症状

Certain people cannot log in to Confluence via Siteminder. An exception in the log is thrown along these lines:

com.atlassian.user.impl.DuplicateEntityException: User [username] already exists in: Hibernate Repository

原因

Siteminder uses an internal password to log a user into Confluence using the API. When a user resets their password using "Change my password" or "Forgot Password" from Confluence, Confluence will reset the internal password to be different from the Siteminder password.

According to SiteMinder Custom Seraph Authenticator for Confluence:

Once a user has logged into Siteminder, when they access Confluence, the custom authenticator will extract their Siteminder credentials and then ( i ) try and log the user in, and if that fails, (ii) create a new user using the Siteminder credentials.

if (login(request, response, username, password, false) == true)

UserAccessor userAccessor = (UserAccessor) bucket.container
.ContainerManager.getInstance().getContainerContext().getComponent("userAccessor");
String[] defaultGroup={"confluence-users"};
User newUser = userAccessor.addUser(username, password, email, fullname, defaultGroup);

If Siteminder authentication to Confluence fails (due to the user changing the Confluence password manually), then Siteminder assumes (in this case, incorrectly) that this user has never logged into Confluence. It then tries to add the user to Confluence, to which Confluence throws a duplicate user exception: This user already exists.

ソリューション

Log into Confluence as a Confluence Administrator. Use the Manage Users interface to reset the user's password back to the Siteminder password and clear the caches using the Caching Statistics interface.