I am working on a custom authentication solution for our Atlassian installation. I have modified the login.url and the link.login.url init-params in the seraph-config.xml to point to our authentication service. After the user has authenticated to our external system, I am unable to add the user (Principal) to the session in a way that Confluence recognizes that the user is authenticated. This causes a loop between Confluence and the authentication system resulting in a redirect loop error message in the browser.

I am using the Atlassian refapp for my plugin because I would like to apply this plugin to Jira, Confluence, Stash and Bamboo. After successfully logging in via the custom authentication solution and looking up the user in the UserProfile privded by the Atlassian UserManager:

UserProfile userProfile = userManager.getUserProfile(uid);

final String jiraUsername = userProfile.getUsername();

I attempt to add the user (Principal) to the session with the following code:

request.getSession().setAttribute(ConfluenceAuthenticator.LOGGED_IN_KEY, principal);

request.getSession().setAttribute(ConfluenceAuthenticator.LOGGED_OUT_KEY, null);

Pretty much the same code works for Jira (using DefaultAuthenticator instead of ConfluenceAuthenticator). Is there something else I need to do to get Confluence to recognize the authenticated user?