. What are/where are the instructions for undoing this?  The above instructions worked perfectly for connecting the JIRA user database to Confluence.  I had second thoughts after I made the change when I realized it wasn't really worth the effort (in my case) to go through and re-create all the group permissions.  As soon as the change is enabled in Confluence, the Admin menu link disappears, and it does not reappear when you deactivate Confluence as a trusted application in JIRA.

    1. Answered my own question...

      You have to manually edit the database to put the Internal User Directory back in the first position.  Follow these instructions: Restoring Passwords To Recover Admin User Rights (Step 3).  Assuming you made no other changes other than what the above instructions outlined, you DO NOT have to recreate admin users, groups, etc.  All this stuff is still in the user tables.

      @Atlassian: I still think this info belongs in the instructions above! Please and thank you (smile)

  3. Anonymous

    Hi, the "Configure Atlassian Crowd Server" Settings only worked for me if I put "Server URL" as http://localhost:8080

    For me http://jira.domain.comhttp://jira.domain.com:8080 didn't work.

    Hope this helps you.

    -Mike

    1. Anonymous

      Do you get an (very meaningful) eror like this?

      Connection test failed. Response from the server: com.atlassian.crowd.exception.ApplicationPermissionException: <!DOCTYPE html> <html> <head> <title>Forbidden (403)</title> <!--[if IE]><![endif]--> <script type="text/javascript">var contextPath = '/jira';</script>" .....

      In my case this was due to the fact that the connection is made on the loopback interface to jira.domain.com as JIRA and Confluence are running on the same server - therefore 127.0.0.1 must be added to the "IP Addresses" of the Confluence Application Entry in the JIRA User Server.

      Once you do that it should work with the FQDN of your server as well.

  4. Anonymous

     

    If I want to connect JIRA User Server by another application( not confluence or other , which code by myself), what should I do , do you have any code examples? is there any api document ?

    My email addr is : michael@ideacat.cn

    thanks

    1. Hallo Michael

      The JIRA REST API docs are here: https://developer.atlassian.com/display/JIRADEV/JIRA+REST+APIs

      In particular, there are a couple of tutorials about authentication here: https://developer.atlassian.com/display/JIRADEV/JIRA+REST+API+Tutorials

      And the JAVA API docs are here: https://developer.atlassian.com/display/JIRADEV/JIRA+Java+API+Reference

      I hope this helps.

      Cheers, Sarah

  5. For some reason I had to keep the 127.0.0.1 AND ::1 in addition to the ip address of my confluence server into the 'add application' part of JIRA User Server configuration in order to get the FQDN to work (otherwise had to go to 8080, didn't like the apache front?)

  6. Hi, 

    Is this config up to date? I move from hosted solution to download version and the integration doesn't work. 

    I have JIRA 6.0 and the appilcation links is not equal than other versions. You loging in the confluence, but is not possible generate the users directory correctly. 

     

    Cheers. 

  7. Hi,
    Is there a solution for having it the other way around? I want to use the Confluence logins from JIRA.
    Also will this mean that I need to have JIRA with the same licence (users) as Confluence?
    Thanks,
    Pascal