-
Type:
Bug
-
Resolution: Fixed
-
Priority:
High
-
None
-
Affects Version/s: 6.2.0
-
Component/s: SSO
-
None
-
8
-
Severity 3 - Minor
-
131
Issue Summary
After upgrading Data Center applications to versions containing two-step verification (such as Confluence 9.1 and above, or Jira 10.2 and above), users are unable to use Crowd SSO to login through these applications.
This issue only affects applications where Crowd SSO has been configured through the legacy method (by editing the crowd.properties file and enabling Crowd SSO through the application's seraph), such as described in:
It does not affect applications where Crowd SSO has been configured through SSO 2.0.
Steps to Reproduce
- Install any Crowd and Confluence lower than 9.1
- Configure a Crowd user directory and add it to Confluence
- Enable SSO as per Integrating Crowd with Atlassian Confluence
- Confirm you're able to login to Confluence through Crowd SSO
- Upgrade Confluence to 9.1 or above
- Try to login to Confluence again
Expected Results
The SSO configuration should still work, the user should be able to log in to Confluence and Crowd.
Actual Results
The Confluence login page simply refreshes. Jira may display the system dashboard.
If you insert the wrong credentials in the application, it'll display the "wrong credentials" message - indicating that there is some authentication being successful but the user still cannot log in.
You might be able to log in to Confluence if you log in to Crowd first.
This issue affects all Data Center applications where TSV has been implemented, including Jira, Confluence, Bamboo and Bitbucket.
Workaround
This issue is caused due to a incompatibility between the implementation of two-factor authentication and the authentication path used by the legacy SSO configuration.
To restore SSO functionality until this bug is fixed, users have two options:
- Configure SSO 2.0. This will allow you to use both SSO and TSV.
- Apply the parameter -Datlassian.authentication.legacy.mode=true to Confluence's system properties. This will disable TSV and restore the legacy SSO functionality. See Manage two-step verification for your Atlassian account.