Cannot log into Confluence or Crowd Console after restoring admin user rights
Platform Notice: Data Center - This article applies to Atlassian products on the Data Center platform.
Note that this knowledge base article was created for the Data Center version of the product. Data Center knowledge base articles for non-Data Center-specific features may also work for Server versions of the product, however they have not been tested. Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.
*Except Fisheye and Crucible
Symptoms
- Cannot log into Confluence or Crowd Console
- Restoring Passwords To Recover Admin User Rights via Database does not grant access
The following may show in the atlassian-confluence.log:
com.atlassian.crowd.exception.PasswordEncoderNotFoundException: The PasswordEncoder 'null' was not found in the Internal Encoders list by the PasswordEncoderFactory
at com.atlassian.crowd.password.factory.PasswordEncoderFactoryImpl.getInternalEncoder(PasswordEncoderFactoryImpl.java:37)
Stack Trace:[hide]
com.atlassian.crowd.exception.PasswordEncoderNotFoundException: The PasswordEncoder 'null' was not found in the Internal Encoders list by the PasswordEncoderFactory
at com.atlassian.crowd.password.factory.PasswordEncoderFactoryImpl.getInternalEncoder(PasswordEncoderFactoryImpl.java:37)
at com.atlassian.crowd.directory.AbstractInternalDirectory.authenticate(AbstractInternalDirectory.java:339)
at com.atlassian.crowd.directory.AbstractInternalDirectory.processAuthentication(AbstractInternalDirectory.java:179)
at com.atlassian.crowd.directory.AbstractInternalDirectory.authenticate(AbstractInternalDirectory.java:147)
at com.atlassian.crowd.manager.directory.DirectoryManagerGeneric.authenticateUser(DirectoryManagerGeneric.java:276)
at com.atlassian.crowd.manager.application.ApplicationServiceGeneric.authenticateUser(ApplicationServiceGeneric.java:102)
Diagnosis
Running query against cwd_directory_attribute shows missing entry for attribute_name user_encryption_method.
Cause
At this time the root cause is not verified. Please comment below if you've found a potential cause. It's possible that the incorrect license type may have been entered into license field.
Workaround
As a workaround:
- Shut down Confluence.
Find the directory id of the Confluence Internal Directory
select id from cwd_directory where directory_name ='Confluence Internal Directory';Run this query against your database to determine if the encryption method is already set:
select attribute_value from cwd_directory_attribute where attribute_name like '%encryption_method%';If the query in Step 3 returns no rows found, run the below query against your database, replacing <your_directory_id> with the id from the previous query.
insert into cwd_directory_attribute (directory_id, attribute_value, attribute_name) values (<your_directory_id>,'atlassian-security','user_encryption_method');If query in Step 3 returns a value other than atlassian-security, run this command against the database:
update cwd_directory_attribute set attribute_value = 'atlassian-security' where attribute_name = 'user_encryption_method';- Restart Confluence.
- Recreate LDAP directories if required, and access should be restored to users.
Resolution
See workaround.