User unable to login to application without membership in a specific group when SSO is enabled
When SSO is enabled, newly created users are unable to login to application without membership in a specific group.
For example, Confluence and JIRA are connected to Crowd as the user directory, with SSO. In this situation:
- A new User A is created in Crowd
- User A is assigned membership in the confluence-users group in Crowd
- Authentication tests for the user in the Confluence application in Crowd are successful
- Synchronizing the Crowd user directory to Confluence is successful
- User is unable to login to Confluence with the following error:
- Users are able to log in to the application once they are provided membership in the jira-users group.
The information in the
crowd.properties configuration file inside the affected application is incorrect. In this example, the issue is caused by the
crowd.properties file in Confluence, which uses the application information and credentials that connect to the JIRA application. Therefore, when SSO is enabled, Confluence will attempt to connect to the JIRA application during authentication. If the user does not have the group with the use permission in JIRA (here, jira-users), they will not be able to log in to Confluence.
crowd.propertiesand ensure that the information matches the application information as configured in Crowd. See this documentation for information on how to configure SSO.