Crowd SSO Error with Google Apps

Platform Notice: Data Center Only - This article only applies to Atlassian products on the Data Center platform.

Note that this KB was created for the Data Center version of the product. Data Center KBs for non-Data-Center-specific features may also work for Server versions of the product, however they have not been tested. Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.

*Except Fisheye and Crucible

Symptoms

The following error appears when you try to access Google Apps with Crowd SSO:

1 SAML Error: SAMLRequest is not Base64 encoded: fVJNT%2BMwEL2vtP8h8r1Jw5eQ1QR1QYhKwEY07GFvgz1JTR1P8Dgt%2FHvcFAQcQPLp%2Bfl9jGd29tzZZIOeDblC5OlUJOgUaePaQtzXl5NTcVb%2B%2FjVj6Gwv50NYuTt8GpBDEl86luNFIQbvJAEblg46ZBmUXM5vruVBOpW9p0CKrEgWF4XQqPVj5%2FoWqG3gwTjlyDQKcG1Bm6bXa2dovUKR%2FHuPdbCLtWAecOE4gAsRmuZHk%2BlpPHV%2BIvN

Cause

The incoming string has been URL escaped, possibly due to proxy.

Workaround

The following workaround can be applied if you are using an Apache proxy server:

  • Add the nocanon option to ProxyPass in the proxy configuration. This will pass the URL path "raw" to the backend, which will prevent the escaping. For example:

    1 ProxyPass /foo http://foo.example.com/bar nocanon

  • Add the[NE,R] flag to the RewriteRule. This will prevent the special characters, such as & and ?, from being converted to their equivalent hexcode.

    1 RewriteRule <PATTERN> [NE,R]
Updated on April 8, 2025
Platform
Data Center only
Product
Crowd Data Center
On this pageSymptomsCauseWorkaround

Still need help?

The Atlassian Community is here for you.
Ask the Community