Versions Compared

Old Version 4

changes.mady.by.user Robert Alexander Marshall

Saved on

compared with

New Version 5

changes.mady.by.user Robert Alexander Marshall

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Overview

Excerpt
This example shows how to authenticate reviewers during a content review.

If you need extra confidence that the reviewer is the owner of the logged-in user account, use the credentials parameter on the {approval} macro.

Warning
titleSecurity Warning

Just like Confluence login, the username and password are sent as plain text. It is strongly recommended to run Confluence over SSL or HTTPS


Example

Code Block
languagetext
themeRDark
{workflow:name=Reviewer Authentication}
   {state:Review|approved=Review|rejected=Review}
      {approval:Review Content|credentials=2}
   {state}
{workflow}


Authentication level

There are three levels of authentication to choose from:

  • 0 – must be logged in (member of confluence-users group) – default
  • 1 – additionally, must confirm Password
  • 2 – additionally, must confirm Username

The requirements stack, so a value of 2 would mean: Logged in + Password + Username.

The password and username, as applicable, must match that of the logged in user.

Authentication Implementation

The user credentials are authenticated using the internal Confluence authentication API.  This means this feature will support users that are setup within Confluence or external directory users that perform authentication through Confluence.  Single Sign On (SSO) solutions that are not setup as authentication directories within Confluence are not supported.

Signing Token

Global administrators can choose the method used by approvals to authenticate reviewers during a content review. Reviewer authentication can be set as either:

  • the user Confluence username and password
  • the user Confluence username and time-based one-time (OTP) password. The OTP is a time-based 6 digit signing token generated by a third-party app.

OTP can be used where reviewer authentication is required but reviewers use a SSO solution to access the instance.

The workflow popup credentials prompt for reviewer authentication will include the request for a signing token.


Each individual user must set up an account with a third-party app for the instance.

See: E-Signature Configuration - Global, Setting up a reviewer signing token

Logging Invalid Credentials

Enable INFO level logging on the com.comalatech.confluence.workflow.DefaultApprovalManager class to log approvals, rejections and invalid credentials.

An example of the log file output is shown below:

Code Block
themeRDark
[INFO] [talledLocalContainer] 2013-05-15 14:51:31,035 INFO [http-1990-6] [comalatech.confluence.workflow.DefaultApprovalManager] approvePage user: admin pageId: 983156 approval: Review approved: true error: Invalid credentials

See also

Workflow Authoring Guide:

User Guide:

Confluence Admin