Confluence Shows Insecure Content Warnings

Platform Notice: Data Center Only - This article only applies to Atlassian products on the Data Center platform.

Note that this KB was created for the Data Center version of the product. Data Center KBs for non-Data-Center-specific features may also work for Server versions of the product, however they have not been tested. Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.

*Except Fisheye and Crucible

Summary

Environment

  • Confluence running behind Apache

  • SSL enabled on Confluence

  • Confluence loads at https://...

Symptoms

  • Between login and Confluence dashboard, warning messages pop up

  • Confluence presents "insecure content" warnings to users even though Confluence is running over SSL

(Auto-migrated image: description temporarily unavailable)
(Auto-migrated image: description temporarily unavailable)

Diagnosis

Custom authentication is being used. Shibboleth, in this example.

Cause

There are missing configuration settings in the shib.conf file.

Solution

Resolution

  • Add ShibRedirectToSSL 443 configuration settings to shib.conf. Similar to:

    <Location /<context-path-here if necessary>> AuthType shibboleth ShibUseEnvironment On ShibUseHEaders On ShibRequestSetting requireSession 1 require shibboleth ShibRedirectToSSL 443 </Location>
Updated on May 22, 2025
Platform
Data Center only
Product
Confluence Data Center
On this pageSummaryDiagnosisCauseSolution

Still need help?

The Atlassian Community is here for you.
Ask the Community