Uploaded image for project: 'Jira Data Center'
  1. Jira Data Center
  2. JRASERVER-77540

Jira redirects the users back to the login page when SSO is used with Crowd

    XMLWordPrintable

Details

    • Bug
    • Resolution: Unresolved
    • Low
    • None
    • 8.22.6, 9.12.4, 9.14.1
    • Login

    Description

      Issue Summary

      Jira redirects the users back to the login page when SSO is used with Crowd (when SSOSeraphAuthenticator is enabled in the seraph-config.xml. It works fine when Crowd is not used (when JiraSeraphAuthenticator is enabled.)

      This is reproducible on Data Center: Yes

      Steps to Reproduce

      1. Create a Jira 9.12.4 and Crowd 5.2.3 environment
      2. Configure Crowd by adding the Jira application
      3. Add Crowd directory in Jira
      4. Configure SSO in Jira by using Jira's SSO application
      5. Add crowd.properties file under Jira_Install/application-data/WEB-INF/classes
      6. Edit seraph-config.properties, enable SSOSeraphAuthenticator and disable JiraSeraphAuthenticator 
        <!-- CROWD:START - If enabling Crowd SSO integration uncomment the following SSOSeraphAuthenticator and comment out the JiraSeraphAuthenticator below -->
<authenticator class="com.atlassian.jira.security.login.SSOSeraphAuthenticator"/> 
    <!-- CROWD:END -->

    <!-- CROWD:START - The authenticator below here will need to be commented out for Crowd SSO integration -->
  <!--      <authenticator class="com.atlassian.jira.security.login.JiraSeraphAuthenticator"/> -->
    <!-- CROWD:END -->
      1. Restart Jira to activate the changes
      2. Log in Jira using SSO

      Expected Results

      Jira should allow users to log in

      Actual Results

      The login screen comes and the user clicks on the SSO login:

      SSO login screen appears successfully:

      After the user provides the credentials and clicks on login, they are redirected to the Jira login page again:

      The below exception is thrown in the Crowd application log file:

      2024-03-13 11:10:51,412 http-nio-8095-exec-16 url: /crowd/rest/usermanagement/1/session ERROR [crowd.manager.token.RecoveryModeAwareTokenAuthenticationManager] Rejecting authentication without validating password of user 'XXXX' for app 'jira' because authentication without validating password is disabled for this app

      Workaround

      Enable Allow to generate user tokens option in Crowd.

      Attachments

        Issue Links

          relates to

          PSSRV-109970 Loading...

          Activity

            People

              Unassigned Unassigned
              ayanar Alp
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

                Created:
                Updated: