Uploaded image for project: 'Bitbucket Server'
  1. Bitbucket Server
  2. BSERV-12176

Bitbucket DC SAML log in fails when hazelcast replicated sessions are enabled

    XMLWordPrintable

    Details

      Description

      Issue Summary

      When configuring Bitbucket Data Center to do replicated sessions, and there is no load balancer that supports sticky sessions, logging in through SAML fails.

      Steps to Reproduce

      1. Configure Bitbucket DC + SAML integration
      2. Enable hazelcast.http.sessions=replicated with a Load Balancer that does not support sticky sessions.

      Expected Results

      The log in through SAML works as the sessions are replicated and there is no need to have sticky sessions.

      Actual Results

      The below message is thrown in the atlassian-bitbucket.log file:

      2020-01-29 16:39:32,370 INFO  [http-nio-7990-exec-9] *10PL8OLx999x13x0 ipohdm 185.48.102.19 "POST /plugins/servlet/samlconsumer HTTP/1.1" c.a.h.s.OsgiSafeStreamSerializer ClassNotFoundException during deserialization of object from OSGI bundle system: com.atlassian.plugins.authentication.impl.web.saml.SessionData
      2020-01-29 16:39:32,370 INFO  [http-nio-7990-exec-9] *10PL8OLx999x13x0 ipohdm 185.48.102.19 "POST /plugins/servlet/samlconsumer HTTP/1.1" c.a.h.s.OsgiSafeStreamSerializer ClassNotFoundException during deserialization of object from OSGI bundle system: com.atlassian.plugins.authentication.impl.web.saml.SessionData
      2020-01-29 16:39:32,650 ERROR [http-nio-7990-exec-9] *10PL8OLx999x13x0 ipohdm 185.48.102.19 "POST /plugins/servlet/samlconsumer HTTP/1.1" c.onelogin.saml2.authn.SamlResponse The Response has an InResponseTo attribute: ONELOGIN_f7c7511b-4860-4828-81dc-244cecf240e2 while no InResponseTo was expected
      2020-01-29 16:39:32,650 ERROR [http-nio-7990-exec-9] *10PL8OLx999x13x0 ipohdm 185.48.102.19 "POST /plugins/servlet/samlconsumer HTTP/1.1" com.onelogin.saml2.Auth processResponse error. invalid_response
      2020-01-29 16:39:32,659 ERROR [http-nio-7990-exec-9] *10PL8OLx999x13x0 ipohdm 185.48.102.19 "POST /plugins/servlet/samlconsumer HTTP/1.1" c.a.p.a.i.w.f.ErrorHandlingFilter Received invalid SAML response: The Response has an InResponseTo attribute: ONELOGIN_f7c7511b-4860-4828-81dc-244cecf240e2 while no InResponseTo was expected
      com.atlassian.plugins.authentication.impl.web.saml.provider.InvalidSamlResponse: Received invalid SAML response: The Response has an InResponseTo attribute: ONELOGIN_f7c7511b-4860-4828-81dc-244cecf240e2 while no InResponseTo was expected
      	at com.atlassian.plugins.authentication.impl.web.saml.provider.impl.OneloginJavaSamlProvider.lambda$extractSamlResponse$1(OneloginJavaSamlProvider.java:89)
      	at com.atlassian.plugin.util.ContextClassLoaderSwitchingUtil.runInContext(ContextClassLoaderSwitchingUtil.java:48)
      	at com.atlassian.plugins.authentication.impl.web.saml.provider.impl.OneloginJavaSamlProvider.extractSamlResponse(OneloginJavaSamlProvider.java:80)
      	at com.atlassian.plugins.authentication.impl.web.saml.SamlConsumerServlet.doPost(SamlConsumerServlet.java:85)
      	at com.atlassian.applinks.core.rest.context.ContextFilter.doFilter(ContextFilter.java:24)
      	at com.atlassian.applinks.core.rest.context.ContextFilter.doFilter(ContextFilter.java:24)
      	at com.atlassian.applinks.core.rest.context.ContextFilter.doFilter(ContextFilter.java:24)
      	at com.atlassian.applinks.core.rest.context.ContextFilter.doFilter(ContextFilter.java:24)
      	at com.atlassian.applinks.core.rest.context.ContextFilter.doFilter(ContextFilter.java:24)
      	at com.atlassian.analytics.client.filter.UniversalAnalyticsFilter.doFilter(UniversalAnalyticsFilter.java:75)
      	at com.atlassian.analytics.client.filter.AbstractHttpFilter.doFilter(AbstractHttpFilter.java:33)
      	at com.atlassian.plugins.authentication.impl.web.filter.ErrorHandlingFilter.doFilter(ErrorHandlingFilter.java:81)
      	at com.atlassian.stash.internal.spring.lifecycle.LifecycleJohnsonServletFilterModuleContainerFilter.doFilter(LifecycleJohnsonServletFilterModuleContainerFilter.java:42)
