Details
-
Bug
-
Resolution: Fixed
-
High
-
None
-
10
-
Severity 1 - Critical
-
3
-
Description
Summary
When a session timeout has been configured and SSO via SAML has been configured, the sessions do not timeout gracefully. End-users are presented with a 403 response when trying to access Atlassian Cloud content. The expectation is that end-users would be presented with a login page that would allow them to be able to log back in and continue working.
Environment
- SSO via SAML configured
- Session timeout configured
Steps to Reproduce
- Log in to Atlassian services using SSO via SAML
- Wait for the session to timeout
Expected Results
- The session times out gracefully and users are redirected to Atlassian account the login page(or the IdP login page)
Actual Results
- After the session times out, the users are not redirected to the login page when accessing Cloud URLs
- Sometimes, end-users are getting an 'HTTP Status 403 - Forbidden' error
Notes
- At this point, it's unconfirmed whether or not end-users should be redirected to the requested page, but should be possible
- Testing had shown that if SSO via SAML is not configured, then users are redirected to the Atlassian account login page as expected
Workaround
Option 1 : Clear browser site data for Atlassian services - e.g. for Chrome: chrome://settings/siteData, filter and clear the site data for Atlassian sites
Option 2 : Login via https://start.atlassian.com/ and then access the Confluence site.
Attachments
Issue Links
- is duplicated by
-
CLOUD-10762 Redirect page to Altassian login or Confluence/Jira Home when hit to error
- Closed
- caused by
-
HOT-89797 Loading...