Confluence – LDAP (Read Only) with Oauth – Login for new users not possible.
-
# 3 years, 2 months ago
Hi there,
we have just set up LDAP as our primary (read only) user directory in jira and confluence and are planning on enabeling miniorange oauth as our primary login method.
While logging in via miniOrange SSO users then should automatically be assigned the default “jira-/confluence-Users” group and be granted application access trough this.
We were able to set this up in Jira with little to no problems but our confluence instance seems to have a mind on its own – even though all oauth settings are equal on both systems.
When a new user (which by default has no groups/application access but is already synced into the directory via LDAP as “deactived”) tries to login into confluence via SSO, he gets the message “We couldnt sign you in. Please contact your Admin” and is not assigned to any groups.
For testing purposes we have removed the confluence-users group from a user which was already logged in to the system before. We also verified with a LDAP-user which was never logged into the system before – same result – login not possible, no group assigned.We have already checked the forum but the only thing we could find so far was this article which unfortunately doesnt bring us any further.
We have also enabled OAuth Debug Logs which give us the following confusing lines of info:
2021-07-28 17:46:37,126 DEBUG [http-nio-8090-exec-10 url: /plugins/servlet/oauth/callback] [oauth.confluence.servlet.MoOAuthCallbackServlet] authoriseAndRedirect username : USER1
2021-07-28 17:46:37,126 INFO [http-nio-8090-exec-10 url: /plugins/servlet/oauth/callback] [oauth.confluence.servlet.MoOAuthCallbackServlet] authoriseAndRedirect Login using UserName…
2021-07-28 17:46:37,127 DEBUG [http-nio-8090-exec-10 url: /plugins/servlet/oauth/callback] [oauth.confluence.servlet.MoOAuthCallbackServlet] authoriseAndRedirect email : User1@example.com
2021-07-28 17:46:37,127 DEBUG [http-nio-8090-exec-10 url: /plugins/servlet/oauth/callback] [oauth.confluence.servlet.MoOAuthCallbackServlet] authoriseAndRedirect userName : USER1
2021-07-28 17:46:37,128 DEBUG [http-nio-8090-exec-10 url: /plugins/servlet/oauth/callback] [oauth.confluence.servlet.MoOAuthCallbackServlet] authoriseAndRedirect User exists.USER1
2021-07-28 17:46:37,130 ERROR [http-nio-8090-exec-10 url: /plugins/servlet/oauth/callback] [oauth.confluence.servlet.MoOAuthCallbackServlet] authoriseAndRedirect Confluence user not found and user new creating is disabled. Redirecting to the Error Page.Does anybody have a clue on what our problem might be?
Any kind of help would be greatly appreciated.Thanks in advance 🙂
# 3 years, 2 months agoHi there,
Welcome to the miniOrange forum.
Looking at the logs, it seems the plugin is unable to identify the SSO user, and as a result, it is unable to assign any groups and create a user session. This problem usually occurs when the username and email mapping in the “User Profile” tab is wrong.
To fix this issue, please follow the steps below.
1. Navigate to the “Configure OAuth” Tab and click on the “Test Configuration” button. You will see all the user information here.
2. Keep the Test Configuration window open and navigate to the “User Profile” tab of the plugin.
3. Copy the Attribute name that contains the Confluence username and email of the user and map that attribute with the respective username and email field. In case if you do not find the Confluence username then select the “Login/Create User Account by” option to “Email”.In case if you still face this issue, please raise a Support request to miniOrange Helpdesk and the technical team will help you out with the configuration. You can raise a support request from the link below.
https://miniorange.atlassian.net/servicedesk/customer/portal/2
You must be logged in to reply to this topic.