confluence: xmlstarlet for Crowd SSO causing mangled seraph-config.xml ?
I’m not sure if it is the mangled seraph-config.xml shown below or something else with the Crowd_enable_SSO flag, but there is something fishy going on.
I’m attempting to simulate an environment with all the Atlassian apps communicating with each other via a “composed” docker-compose and I’ve ironed out most of the kinks (and will hopefully PR a few changes to your repos soon), but every time I enable Crowd authentication if I also have Crowd SSO turned on for the Confluence container it completely prevents logging in. There is a known issue with Crowd in Confluence preventing local logins from working, but this is actually preventing valid Crowd logins from working either, I end up having to tear down the instance and set it up again. I’ve also run into issues with the Jira container and Crowd SSO so I’ve turned it off on those for now, though Bitbucket doesn’t seem to mind whether it is on or off.
<security-config
>
<parameters
>
<init-param
>
<param-name
>login.url</param-name
>
<param-value
>/login.action?os_destination=${originalurl}&permissionViolation=true</param-value
>
</init-param
>
<init-param
>
<param-name
>link.login.url</param-name
>
<param-value
>/login.action</param-value
>
</init-param
>
<init-param
>
<param-name
>cookie.encoding</param-name
>
<param-value
>cNf</param-value
>
</init-param
>
<init-param
>
<param-name
>login.cookie.key</param-name
>
<param-value
>seraph.confluence</param-value
>
</init-param
>
<!--only basic authentication available-->
<init-param
>
<param-name
>authentication.type</param-name
>
<param-value
>os_authType</param-value
>
</init-param
>
<!-- Invalidate session on login to prevent session fixation attack -->
<init-param
>
<param-name
>invalidate.session.on.login</param-name
>
<param-value
>true</param-value
>
</init-param
>
<!-- Add names for session attributes that must not be copied to a new session when the old one gets invalidated.
Currently it is empty (i.e. all attributes will be copied). -->
<init-param
>
<param-name
>invalidate.session.exclude.list</param-name
>
<param-value
/>
</init-param
>
</parameters
>
<rolemapper
class="com.atlassian.confluence.security.ConfluenceRoleMapper"
/>
<controller
class="com.atlassian.confluence.setup.seraph.ConfluenceSecurityController"
/>
<!-- Default Confluence authenticator, which uses the configured user management for authentication. -->
<!-- Custom authenticators appear below. To enable one of them, comment out the default authenticator above and uncomment the one below. -->
<!-- Authenticator with support for Crowd single-sign on (SSO). -->
<!-- <authenticator class="com.atlassian.confluence.user.ConfluenceCrowdSSOAuthenticator"/> -->
<!-- Specialised version of the default authenticator which adds authenticated users to confluence-users if they aren't already a member. -->
<services
>
<service
class="com.atlassian.seraph.service.PathService"
>
<init-param
>
<param-name
>config.file</param-name
>
<param-value
>seraph-paths.xml</param-value
>
</init-param
>
</service
>
</services
>
<elevatedsecurityguard
class="com.atlassian.confluence.security.seraph.ConfluenceElevatedSecurityGuard"
/>
<authenticator
class="com.atlassian.confluence.user.ConfluenceCrowdSSOAuthenticator"
/></security-config
>
About this issue
- Original URL
- State: closed
- Created 6 years ago
- Comments: 17 (16 by maintainers)
Commits related to this issue
- #46 Set crowd.properties with env variables. — committed to teamatldocker/confluence by deleted user 6 years ago
- #46 Added missing environment variables for working config. — committed to teamatldocker/confluence by deleted user 6 years ago
Finished!