Users unable to log in using SSO
Platform Notice: Data Center Only - This article only applies to Atlassian products on the Data Center platform.
Note that this KB was created for the Data Center version of the product. Data Center KBs for non-Data-Center-specific features may also work for Server versions of the product, however they have not been tested. Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.
*Except Fisheye and Crucible
Summary
Users are unable to log in using SSO. This could be happening after an upgrade of Jira
Diagnosis
Users are unable to log in using SSO
The below error is seen in the logs during login attempt
1 2 3 4 5 6 7 82022-05-12 15:59:12,612+0200 http-nio-8080-exec-22 WARN anonymous 123x4567x8 1a23b4c 10.11.12.13,127.0.0.1 /plugins/servlet/samlconsumer [c.a.p.a.i.web.saml.SamlConsumerServlet] Received an invalid SamlResponse: com.atlassian.plugins.authentication.impl.web.saml.provider.InvalidSamlResponse: Received invalid SAML response: Signature validation failed. SAML Response rejected 2022-05-12 15:59:12,612+0200 http-nio-8080-exec-22 ERROR anonymous 123x4567x8 1a23b4c 10.11.12.13,127.0.0.1 /plugins/servlet/samlconsumer [c.a.p.a.i.web.filter.ErrorHandlingFilter] Received invalid SAML response: Signature validation failed. SAML Response rejected com.atlassian.plugins.authentication.impl.web.saml.provider.InvalidSamlResponse: Received invalid SAML response: Signature validation failed. SAML Response rejected at com.atlassian.plugins.authentication.impl.web.saml.provider.impl.OneloginJavaSamlProvider.lambda$extractSamlResponse$1(OneloginJavaSamlProvider.java:91) at com.atlassian.plugin.util.ContextClassLoaderSwitchingUtil.runInContext(ContextClassLoaderSwitchingUtil.java:48) at com.atlassian.plugins.authentication.impl.web.saml.provider.impl.OneloginJavaSamlProvider.extractSamlResponse(OneloginJavaSamlProvider.java:82) at com.atlassian.plugins.authentication.impl.web.saml.SamlConsumerServlet.doPost(SamlConsumerServlet.java:94) ...This could be happening immediately after the upgrade. Before the upgrade (or upon rollback), users are able to log in without issues
Verified that the certificate is correct
Re-creating the SSO configuration also does not help
Cause
Caused by character encoding issue.
Solution
Stop Jira
Add the 2 properties below as per Setting properties and options on startup
1 2-Dfile.encoding=UTF-8 -Djavax.servlet.request.encoding=UTF8Restart Jira
Was this helpful?