Loading...

XML

Word

Printable

Type: Bug
Resolution: Unresolved
Priority: Low
Fix Version/s: None
Affects Version/s: 9.12.22, 10.3.6, 10.6.0
Component/s: User Management - Others
Labels:
- FY25NNB
- NNB3

Introduced in Version:
9.12
Support reference count:
2
Symptom Severity:
Severity 2 - Major
UIS:
0

Issue Summary

When Jira is integrated with Active Directory (AD)/Crowd user directory for Jira and Single Sign-On (SSO) (with another IDP), users may encounter issues with login . Specifically, the new users logging in using JIRA SSO login will fail if the AD server configured with Jira is down.

Steps to Reproduce

Set up Jira with both Active Directory (AD)or Crowd user directory and Single Sign-On (SSO) login options with an IdP(Keycloak,Okta).

Verify login functionality using both AD/Crowd login and SSO; both methods should operate as expected without any issues.

Stop the AD/Crowd Server.

Attempt to log in using SSO.

Expected Results

Jira SSO continues to function normally without any issues when the backend AD/Crowd server is down.

Actual Results

SSO login fails with below error on the atlassian-jira.log

2025-05-08 16:31:01,235+0000 http-nio-8080-exec-106 url: /jira/plugins/servlet/samlconsumer ERROR anonymous 991x1522x1 bvmjys 10.140.13.46,172.50.0.5 /plugins/servlet/samlconsumer [c.a.p.a.i.web.filter.ErrorHandlingFilter] [UUID: 400f6dfd-e32a-4722-b5b0-167b0e9d9a4b] Error authenticating user
com.atlassian.plugins.authentication.impl.web.usercontext.AuthenticationFailedException: Error authenticating user
at com.atlassian.plugins.authentication.impl.web.usercontext.impl.embeddedcrowd.EmbeddedCrowdPrincipalResolver.resolvePrincipal(EmbeddedCrowdPrincipalResolver.java:50)
at com.atlassian.plugins.authentication.impl.web.saml.SamlConsumerServlet.doPost(SamlConsumerServlet.java:109)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:555)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:623)
at com.atlassian.plugin.servlet.DelegatingPluginServlet.service(DelegatingPluginServlet.java:37)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:623)
at com.atlassian.plugin.servlet.ServletModuleContainerServlet.service(ServletModuleContainerServlet.java:49)

at java.base/java.lang.Thread.run(Thread.java:840)
Caused by: com.atlassian.crowd.exception.runtime.OperationFailedException: org.springframework.transaction.CannotCreateTransactionException: Could not create DirContext instance for transaction; nested exception is org.springframework.ldap.CommunicationException: ldap.atl-cd.net:389; nested exception is javax.naming.CommunicationException: ldap.xxx.net:389 [Root exception is java.net.UnknownHostException: ldap.xxx.net]

Workaround

Currently there is no known workaround for this behavior. A workaround will be added here when available

is caused by

SAMLDC-37 If the authenticating user comes from a remote directory, and the directory is inaccessible the user will see a 'We can't log you in right now error'

Needs Triage

Assignee:: Unassigned
Reporter:: Deepak R
Votes:: 1 Vote for this issue
Watchers:: 4 Start watching this issue

Created:: 16/May/2025 7:16 AM
Updated:: 25/Nov/2025 7:10 AM

Details

Description

Issue Summary

Steps to Reproduce

Expected Results

Actual Results

Workaround

Attachments

Issue Links

Activity

People

Dates