Confluence Authentication Issues
Note
Refer to Confluence Authentication to learn about supported authentication methods.What does a Successful Authentication look like?
To authenticate with Confluence using cookie-based authentication, WikiTraccs opens a browser window to let you log in.
Once you are logged in the browser window should close within about 30 seconds. This is normal behavior, indicating successful authentication.
Note
If no browser window opens at all then we need to go a step back. Internet connectivity issues might prevent WikiTraccs from getting everything it needs to even show the browser window. Refer to the Connectivity Issues article on how to work around those issues.WikiTraccs shows a success message if all authentication cookies could be retrieved. You can stop reading in this case.
If the browser window stays open for a long time after authenticating with Confluence then WikiTraccs is not able to detect your login, for whatever reason. In this case proceed with the troubleshooting sections below.
General Troubleshooting
First, close any open WikiTraccs window and re-start WikiTraccs. Sometimes this resolves issues with authentication. Also close any browser windows that WikiTraccs opened and that is still open.
If re-starting WikiTraccs doesn’t help check if you need additional or different authentication cookies for Confluence. Those can be configured in the advanced authentication configuration dialog. If you are using SSO solutions like Shibboleth you’ll most likely need additional cookies.
Or maybe the Confluence login timed out. WikiTraccs waits for some time for the authentication cookies to appear before giving up. Try to not take too much time for logging in as this might run into a timeout.
Workarounds
If the steps outlined in the previous section didn’t help then something is not right. WikiTraccs might have encountered a yet unsupported configuration of either Confluence or the system it is running on.
WikiTraccs has built-in ways to troubleshoot this. Try the steps outlined in the following sections.
1. Disable Context Path Check for Cookies
WikiTraccs makes assumptions about how the context path of Confluence and cookie data relates. Let’s disable those assumptions.
In appsettings.json
, add the following setting:
{
"CustomSettings": {
"Debug": {
"SkipConfluenceContextPathCookiePathMatching": true
}
}
}
If appsettings.json
does not yet exist, create it and copy above snippet to the file.
If appsettings.json
already exists, find the Debug
section and add the SkipConfluenceContextPathCookiePathMatching
property. Create the Debug
section if necessary.
Re-start WikiTraccs and check if authentication now is possible.
If authentication still cannot be detected, proceed with the next section.
2. Provide Cookies manually
WikiTraccs just needs authentication cookie values and does not really care where they come from.
Let’s provide them manually via a text file.
We need to:
- copy cookies from the browser to
cookies.txt
- copy the user ID to
appsettings.json
Open Chrome (or Edge), navigate to Confluence and log in.
Still in the browser, press F12 to open the developer tools, and choose the Application tab.
Under Cookies, select the Confluence domain. A panel on the right side should show cookies.
Check that JSESSIONID is among those cookies. Unless the cookie name has been changed via server configuration. In this case check the configured name.
In the cookie panel, select all rows with the mouse and copy them to the clipboard.
Create a new file cookies.txt
in either the WikiTraccs.GUI or WikiTraccs.Console folder (depending on what your are running). Have cookies.txt
open in a text editor.
Paste the cookie values from the clipboard to the open text editor and save cookies.txt
.
Here’s an animated GIF showing above steps:
Confluence Cloud: Beware of Truncated Cookies
In Confluence Cloud, the value of the tenant.session.token
cookie can get so long that it gets truncated, which is indicated by three dots at the end of the value as seen in cookies.txt
:
If that is the case (usually starting at around 1000 characters), you need to also copy the single tenant.session.token
cookie value manually to cookies.txt, so that it is not truncated anymore.
Confluence Cloud: Beware of Changing JSESSIONID Cookie
The value of theJSESSIONID
cookies keeps changing every couple of seconds. If you need to manually copy the tenant.session.token
cookie value, make sure that the JSESSIONID
cookie did not change in the meantime. Those two belong together.Now go back to the browser. The developer tools should still be open.
Choose the Elements tab, expand the HTML head
element and search for one of the following entries:
ajs-remote-user-key
for Confluence on-prem (both Server and Data Center)ajs-atlassian-account-id
for Confluence Cloud
The ajs-remote-user-key content value (sample).
Put the ajs-remote-user-key
content (on-prem) or ajs-atlassian-account-id
content (Cloud) value to appsettings.json
.
Here’s how it looks for Confluence on-prem:
{
"CustomSettings": {
"Debug": {
"AjsRemoteUserKey": "8a848084865dd3b801865dd4dc420000"
}
}
}
Here’s how it looks for Confluence Cloud:
{
"CustomSettings": {
"Debug": {
"AjsRemoteAccountId": "8a848084865dd3b801865dd4dc420000"
}
}
}
Note the name difference in above snippets: AjsRemoteUserKey (on-prem) vs. AjsRemoteAccountId (Cloud)
Anonymous authentication
If you are configuring this for a Confluence instance that can be accessed anonymously, and you want to migrate in anonymous mode, you must set the AjsRemoteUserKey/AjsRemoteAccountId to this exact value:
00000000000000000000000000000001
cookies.txt
and the appsettings.json
configuration in place, restart WikiTraccs and retry starting a migration.WikiTraccs now checks if cookies.txt
exists and uses the cookie values instead of starting an interative browser login session. This should succeed.
Note
Right after having been started, WikiTraccs reports when it finds cookies.txt
and the appsettings.json
value:
Please get in touch if this still doesn’t work.
How to log out of Confluence?
When you log in to Confluence you can choose the Remember me option to stay logged in. This is very convenient during a migration since you are always logged in to Confluence without having to reenter your credentials.
But how to log out?
The solution is to delete the browser profile of the Chrome browser that WikiTraccs uses to log in to Confluence. The browser profile is stored in a temporary location, which by default is the Temp folder for your Windows user:
C:\Users\<username>\AppData\Local\Temp\<host-name-of-confluence>
- <username> is your Windows user profile name
- <host-name-of-confluence> resembles the host part of the Confluence base address, like confluence.contoso.com
Delete the whole <host-name-of-confluence> folder and you should be asked to log in again when starting your next migration. This will also recreate the folder.
Cannot find the folder? Have a look here on more information about this temporary folder and where you might find it: File Storage - Temporary Files