Auto-login and local users

Hi Anael,

I believe it depends on the order of the user directories in confluence. If the internal directory is on the first position, then even if the LDAP crashes, you can still login with the internal admin. However if the LDAP is on the first position, the instance will fail with the sync and the subsequent logins won't work.

Regards,

Rodrigo

Hi Anael,

Yes, it is possible to login with admin rights even if your AD server is down.

In this case you would login as a internal administrator, which is stored in the Confluence Internal Directory. Of course, this directory must be enabled for this to work. We don't suggest you disable the Internal directory.

You can identify and recover the password for the local administrator following the instructions from this article.

Regards,
LM

Where does SSO authenticator take headers from i.e. who actually authenticates the user?

Hum could be a good idea, I did not think about multiple connectors in tomcat. I will try that

All the SSO configuration is in tomcat. I have a apache proxy in front to have a better looking URL (no port 8090).

Re: separate entry/separate port - I meant separate Connector element on a different port

So, SSO happens before Confluence (probably in front-facing Apache?). This is where a "bypass" needs to be configured and the questions about "AD being offline" are to that authenticator, not Confluence e.g. if AD is offline, will the SSO authenticator fail completely or let your through to the Confluence login page (where the local admin should work in this situation) In this kind of setup Apache is playing a "reverse proxy" and the location being proxied is configured to do something to perform SSO. You probably need to setup another location in Apache _without SSO_ proxying the same Confluence instance. Confluence may require a separate entry (and a separate port) in server.xml with correct proxy details.

I could use a workaround with a script when an issue occrurs :
Replace the configuration with the SSO-config to be able to login on the wiki.

After the problem is solved : another script to set the SSO-config back in place.

I am using Confluence HTTP Authenticator (and no budget for shinnny paid SSO solutions, unfortunately).

Thanks Luiz,

I have the internal directory enabled and I have set a dummy admin account and set its password.

I have tried to login using that admin account, but no luck  unable to login. If I delete the LDAP config I can login with that admin user so the account seems properly set.

Should I use any directory-prefix when I try to login with a local account?   (like   Internal\dummyAdmin)

It all depends on what solution you are using for SSO - can you share more details? Some SSO solutions (like our EasySSO) provide means to skip SSO via a special URL and revert to regular application (Confluence) login page. You ability to login with an account then depends on how the application is configured - if the account is local then it should be possible. Re: user cache - please elaborate what cache is meant and where.