      	at com.atlassian.bitbucket.internal.ratelimit.servlet.filter.RateLimitFilter.doFilter(RateLimitFilter.java:75)
      	at com.opensymphony.sitemesh.webapp.SiteMeshFilter.obtainContent(SiteMeshFilter.java:181)
      	at com.opensymphony.sitemesh.webapp.SiteMeshFilter.doFilter(SiteMeshFilter.java:85)
      	at com.atlassian.plugin.connect.plugin.auth.scope.ApiScopingFilter.doFilter(ApiScopingFilter.java:81)
      	at com.atlassian.stash.internal.spring.lifecycle.LifecycleJohnsonServletFilterModuleContainerFilter.doFilter(LifecycleJohnsonServletFilterModuleContainerFilter.java:42)
      	at com.atlassian.stash.internal.spring.security.StashAuthenticationFilter.doFilter(StashAuthenticationFilter.java:110)
      	at com.atlassian.stash.internal.web.auth.BeforeLoginPluginAuthenticationFilter.doInsideSpringSecurityChain(BeforeLoginPluginAuthenticationFilter.java:112)
      	at com.atlassian.stash.internal.web.auth.BeforeLoginPluginAuthenticationFilter.doFilter(BeforeLoginPluginAuthenticationFilter.java:75)
      	at com.atlassian.security.auth.trustedapps.filter.TrustedApplicationsFilter.doFilter(TrustedApplicationsFilter.java:94)
      	at com.atlassian.oauth.serviceprovider.internal.servlet.OAuthFilter.doFilter(OAuthFilter.java:67)
      	at com.atlassian.stash.internal.spring.lifecycle.LifecycleJohnsonServletFilterModuleContainerFilter.doFilter(LifecycleJohnsonServletFilterModuleContainerFilter.java:42)
      	at com.atlassian.plugin.connect.plugin.auth.oauth2.DefaultSalAuthenticationFilter.doFilter(DefaultSalAuthenticationFilter.java:69)
      	at com.atlassian.plugin.connect.plugin.auth.user.ThreeLeggedAuthFilter.doFilter(ThreeLeggedAuthFilter.java:109)
      	at com.atlassian.jwt.internal.servlet.JwtAuthFilter.doFilter(JwtAuthFilter.java:37)
      	at com.atlassian.analytics.client.filter.DefaultAnalyticsFilter.doFilter(DefaultAnalyticsFilter.java:33)
      	at com.atlassian.analytics.client.filter.AbstractHttpFilter.doFilter(AbstractHttpFilter.java:33)
      	at com.atlassian.stash.internal.spring.lifecycle.LifecycleJohnsonServletFilterModuleContainerFilter.doFilter(LifecycleJohnsonServletFilterModuleContainerFilter.java:42)
      	at com.atlassian.stash.internal.web.auth.BeforeLoginPluginAuthenticationFilter.doBeforeBeforeLoginFilters(BeforeLoginPluginAuthenticationFilter.java:90)
      	at com.atlassian.stash.internal.web.auth.BeforeLoginPluginAuthenticationFilter.doFilter(BeforeLoginPluginAuthenticationFilter.java:73)
      	at com.atlassian.stash.internal.request.DefaultRequestManager.doAsRequest(DefaultRequestManager.java:87)
      	at com.hazelcast.web.WebFilter.doFilter(WebFilter.java:371)
      	at com.atlassian.stash.internal.hazelcast.ConfigurableWebFilter.doFilter(ConfigurableWebFilter.java:36)
      	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
      	at java.lang.Thread.run(Thread.java:748)
      	... 235 frames trimmed
      2020-01-29 16:40:16,485 INFO  [http-nio-7990-exec-1] *10PL8OLx1000x37x2 185.48.102.19 c.a.h.s.OsgiSafeStreamSerializer ClassNotFoundException during deserialization of object from OSGI bundle system: com.atlassian.plugins.authentication.impl.web.saml.SessionData
      2020-01-29 16:40:16,487 INFO  [http-nio-7990-exec-3] *10PL8OLx1000x35x0 185.48.102.19 c.a.h.s.OsgiSafeStreamSerializer ClassNotFoundException during deserialization of object from OSGI bundle system: com.atlassian.plugins.authentication.impl.web.saml.SessionData
      2020-01-29 16:40:16,489 INFO  [http-nio-7990-exec-10] *10PL8OLx1000x36x1 185.48.102.19 c.a.h.s.OsgiSafeStreamSerializer ClassNotFoundException during deserialization of object from OSGI bundle system: com.atlassian.plugins.authentication.impl.web.saml.SessionData
      

      Workaround

      No workaround

        Attachments

          Activity

            People

            Assignee:
            Unassigned Unassigned
            Reporter:
            malonso@atlassian.com Miguel Alonso
            Votes:
            1 Vote for this issue
            Watchers:
            8 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: