Confluence Authentication Issues

This article covers known authentication issues in Confluence and possible solutions.

Note

Refer to Confluence Authentication to learn about supported authentication methods.

What does a Successful Authentication look like?

To authenticate with Confluence using cookie-based authentication, WikiTraccs opens a browser window to let you log in.

Once you are logged in the browser window should close within about 30 seconds. This is normal behavior, indicating successful authentication.

Note

If no browser window opens at all then we need to go a step back. Internet connectivity issues might prevent WikiTraccs from getting everything it needs to even show the browser window. Refer to the Connectivity Issues article on how to work around those issues.

WikiTraccs shows a success message if all authentication cookies could be retrieved. You can stop reading in this case.

If the browser window stays open for a long time after authenticating with Confluence then WikiTraccs is not able to detect your login, for whatever reason. In this case proceed with the troubleshooting sections below.

General Troubleshooting

First, close any open WikiTraccs window and re-start WikiTraccs. Sometimes this resolves issues with authentication. Also close any browser windows that WikiTraccs opened and that is still open.

If re-starting WikiTraccs doesn’t help check if you need additional or different authentication cookies for Confluence. Those can be configured in the advanced authentication configuration dialog. If you are using SSO solutions like Shibboleth you’ll most likely need additional cookies.

Or maybe the Confluence login timed out. WikiTraccs waits for some time for the authentication cookies to appear before giving up. Try to not take too much time for logging in as this might run into a timeout.

Workarounds

If the steps outlined in the previous section didn’t help then something is not right. WikiTraccs might have encountered a yet unsupported configuration of either Confluence or the system it is running on.

WikiTraccs has built-in ways to troubleshoot this. Try the steps outlined in the following sections.

1. Disable Context Path Check for Cookies

WikiTraccs makes assumptions about how the context path of Confluence and cookie data relates. Let’s disable those assumptions.

In appsettings.json, add the following setting:

appsettings.json

Refer to Settings to learn about appsettings.json and where to put it.

{
    "CustomSettings": {
        "Debug": {
            "SkipConfluenceContextPathCookiePathMatching": true
        }
    }
}

If appsettings.json does not yet exist, create it and copy above snippet to the file.

If appsettings.json already exists, find the Debug section and add the SkipConfluenceContextPathCookiePathMatching property. Create the Debug section if necessary.

Re-start WikiTraccs and check if authentication now is possible.

If authentication still cannot be detected, proceed with the next section.

2. Provide Cookies manually

WikiTraccs just needs authentication cookie values and does not really care where they come from.

Let’s provide them manually via a text file.

We need to:

copy cookies from the browser to cookies.txt
copy the user ID to appsettings.json

Open Chrome (or Edge), navigate to Confluence and log in.

Still in the browser, press F12 to open the developer tools, and choose the Application tab.

Under Cookies, select the Confluence domain. A panel on the right side should show cookies.

Check that JSESSIONID is among those cookies. Unless the cookie name has been changed via server configuration. In this case check the configured name.

In the cookie panel, select all rows with the mouse and copy them to the clipboard.

Create a new file cookies.txt in either the WikiTraccs.GUI or WikiTraccs.Console folder (depending on what your are running). Have cookies.txt open in a text editor.

Paste the cookie values from the clipboard to the open text editor and save cookies.txt.

Here’s an animated GIF showing above steps:

Now go back to the browser. The developer tools should still be open.

Choose the Elements tab, expand the HTML head element and search for the ajs-remote-user-key entry:

The ajs-remote-user-key content value.

Put the ajs-remote-user-key content value to appsettings.json like this:

{
    "CustomSettings": {
        "Debug": {
            "AjsRemoteUserKey": "8a848084865dd3b801865dd4dc420000"
        }
    }
}

Anonymous authentication

If you are configuring this for a Confluence instance that can be accessed anonymously, and you want to migrate in anonymous mode, you must set the AjsRemoteUserKey to this exact value:

00000000000000000000000000000001

Having both cookies.txt and the appsettings.json configuration in place, restart WikiTraccs and retry starting a migration.

WikiTraccs now checks if cookies.txt exists and uses the cookie values instead of starting an interative browser login session. This should succeed.

Please get in touch if this still doesn’t work.

How to log out of Confluence?

When you log in to Confluence you can choose the Remember me option to stay logged in. This is very convenient during a migration since you are always logged in to Confluence without having to reenter your credentials.

But how to log out?

The solution is to delete the browser profile of the Chrome browser that WikiTraccs uses to log in to Confluence. The browser profile is stored in a temporary location, which by default is the Temp folder for your Windows user:

C:\Users\<username>\AppData\Local\Temp\<host-name-of-confluence>

<username> is your Windows user profile name
<host-name-of-confluence> resembles the host part of the Confluence base address, like confluence.contoso.com

Delete the whole <host-name-of-confluence> folder and you should be asked to log in again when starting your next migration. This will also recreate the folder.

Cannot find the folder? Have a look here on more information about this temporary folder and where you might find it: File Storage - Temporary Files

Last modified March 26, 2024