Confluence Fails to Start after Upgrade Due to 'Could not load security config 'seraph-config.xml'

Platform Notice: Data Center Only - This article only applies to Atlassian products on the Data Center platform.

Note that this KB was created for the Data Center version of the product. Data Center KBs for non-Data-Center-specific features may also work for Server versions of the product, however they have not been tested. Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.

*Except Fisheye and Crucible

Symptoms

Confluence, integrated with Crowd, fails to start after an upgrade to Confluence 3.4. The following errors appear in atlassian-confluence.log:

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 Caused by: org.springframework.beans.BeanInstantiationException: Could not instantiate bean class [com.atlassian.seraph.service.rememberme.DefaultRememberMeConfiguration]: Constructor threw exception; nested exception is java.lang.RuntimeException: Could not load security config 'seraph-config.xml': Exception configuring from 'seraph-config.xml : com.atlassian.seraph.config.ConfigurationException: Could not getRequest service: com.atlassian.confluence.security.seraph.SessionInvalidatingLoginInterceptor : java.lang.ClassNotFoundException: com.atlassian.confluence.security.seraph.SessionInvalidatingLoginInterceptor Caused by: java.lang.RuntimeException: Could not load security config 'seraph-config.xml': Exception configuring from 'seraph-config.xml : com.atlassian.seraph.config.ConfigurationException: Could not getRequest service: com.atlassian.confluence.security.seraph.SessionInvalidatingLoginInterceptor : java.lang.ClassNotFoundException: com.atlassian.confluence.security.seraph.SessionInvalidatingLoginInterceptor at com.atlassian.seraph.config.SecurityConfigFactory.loadInstance(SecurityConfigFactory.java:60) at com.atlassian.seraph.config.SecurityConfigFactory.getInstance(SecurityConfigFactory.java:21) at com.atlassian.seraph.service.rememberme.DefaultRememberMeConfiguration.<init>(DefaultRememberMeConfiguration.java:21) at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method) at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39) at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:27) at java.lang.reflect.Constructor.newInstance(Constructor.java:513) ... Caused by: com.atlassian.seraph.config.ConfigurationException: Exception configuring from 'seraph-config.xml : com.atlassian.seraph.config.ConfigurationException: Could not getRequest service: com.atlassian.confluence.security.seraph.SessionInvalidatingLoginInterceptor : java.lang.ClassNotFoundException: com.atlassian.confluence.security.seraph.SessionInvalidatingLoginInterceptor at com.atlassian.seraph.config.SecurityConfigImpl.<init>(SecurityConfigImpl.java:170) at com.atlassian.seraph.config.SecurityConfigFactory.loadInstance(SecurityConfigFactory.java:56) ... 74 more Caused by: com.atlassian.seraph.config.ConfigurationException: Could not getRequest service: com.atlassian.confluence.security.seraph.SessionInvalidatingLoginInterceptor : java.lang.ClassNotFoundException: com.atlassian.confluence.security.seraph.SessionInvalidatingLoginInterceptor at com.atlassian.seraph.config.SecurityConfigImpl.configureInterceptors(SecurityConfigImpl.java:368) at com.atlassian.seraph.config.SecurityConfigImpl.<init>(SecurityConfigImpl.java:163) ... 75 more Caused by: java.lang.ClassNotFoundException: com.atlassian.confluence.security.seraph.SessionInvalidatingLoginInterceptor at org.apache.catalina.loader.WebappClassLoader.loadClass(WebappClassLoader.java:1516) at org.apache.catalina.loader.WebappClassLoader.loadClass(WebappClassLoader.java:1361) at com.opensymphony.util.ClassLoaderUtil.loadClass(ClassLoaderUtil.java:104) at com.atlassian.seraph.config.SecurityConfigImpl.configureInterceptors(SecurityConfigImpl.java:360) ... 76 more

Cause

The <<confluence_install>>/confluence/WEB-INF/classes/seraph-config.xml from the previous Confluence version is being used, which contains a deprecated interceptor:

1 2 3 4 <interceptors> <interceptor name="session-invalidator" class="com.atlassian.confluence.security.seraph.SessionInvalidatingLoginInterceptor"/> </interceptors>

Resolution

Ensure that seraph-config.xml from Confluence 3.4 is being used, together with the changes suggested in Custom SSOAuthenticators do not work after upgrading to Confluence 3.4 and above.

Updated on April 8, 2025
Platform
Data Center only
Products
Confluence Data Center
Crowd Data Center
On this pageSymptoms Cause Resolution

Still need help?

The Atlassian Community is here for you.
Ask the Community