Confluence Custom Authenticator Plugin

I’m in the process of trying to write a custom authenticator class for Confluence. The premise behind how it works will be that it will pull a “remote_user” header from Apache that is set by our SSO system. From what I can gather, most of my code matches a similar style plugin here. Here is my class:

package net.organization.atlassian.confluence;

import com.atlassian.confluence.user.ConfluenceAuthenticator;


import com.atlassian.seraph.auth.DefaultAuthenticator;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import org.apache.log4j.Category;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;

public class RemoteUserAuthenticator extends ConfluenceAuthenticator {
    private static final long serialVersionUID = 1L;
    private static final Log log = LogFactory.getLog(RemoteUserAuthenticator.class);

    public Principal getUser(HttpServletRequest request, HttpServletResponse response) {

        //If the session exists, we try to get the session username.
        if (request.getSession() != null) {
            Principal sessionUser = getUserFromSession(request);
            if (sessionUser != null) {
                return sessionUser;

        //If that doesn't work, we can get it from the REMOTE_USER header that is set by Apache
        String remoteUser = request.getHeader("remote_user");
        log.debug("request.getHeader(\"remote_user\") = " + remoteUser);

        //If the user doesn't exist, set to null and Confluence will redirect to the login page
        if (remoteUser == null) {
            return null;

        //Try to get the user from the Confluence database
        Principal user = getUser(remoteUser);

        if (user == null) {
            log.error("Authenticated user '" + remoteUser + "' cannot be found");
            return null;

        //We are logged in now
        request.getSession().setAttribute(DefaultAuthenticator.LOGGED_IN_KEY, user);
        request.getSession().setAttribute(DefaultAuthenticator.LOGGED_OUT_KEY, null);

        log.debug("Logged in with User " + remoteUser);

        return user;

I’ve compiled it into a .jar with Maven, and placed it into the confluence/WEB-INF/lib folder. Now, in confluence/WEB-INF/classes/seraph-config.xml, I set the authenticator class to:

<authenticator class="net.organization.atlassian.confluence.RemoteUserAuthenticator"/>

The issue is that after setting this and restarting my docker container, Confluence completely crashes and the docker container cannot stay running. I’ve been trying to follow some of the steps listed here, but I’m not sure where I’ve gone wrong. This is my first time trying to write a plugin, so please excuse my unfamiliarity with Confluence development. If any other information is needed, please let me know, I just did not want to pollute this post with extraneous info.

I’m hoping somebody could point out where I might’ve gone wrong (the class itself, configuration, etc) to send me in the right direction.

Hi @SpadesForDays. Can you send a log/trace around the error?

I just tried to recreate this error, but fortunately my Docker container did not crash this time. Catalina server logs show no error, but the plugin still doesn’t seem to work. It just takes me to the normal login page? Is there a good way to tell what might be wrong with my class?

Hi @SpadesForDays ,

Were you able to find the error? If not, I suppose you can attempt again the same steps by enabling the confluence diagnostics (under Logging and Profiling) and then rerunning those steps. The messages should be found in confluence logs. In case you want to share them, please do that here I would like to help. I had recently implemented Custom Authenticator for confluence.