Basic HTTP Authentication not working for REST calls

Platform Notice: Data Center Only - This article only applies to Atlassian products on the Data Center platform.

Note that this KB was created for the Data Center version of the product. Data Center KBs for non-Data-Center-specific features may also work for Server versions of the product, however they have not been tested. Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.

*Except Fisheye and Crucible

Summary

When performing a REST call to Confluence, even though the correct user credentials are provided for basic authentication, the response is the same as if the user didn't have permission to access the requested content.

Environment

  • Confluence Server

  • Integration with third-party SSO apps (not using Crowd SSO or SSO 2.0 from Confluence DC)

  • Customization applied to the file <confluence_install>/confluence/WEB-INF/classes/seraph-config.xml

Diagnosis

When performing a simple REST call to get the current logged user, you are presented with an "anonymous" result:

1 2 3 $ curl -u user:password -H "X-Atlassian-Token: no-check" --request GET http://<CONFLUENCE_URL>:<CONFLUENCE_PORT>/<CONTEXT_PATH>/rest/api/user/current {"type":"anonymous","profilePicture":{"path":"/s/tctn9a/8401/c8e689b733d823db3be6f6ba15b91b9c98719cfa/_/images/icons/profilepics/anonymous.svg","width":48,"height":48,"isDefault":true},"displayName":"Anonymous","_links":{"base":"http://<CONFLUENCE_URL>:<CONFLUENCE_PORT>/<CONTEXT_PATH>","context":"<CONTEXT_PATH"}}

Also, simple REST calls, as for example, retrieving content from Confluence, returns a 404 error:

1 2 3 4 $ curl -u user:password -H "X-Atlassian-Token: no-check" --request GET 'http://<CONFLUENCE_URL>:<CONFLUENCE_PORT>/<CONTEXT_PATH>/rest/api/content?spaceKey=KEY' {"statusCode":404,"data":{"authorized":false,"valid":true,"allowedInReadOnlyMode":true,"errors":[],"successful":false},"message":"No space with key : KEY","reason":"Not Found"}

Cause

The file seraph-config.xml contains the core configuration of the Seraph authentication framework.

A customization on this file will impact on how Confluence authenticate its users and could be the responsible for this behavior.

Solution

  1. Backup the existing seraph-config.xml file, so you won't lose any modification applied to it

    1. You can rename the file, using:

      1 $ mv seraph_config.xml seraph_config.xml_customized

  2. Download a Confluence standalone file - same version you're using - from Confluence Server Download Archives

  3. Stop Confluence

  4. Copy the original seraph-config.xml from the recently downloaded Confluence into your existing installation, replacing the modified seraph-config.xml

  5. Start Confluence

Contact the vendor from the SSO app to understand how the modifications on seraph-config.xml should be applied to work with REST calls

  • You can compare the customized seraph.config.xml with the original one to understand which modifications caused the issue by using a simple diff command:

    1 $ diff seraph_config.xml_customized seraph_config.xml

Updated on February 26, 2025
Platform
Data Center only
Product
Confluence Data Center
On this pageSummaryDiagnosisCauseSolution

Still need help?

The Atlassian Community is here for you.
Ask the Community