Facing issue with Sphinx while connecting with SSO configured Confluence

[tapas-baranwal]

Hi Team,

I hope your day is going well.

We are facing issue with Sphinx confluence Builder. We are unable to establish connection between Confluence and Sphinx. We are using SSO in our Confluence for Login. Can you please help me how we can connect so that we use the Sphinx Confluence Builder?

Please see the attachment for error.

[jdknight]

• Since it appears you are using a Confluence Cloud instance, are you using an API token for your authentication (and not a password)? I'm not sure off hand if Cloud accepts user's account passwords anymore.
• Maybe try the connection troubleshooting tool?
• Is still experiencing issues, mind generating a report?

[tapas-baranwal]

Hi James,

We try to use API tokens also. But it still not working. Due to Single Sign On we can't use Username and Password.

[jdknight]

Support for SSO-configured environments do not always have a straightforward solution. It depends on the SSO provider used (third-party or custom-made) and other special conditions that may have been enforced by system administrators of the Confluence instance. On top of that, there are no environments like these available to extension maintainers to test/verify on.

That being said, typically users deal with SSO scenarios by using the confluence_server_cookies configuration key. This is for environments that use a browser to perform an authentication, which results in the generation of a cookie string value which in turn can be used in this extension's cookie injection option. A crude test would be to authenticate with a browser session, use the a browser development panel (e.g. F12) to retrieve a session token and trying it out with this extension. The process of acquiring a cookie value "properly" will vary per SSO solution. There was a discussion on an approach for an AWS SSO solution in https://github.com/sphinx-contrib/confluencebuilder/issues/728, but I cannot say it is a trivial process.

The only other immediate hints I can provide are if your environment provides client support for SSO authentication with a Python Requests module, you should be able to use the confluence_server_auth option to attach/use the implementation as the authentication module for this extension. Another approach may be to use confluence_publish_headers to directly inject specific headers desired for your SSO instance, but the option still needs to be populated by whatever conditions/values expected for the SSO solution.

Finally, the use of confluence_publish_debug could be helpful in debugging requests when using the value of headers. Some instances have a reverse proxy that can provide URL hints or error messages that may not be explicitly handled by this extension.

[jdknight]

@tapas-baranwal, it does not appear to me that you are using an API token for what looks to be a Confluence Cloud instance. The value for confluence_server_pass should be set to a value looking like the following (example token below):

YDYDD3qVvKV0FbkErSxaQ2olmyUO8PP-hsREnXaP9sobDyAn7JuE_LtgBlL3mYX5kWvqXKAr3uK1RrLMmM5XYiAfZBVSmSIKwCIY26JbwxTMV8Igydrk7VzdS9sAyqMhq_Ct5S0PfmAiS_thhJb6NQNEOu56YLeVBAA-CuxQeapiTz_AMGwaPe8=02381T9A

I would also advise you change your password. Note that it is not recommended to share the contents of the Authorization header, as it will reveal credential details.