Uploaded image for project: 'Jira Data Center'
  1. Jira Data Center
  2. JRASERVER-69598

Unable to log in with SAML SSO when user has special character in name

    XMLWordPrintable

Details

    Description

      When trying to authenticate a user who has a special character in their first name (é specifically) via SAML SSO, we see the following screen

      The error in the logs is: 

      2019-07-04 16:04:08,679 http-nio-8080-exec-48 ERROR anonymous 964x1404949x1 vn7oz4 10.134.195.158,10.134.41.252 /plugins/servlet/samlconsumer [c.a.p.a.i.web.filter.ErrorHandlingFilter] Received invalid SAML response: Signature validation failed. SAML Response rejected
com.atlassian.plugins.authentication.impl.web.saml.provider.InvalidSamlResponse: Received invalid SAML response: Signature validation failed. SAML Response rejected
	at com.atlassian.plugins.authentication.impl.web.saml.provider.impl.OneloginJavaSamlProvider.lambda$extractSamlResponse$1(OneloginJavaSamlProvider.java:89)
	at com.atlassian.plugin.util.ContextClassLoaderSwitchingUtil.runInContext(ContextClassLoaderSwitchingUtil.java:48)
	at com.atlassian.plugins.authentication.impl.web.saml.provider.impl.OneloginJavaSamlProvider.extractSamlResponse(OneloginJavaSamlProvider.java:80)
	at com.atlassian.plugins.authentication.impl.web.saml.SamlConsumerServlet.doPost(SamlConsumerServlet.java:87)
	at javax.servlet.http.HttpServlet.service(HttpServlet.java:661)
	at javax.servlet.http.HttpServlet.service(HttpServlet.java:742)
	at com.atlassian.plugin.servlet.DelegatingPluginServlet.service(DelegatingPluginServlet.java:37)
	at javax.servlet.http.HttpServlet.service(HttpServlet.java:742)
	at com.atlassian.plugin.servlet.ServletModuleContainerServlet.service(ServletModuleContainerServlet.java:45)
	at javax.servlet.http.HttpServlet.service(HttpServlet.java:742)
	... 53 filtered
	at com.atlassian.plugins.authentication.impl.web.filter.ErrorHandlingFilter.doFilter(ErrorHandlingFilter.java:83)
	... 3 filtered
	at com.atlassian.web.servlet.plugin.request.RedirectInterceptingFilter.doFilter(RedirectInterceptingFilter.java:21)
	... 58 filtered
	at com.atlassian.jira.security.JiraSecurityFilter.lambda$doFilter$0(JiraSecurityFilter.java:66)
	... 1 filtered
	at com.atlassian.jira.security.JiraSecurityFilter.doFilter(JiraSecurityFilter.java:64)
	... 36 filtered
	at com.atlassian.jira.servermetrics.CorrelationIdPopulatorFilter.doFilter(CorrelationIdPopulatorFilter.java:30)
	... 10 filtered

      Workaround

      Add the following as JVM startup parameters:

      -Dfile.encoding=UTF-8 -Djavax.servlet.request.encoding=UTF8

      Attachments

        Issue Links

          is cloned from

          Bug - A problem which impairs or prevents the functions of the product. CONFSERVER-54753 Unable to log in with SAML SSO when user has special character in name

          • Medium - Medium priority issues
          • Closed
          mentioned in

          Page Loading...

          Page Loading...

          Page Loading...

          Activity

            People

              346a06beb37e ajoshi7 (Inactive)
              vhu@atlassian.com Vivian Hu (Inactive)
              Votes:
              14 Vote for this issue
              Watchers:
              20 Start watching this issue

              Dates

                Created:
                Updated: