-
Bug
-
Resolution: Fixed
-
High (View bug fix roadmap)
-
4.4.4
-
4.04
-
When user try to login via http://<path to JIRA>/login.jsp and user is actually do not exist in JIRA database, the following exception will be throw to user interface if user is not actually:
com.atlassian.jira.util.dbc.Assertions$NullArgumentException: user should not be null! at com.atlassian.jira.util.dbc.Assertions.notNull(Assertions.java:26) at com.atlassian.jira.security.login.LoginManagerImpl.authorise(LoginManagerImpl.java:135) at com.atlassian.jira.security.JiraRoleMapper.canLogin(JiraRoleMapper.java:46) at com.atlassian.seraph.auth.DefaultAuthenticator.isAuthorised(DefaultAuthenticator.java:229) at com.atlassian.seraph.auth.DefaultAuthenticator.authoriseUserAndEstablishSession(DefaultAuthenticator.java:197) at com.atlassian.seraph.auth.DefaultAuthenticator.login(DefaultAuthenticator.java:102) at com.atlassian.crowd.integration.seraph.v22.CrowdAuthenticator.login(CrowdAuthenticator.java:133) at com.atlassian.seraph.filter.PasswordBasedLoginFilter.runAuthentication(PasswordBasedLoginFilter.java:127) at com.atlassian.seraph.filter.PasswordBasedLoginFilter.login(PasswordBasedLoginFilter.java:72) at com.atlassian.seraph.filter.BaseLoginFilter.doFilter(BaseLoginFilter.java:130) at com.atlassian.jira.web.filters.JiraLoginFilter.doFilter(JiraLoginFilter.java:70) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at com.atlassian.plugin.servlet.filter.IteratingFilterChain.doFilter(IteratingFilterChain.java:46) at com.atlassian.plugin.servlet.filter.DelegatingPluginFilter$1.doFilter(DelegatingPluginFilter.java:66) at com.atlassian.oauth.serviceprovider.internal.servlet.OAuthFilter.doFilter(OAuthFilter.java:71) at com.atlassian.plugin.servlet.filter.DelegatingPluginFilter.doFilter(DelegatingPluginFilter.java:74) at com.atlassian.plugin.servlet.filter.IteratingFilterChain.doFilter(IteratingFilterChain.java:42) at com.atlassian.plugin.servlet.filter.ServletFilterModuleContainerFilter.doFilter(ServletFilterModuleContainerFilter.java:77) at com.atlassian.plugin.servlet.filter.ServletFilterModuleContainerFilter.doFilter(ServletFilterModuleContainerFilter.java:63) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at com.atlassian.util.profiling.filters.ProfilingFilter.doFilter(ProfilingFilter.java:99) at com.atlassian.jira.web.filters.JIRAProfilingFilter.doFilter(JIRAProfilingFilter.java:19) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at com.atlassian.johnson.filters.AbstractJohnsonFilter.doFilter(AbstractJohnsonFilter.java:71) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at org.tuckey.web.filters.urlrewrite.UrlRewriteFilter.doFilter(UrlRewriteFilter.java:350) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at com.atlassian.gzipfilter.GzipFilter.doFilterInternal(GzipFilter.java:81) at com.atlassian.gzipfilter.GzipFilter.doFilter(GzipFilter.java:51) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at com.atlassian.plugin.servlet.filter.IteratingFilterChain.doFilter(IteratingFilterChain.java:46) at com.atlassian.plugin.servlet.filter.DelegatingPluginFilter$1.doFilter(DelegatingPluginFilter.java:66) at com.sysbliss.jira.plugins.workflow.servlet.JWDSendRedirectFilter.doFilter(JWDSendRedirectFilter.java:25) at com.atlassian.plugin.servlet.filter.DelegatingPluginFilter.doFilter(DelegatingPluginFilter.java:74) at com.atlassian.plugin.servlet.filter.IteratingFilterChain.doFilter(IteratingFilterChain.java:42) at com.atlassian.plugin.servlet.filter.ServletFilterModuleContainerFilter.doFilter(ServletFilterModuleContainerFilter.java:77) at com.atlassian.plugin.servlet.filter.ServletFilterModuleContainerFilter.doFilter(ServletFilterModuleContainerFilter.java:63) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at com.atlassian.jira.web.filters.steps.ChainedFilterStepRunner.doFilter(ChainedFilterStepRunner.java:74) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at com.atlassian.core.filters.cache.AbstractCachingFilter.doFilter(AbstractCachingFilter.java:33) at com.atlassian.core.filters.AbstractHttpFilter.doFilter(AbstractHttpFilter.java:31) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at com.atlassian.core.filters.encoding.AbstractEncodingFilter.doFilter(AbstractEncodingFilter.java:41) at com.atlassian.core.filters.AbstractHttpFilter.doFilter(AbstractHttpFilter.java:31) at com.atlassian.jira.web.filters.PathMatchingEncodingFilter.doFilter(PathMatchingEncodingFilter.java:49) at com.atlassian.core.filters.AbstractHttpFilter.doFilter(AbstractHttpFilter.java:31) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at com.atlassian.jira.web.monitor.ActiveRequestsFilter$PassToChainFilterFunc.doFilter(ActiveRequestsFilter.java:346) at com.atlassian.jira.web.monitor.ActiveRequestsFilter$DebugLogFilterFunc.doFilter(ActiveRequestsFilter.java:463) at com.atlassian.jira.web.monitor.ActiveRequestsFilter.doFilter(ActiveRequestsFilter.java:173) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at com.atlassian.jira.startup.JiraStartupChecklistFilter.doFilter(JiraStartupChecklistFilter.java:75) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at com.atlassian.multitenant.servlet.MultiTenantServletFilter.doFilter(MultiTenantServletFilter.java:91) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at com.atlassian.jira.web.filters.steps.ChainedFilterStepRunner.doFilter(ChainedFilterStepRunner.java:74) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:554) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:298) at org.apache.coyote.http11.Http11AprProcessor.process(Http11AprProcessor.java:864) at org.apache.coyote.http11.Http11AprProtocol$Http11ConnectionHandler.process(Http11AprProtocol.java:579) at org.apache.tomcat.util.net.AprEndpoint$Worker.run(AprEndpoint.java:1665) at java.lang.Thread.run(Unknown Source)
