Atlassian uses cookies to improve your browsing experience, perform analytics and research, and conduct advertising. Accept all cookies to indicate that you agree to our use of cookies on your device. Atlassian cookies and tracking notice, (opens new window)
Teams
, (opens new window)
Comala Document Management for Data Center
Results will update as you type.
  • Overview
  • Get started
  • User Guide
    • Comala Workflow
    • Apply workflows
    • Workflow state dialog box
    • Workflow status bar
    • Tasks dialog box
    • Read confirmation
    • Workflow builder
    • Workflow for translator for Cloud
    • Page tools menu
    • Content reviews
    • E-Signature
      • Authentication apps
      • Using an approval signing token to undertake a review
      • Set up a reviewer signing token
      • Reviewer authentication
  • Workflow Authoring Guide
  • How to's and tutorials
  • Reporting Guide
  • Administration Guides
  • Developer Guides
  • Integration Guides
  • Migrating to Confluence Cloud
  • Release notes
  • Support
    You‘re viewing this with anonymous access, so some content might be blocked.
    /
    Reviewer authentication
    Updated Sept 03

    Reviewer authentication

    1 Overview | 1.1 Security Warning | 2 Reviewer credentials | 3 Authentication level | 4 Authentication implementation | 4.1 Signing Token | 5 Logging invalid credentials | 6 Related pages

    Overview

    If you need extra confidence that the reviewer is the owner of the logged-in user account, use the credentials parameter on the approval macro.

    A reviewer needs to add valid credentials to enable the approval decision buttons for the approval in the workflow popup.

    The reviewer credentials required can be set to be either

    • Confluence password

    • Confluence username and password

    The workflow can also be configured to require an e-signature token generated by a third party authentication app.

    Security Warning

    Just like Confluence login, the username and password are sent as plain text. It is strongly recommended to run Confluence over SSL or HTTPS

    Reviewer credentials

    Adding the credentials parameter disables the approval decision buttons in the workflow popup until valid credentials are entered by the reviewer.

    Adding a credentials parameter with a value equal to 2 to the approval - credentials=2 - requires each user to enter their username and Confluence password in the workflow popup. prior to undertaking the review. Once the credentials are entered, these are validated and the approval is enabled.

    Credentials need to be added each time the user visits the page if the review before an approval decision can be undertaken.

    {workflow:name=Reviewer Authentication} {state:Review|approved=Review|rejected=Review} {approval:Review Content|credentials=2} {state} {workflow}

    Workflow builder can also be used to edit an approval and set the reviewer authentication required (if any) using the Credentials options.

    By default, no credentials are required to undertake an approval.

    Authentication level

    There are three levels of authentication to choose from:

    • 0 – must be logged in (member of confluence-users group) – default

    • 1 – additionally, must confirm Password

    • 2 – additionally, must confirm Username

    The requirements stack, so a value of 2 means: Logged in + Password + Username.

    The password and username, as applicable, must match that of the logged in user.

    Authentication implementation

    The user credentials are authenticated using the internal Confluence authentication API.  This means this feature will support users that are setup within Confluence or external directory users that perform authentication through Confluence.  Single Sign On (SSO) solutions that are not setup as authentication directories within Confluence are not supported.

    Signing Token

    Global administrators can choose the method used by approvals to authenticate reviewers during a content review. Reviewer authentication can be set as either:

    • the user Confluence username and password

    • the user Confluence username and time-based one-time (OTP) password

    The OTP is a time-based 6 digit signing token generated by a third-party app.

    OTP can be used where reviewer authentication is required but reviewers use a SSO solution to access the instance.

    The workflow popup credentials prompt for reviewer authentication will include the request for a signing token.


    Each individual user must set up an account with a third-party app for the instance.

    See: E-Signatures Configuration - GlobalPreview and Set up a reviewer signing tokenPreview.

    Logging invalid credentials

    Enable INFO level logging on the com.comalatech.confluence.workflow.DefaultApprovalManager class to log approvals, rejections and invalid credentials.

    An example of the log file output is shown below:

    [INFO] [talledLocalContainer] 2013-05-15 14:51:31,035 INFO [http-1990-6] [comalatech.confluence.workflow.DefaultApprovalManager] approvePage user: admin pageId: 983156 approval: Review approved: true error: Invalid credentials

    Related pages

    • ApprovalsPreview

    • Content reviewsPreview

    • Credentials promptPreview

    • E-Signatures Configuration - GlobalPreview

    Need support? Create a request with our support team.

    Copyright © 2005 - 2025 Appfire | All rights reserved.

    {"serverDuration": 15, "requestCorrelationId": "21405bb0cd2847fdb136c0376fbe0650"}