Confluence Docs 2.10 : HTTP authentication with Seraph
This page last changed on May 06, 2007 by don.willis@atlassian.com.
IntroductionThis document describes how the default security system in Confluence works, using the Seraph library for HTTP authentication. Extending the security system by subclassing Seraph's authenticator and configuring the seraph-config.xml file is outside the scope of this document. See Single Sign-on Integration with JIRA and Confluence. Flowchart diagramsThe easiest way to understand Confluence's authentication process is with the following diagrams. Because the Authenticator.login(request, response, username, password, rememberMe) method occurs three times, and is slightly complex, it has been broken into its own sub-flowchart. Supported authentication methodsThe default Seraph authenticator supports four methods of authentication, as can be seen in the flowchart:
Each method is tried in the order above. A successful login at an earlier method continues without checking the later methods. Failure at one method means continuing with the later methods until all are exhausted. At this point, the user is considered an anonymous user, and treated according to the permissions of an anonymous user in Confluence. Looking through the source code will show that Seraph supports role-based authentication, but this is only used in Confluence for the /admin/ URL restriction. Related pagesUnderstanding User Management in Confluence ![]() ![]() ![]() ![]() ![]() ![]() |
![]() |
Document generated by Confluence on Dec 03, 2008 15:13 |