Problem
We've noticed that if we log in using SSO to our ADFS with a jira-administrator (or confluence) user, when we try to go to an administration page, we are prompted to re-enter the user password for sudo, then an error is returned.
This only happens when the Jira/Confluence User in Question is not in the local User Directory and authentication against the remote directory does not work.
A typical case would be a sync'd Active Directory but direct authentication against AD doesn't work (only via ADFS).
The error you may see looks like this:
Technical details
Log's referral number: 057a7ebe-80fc-419a-8a6a-0416afd26961
Cause
Referer URL: /secure/admin/ViewApplicationProperties.jspa
com.atlassian.crowd.exception.runtime.OperationFailedException
Solution
The reason this is happening is that the Atlassian . Why the SAML Single Sign On plugin does not perform the authentication process ?
Solution
The WebSudo component does not use the SAML SSO Plugin for authentication. If you run into this error then you You essentially have three options:
...
two options.
- Disable WebSudo: https://confluence.atlassian.com/jira/configuring-secure-administrator-sessions-231343939.html#ConfiguringSecureAdministratorSessions-DisablingSecureAdministratorSessions
- Use local Admin Users, with a local password in the Jira/Confluence Database
A little more background:
- You login to Confluence/Jira via SSO so entering your Username & Password at the IdP (if you weren’t already authenticated there)
- Once you want to become admin, WebSudo would send you to the IdP for authentication
- The IdP sees you are already authenticated and sends you back to Jira/Confluence as AUTHENTICATED, WITHOUT asking you for the password again.
- Here you go you are in the admin section.
Related articles
Filter by label (Content by label) | ||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
...