Confluence 4.0 : Understanding User Management in Confluence
This page last changed on Jul 25, 2011 by smaddox.
AuthenticationSeraphAlmost all authentication in Confluence (and JIRA) is performed through Seraph, Atlassian's open source web authentication framework. The goal of Seraph is to provide a simple, extensible authentication system that we can use on any application server. Seraph is implemented as a servlet filter. Its sole job is, given a web request, to associate that request with a particular user (or no user if the request is anonymous). It supports several methods of authentication, including HTTP Basic Authentication, form-based authentication, and looking up credentials already stored in the user's session. Seraph itself performs no user management functions. It merely checks the credentials of the incoming request and delegates any user management functions (looking up a user, checking a user's password is correct) to Confluence's user management system. If you were looking to integrate Confluence with your own single sign-on (SSO) infrastructure, you would do so by installing Atlassian Crowd or by writing a custom Seraph authenticator. XML-RPC and SOAP AuthenticationNormally, requests for Confluence's remote API will include an authentication token as the first argument. With this method of authentication, XML-RPC and SOAP authentication requests are checked directly against the user management framework, and tokens are assigned directly by the remote API subsystem. These requests do not pass through Seraph authenticators. However, if the token argument is blank, Seraph will be used as a fallback authentication method for remote API requests. So, to use a custom Seraph authenticator with XML-RPC or SOAP requests, ensure that you pass an empty string as the authentication token to remote API methods. Password Authentication and User ManagementBy default, password authentication is delegated from Seraph to the user management system. This is not necessary, however. Single sign-on systems may have no password authentication at all, and get all the necessary credentials from the SSO provider. Confluence User Management FrameworkUser Management via the Confluence Administration ConsoleConfiguring User DirectoriesA user directory is a place where you store information about users and groups. User information includes the person's full name, username, password, email address and other personal information. Group information includes the name of the group, the users that belong to the group, and possibly groups that belong to other groups. The internal directory stores user and group information in the Confluence database. You can also connect to external user directories, and to Atlassian Crowd and JIRA as directory managers. You can configure multiple directories. For example Confluence can draw user information from both the database and an LDAP server. See Configuring User Directories. Managing Users and GroupsYou can add users and groups, add members to groups, and add profile information to each user. See Confluence User Management. If you have connected Confluence to more than one user directory, you need to define the directory order. Here is a summary of how the directory order affects the processing:
See Managing Multiple Directories. Information about Earlier User Management FrameworksAtlassian-User – Now Behind the ScenesAtlassian-User is a user and group management framework developed by Atlassian. It provides user, group and profile management services to Confluence. In earlier versions of Confluence, you needed to configure your user directories by editing the Refer to the Confluence 3.5 Upgrade Notes for details of the automatic migration that will occur during the upgrade process. OSUser – ObsoleteOpenSymphony User was Confluence's core user management framework before Atlassian-User. Please refer to the documentation for Confluence 3.4 or earlier, if you need details of this framework. RELATED TOPICS |
![]() |
Document generated by Confluence on Sep 19, 2011 02:42 |