Confluence protects access to its administrative functions by requiring a secure administration session to use the Confluence administration console or administer a space. When a Confluence administrator (who is logged into Confluence) attempts to access an administration function, they are prompted to log in again. This logs the administrator into a temporary secure session that grants access to the Confluence/space administration console.

一時的な安全セッションには、連続タイムアウト機能が搭載されています(デフォルトは 10 分です)。管理者がタイムアウトを越える一定の時間、Confluence またはスペースの管理コンソールで何のアクティビティも起こさなかった場合、管理者は安全管理者セッションからログアウトされます(ただし、Confluence にはログイン状態のままです)。管理者が管理機能をクリックすると、タイムアウトがリセットされます。

安全管理者セッションを設定するには、

  1. Go to the Confluence 'Administration Console':

    • Choose Browse > Confluence Admin. The 'Administrator Access' login screen will be displayed.
    • Enter your password and click Confirm. You will be temporarily logged into a secure session to access the 'Administration Console'.
  2. Click 'Security Configuration' in the 'Security' section. The 'Edit Security Configuration' screen will be displayed.
  3. Click the 'Edit' link.
    • To disable secure administrator sessions (i.e. administrators will not be required to log into a secure session to access the administration console), uncheck the 'Enable' checkbox next to 'Secure administrator sessions'.
    • To change the timeout for secure administrator sessions, update the value in textbox next to 'minutes before invalidation'. The default timeout for a secure administration session is 10 minutes.
  4. 保存」ボタンをクリックします。


Screenshot above: Configuring secure administrator sessions

注意

  • Disabling password confirmation. Confluence installations that use a custom authentication mechanism may run into problems with the Confluence security measure that requires password confirmation. If necessary, you can set the password.confirmation.disabled system property to disable the password confirmation functionality. See Recognised System Properties. See issue CONF-20958 "Confluence features that require password confirmation (websudo, captcha) do not work with custom authentication".
  • WebSudo。 安全管理者セッションを実行する機能は、「WebSudo」とも言います。
  • Manually ending a secure session. An administrator can choose to manually end their secure session by clicking the 'drop access' link in the banner displayed at the top of their screen.
  • Note for developers. Secure administrator sessions can cause exceptions when developing against Confluence or deploying a plugin. Please read this FAQ: How do I develop against Confluence with Secure Administrator Sessions?​ Note: The Confluence XML-RPC and REST APIs are not affected by secure administration sessions.

Except where otherwise noted, content in this space is licensed under a Creative Commons Attribution 2.5 Australia License.