This page last changed on Jul 25, 2011 by smaddox.

This page introduces the concepts and components of user management in Confluence.

The components of user management are:

  • Authentication: Determining what user identity is making a request to Confluence.
  • User management: Storing and retrieving core information about users.
  • Group membership: Storing and retrieving groups, and group membership.
  • Profile information: Providing metadata associated with users.

It is important to understand that these are separate components of the user management system. When referring to 'LDAP integration', remember that you could use an LDAP directory for any or all of the above tasks.

Authentication

Seraph

Almost all authentication in Confluence (and JIRA) is performed through Seraph, Atlassian's open source web authentication framework. The goal of Seraph is to provide a simple, extensible authentication system that we can use on any application server.

Seraph is implemented as a servlet filter. Its sole job is, given a web request, to associate that request with a particular user (or no user if the request is anonymous). It supports several methods of authentication, including HTTP Basic Authentication, form-based authentication, and looking up credentials already stored in the user's session.

Seraph itself performs no user management functions. It merely checks the credentials of the incoming request and delegates any user management functions (looking up a user, checking a user's password is correct) to Confluence's user management system.

If you were looking to integrate Confluence with your own single sign-on (SSO) infrastructure, you would do so by installing Atlassian Crowd or by writing a custom Seraph authenticator.

XML-RPC and SOAP Authentication

Normally, requests for Confluence's remote API will include an authentication token as the first argument. With this method of authentication, XML-RPC and SOAP authentication requests are checked directly against the user management framework, and tokens are assigned directly by the remote API subsystem. These requests do not pass through Seraph authenticators.

However, if the token argument is blank, Seraph will be used as a fallback authentication method for remote API requests. So, to use a custom Seraph authenticator with XML-RPC or SOAP requests, ensure that you pass an empty string as the authentication token to remote API methods.

Password Authentication and User Management

By default, password authentication is delegated from Seraph to the user management system. This is not necessary, however. Single sign-on systems may have no password authentication at all, and get all the necessary credentials from the SSO provider.

Confluence User Management Framework

User Management via the Confluence Administration Console

Configuring User Directories

A user directory is a place where you store information about users and groups. User information includes the person's full name, username, password, email address and other personal information. Group information includes the name of the group, the users that belong to the group, and possibly groups that belong to other groups.

The internal directory stores user and group information in the Confluence database. You can also connect to external user directories, and to Atlassian Crowd and JIRA as directory managers. You can configure multiple directories. For example Confluence can draw user information from both the database and an LDAP server.

See Configuring User Directories.

Managing Users and Groups

You can add users and groups, add members to groups, and add profile information to each user. See Confluence User Management.

If you have connected Confluence to more than one user directory, you need to define the directory order. Here is a summary of how the directory order affects the processing:

  • The order of the directories is the order in which they will be searched for users and groups.
  • Changes to users and groups will be made only in the first directory where the application has permission to make changes.

See Managing Multiple Directories.

Information about Earlier User Management Frameworks

Atlassian-User – Now Behind the Scenes

Atlassian-User is a user and group management framework developed by Atlassian. It provides user, group and profile management services to Confluence. In earlier versions of Confluence, you needed to configure your user directories by editing the atlassian-user.xml file directly. In Confluence 3.5 and later this is no longer necessary, nor is it possible. Please refer to the documentation for Confluence 3.4 or earlier, if you need details of this framework.

Refer to the Confluence 3.5 Upgrade Notes for details of the automatic migration that will occur during the upgrade process.

OSUser – Obsolete

OpenSymphony User was Confluence's core user management framework before Atlassian-User. Please refer to the documentation for Confluence 3.4 or earlier, if you need details of this framework.

RELATED TOPICS

HTTP authentication with Seraph
User Management

Document generated by Confluence on Sep 19, 2011 02:42