SSO Troubleshooting With Instances Running Proxy

Platform Notice: Data Center Only - This article only applies to Atlassian products on the Data Center platform.

Note that this KB was created for the Data Center version of the product. Data Center KBs for non-Data-Center-specific features may also work for Server versions of the product, however they have not been tested. Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.

*Except Fisheye and Crucible

Problem

This documentation covers the troubleshooting of the following scenarios when SSO Crowd does not work after implementing proxy in your system:

  1. SSO works before applying proxy. After applying proxy, SSO does not work however all application still work and users are able to log in to all applications.

  2. After applying proxy, SSO does not work and users are not able to log in to an Atlassian Application (for example, to Confluence).

Scenario 1:

After applying proxy:

  • Able to log in to Crowd and its applications

  • SSO is not working

Possible cause and Diagnosis steps:

  • The fact that users are able to log in to an application is an evident that the seraph-config.xml and the crowd.properties configuration are good.

  • Issue would be the domain name settings from the UI level

Configuration needed to be checked:

  • Check the domain name from Crowd Admin > General > General Options

    (Auto-migrated image: description temporarily unavailable)

    • SSO Domain should not be left empty

    • SSO Domain should comply with the guide stated in the following documentation:

Scenario 2:

After applying SSO, users are not able to log in to a configured Atlassian application.

Possible cause and Diagnosis steps:

  • The fact that users are not able to log in to an application is an evident that seraph-config.xml and the crowd.properties configuration may not be correct.

Configuration needed to be checked:

  1. Ensure that each Atlassian application's WEB-INF/classes/seraph-config.xml file is using the Crowd's com.atlassian.crowd authenticator class.

  2. In the crowd.properties file, make sure that the application URL from each application (such as Confluence/JIRA) is set to Crowd's IP address instead of Crowd's base URL

(Auto-migrated image: description temporarily unavailable)

  1. Debugging SSO in environments with Proxy Servers

  2. Troubleshooting SSO with Crowd

Updated on April 15, 2025
Platform
Data Center only
Product
Crowd Data Center
On this pageProblemScenario 1:Scenario 2:Related documentation:

Still need help?

The Atlassian Community is here for you.
Ask the Community