Connection topology:
JIRA(Embedded Crowd) using Atlassian Crowd directory --> Crowd(Using Delegated Authentication Directory) --> LDAP(AD)
Steps to replicate:
- Configure JIRA to Crowd without using SSO
- Create a new user in LDAP server
- Configure Crowd to use Delegated Authentication Directory to connect with LDAP
- Configure the Crowd directory Default Group Memberships to have jira-users
- Login in to JIRA with the user
- User probably able to login to JIRA
- Delete the user from JIRA
- Shut down JIRA
- Change the seraph-config.xml to use the following authenticator:
<authenticator class="com.atlassian.jira.security.login.SSOSeraphAuthenticator"/> - Start JIRA and try to login with the LDAP user again
This scenario only happen when using the SSO class in seraph-config.xml to enable SSO:
<authenticator class="com.atlassian.jira.security.login.SSOSeraphAuthenticator"/>
- is related to
-
-
- Closed
-
[JRASERVER-27464] Exception will be shown to user if user does not exist in JIRA database
Bhushan Nagaraj
added a comment - 5.0.6 and still waiting. This is getting pretty messy as we have more and more users signing up every day
Bhushan Nagaraj
added a comment - 5.0.6 and still waiting. This is getting pretty messy as we have more and more users signing up every day Bhushan Nagaraj
added a comment - We are facing this issue after upgrade to 5.0.2 from 4.2.4
Most users shifting to a new bug tracking system will not be very supportive and if they face this upon their first login, it becomes a huge task trying to win them back.
I hope this issue can be fixed asap. Atleast in version 5.0.4
Bhushan Nagaraj
added a comment - We are facing this issue after upgrade to 5.0.2 from 4.2.4
Most users shifting to a new bug tracking system will not be very supportive and if they face this upon their first login, it becomes a huge task trying to win them back.
I hope this issue can be fixed asap. Atleast in version 5.0.4 I did a try to reopen https://support.atlassian.com/browse/JSP-106179 to express my deagrement on this way to work. 42 days, too old for you... strange!
We pay more and more for the licences. I fully agree to do it only if the blocking problem are really taken in consideration!!!
I'm interested to have feature facebook like, gadgets and so one... BUT before those blink-blink features as well to have this issue solved!
Bruno Blaise
Any news? 
This BUG is terrible for the image and not only our image, as well your image!!!
When a new user comes with full motivation, how to explain to the user that we have a BUG and that he(she) is authenticated but not really and come back after the synchronization...
Fixe it or at least propose a planning.
Bruno
Bad news to see that the problem is still present with jira 5.0
Indeed this is exactly the same problem and we have the same behaviour with confluence 3.4.9
John Henning
added a comment - This sounds like the same issue that I am encountering right now. We are using JIRA version 5.0 with Crowd version 2.4. JIRA is configured to use the Atlassian Crowd directory type and Crowd is configured for Delegated LDAP Authentication with Active Directory as the authentication authority.
With SSO disabled, users that exist within the Active Directory search path are able to login successfully, having their accounts automatically created in both JIRA and Crowd. However, with SSO enabled, users that do not initially exist in either JIRA or Crowd will encounter the following message at the log in screen:
An internal server error occurred when requesting resource
And the exception noted on this issue will be generated in the log.
The user account is, in fact, created in Crowd but will not be created in JIRA until the next synchronization cycle has run. We are also using FishEye (v2.7) and Confluence (v4.2) with Crowd and SSO appears to work as expected with FishEye (new users accounts are created at login) but not with Confluence (which behaves similarly to JIRA, but simply returns an invalid account message instead of a server error).
John Henning
added a comment - This sounds like the same issue that I am encountering right now. We are using JIRA version 5.0 with Crowd version 2.4. JIRA is configured to use the Atlassian Crowd directory type and Crowd is configured for Delegated LDAP Authentication with Active Directory as the authentication authority.
With SSO disabled, users that exist within the Active Directory search path are able to login successfully, having their accounts automatically created in both JIRA and Crowd. However, with SSO enabled, users that do not initially exist in either JIRA or Crowd will encounter the following message at the log in screen:
An internal server error occurred when requesting resource
And the exception noted on this issue will be generated in the log.
The user account is, in fact, created in Crowd but will not be created in JIRA until the next synchronization cycle has run. We are also using FishEye (v2.7) and Confluence (v4.2) with Crowd and SSO appears to work as expected with FishEye (new users accounts are created at login) but not with Confluence (which behaves similarly to JIRA, but simply returns an invalid account message instead of a server error). To avoid any doubts, please also add the following in the test case:
point 7.5 Delete the user from Crowd as well as from JIRA (or better, use another LDAP user for the test with SSO enabled)
kshekhar do you think you'll have time to QA this?