Issue Summary
Upgrading SSO for Atlassian Server and Data Center to version 4.2.5 will not provide users with the option to Log in with IDP when there is a Johnson warning.
Steps to Reproduce
- Upgrade the SSO for Atlassian Server and Data Center to version 4.2.5 at the instance which has recommendation issues (Johnson warning)
- Access Jira and click on the "Log In" button on the top right
Another example for Jira 8.13:
- Install a fresh Jira SW DC 8.13.10 instance.
- Once the install is complete, configure JVM heap as below in setenv.sh file - this is to create a Johnson warning.
JVM_MINIMUM_MEMORY="312m" JVM_MAXIMUM_MEMORY="2048m"
- Restart Jira.
- With the Atlassian Authentication App version 4.1.1 (bundled with Jira 8.13.10), configure SAML SSO with any IdP as the primary authentication method.
- Try to authenticate on Jira and notice that clicking on the Login button redirects you to the IdP for authentication.
- Upgrade the Atlassian Authentication App to version 4.1.10.
- Trying the SSO authentication (after the upgrade) through the Login button no longer redirects the user to the IdP and shows only the authentication form.
Expected Results
There will be an option to log in with IDP or internal directory
Actual Results
No longer possible to log in via IDP. Only Product login form option provided.
Workaround
Workaround 1
Dismiss warnings:
Go to <Jira Base URL>/secure/errors.jsp and dismiss any error/warning on that page – see an example below.
This might be needed at any time a node restarted or started for the first time.
If the above doesn't help, then downgrade the Atlassian SSO App to one of the following versions: 3.2.6, 4.0.10, 4.1.7, 4.2.4 .
Workaround 2
Downgrade the SSO for Atlassian Data Center plugin to version 3.2.6, 4.0.10, 4.1.7, 4.2.4
- Go to the manage apps page
- Select all apps and search for "SSO for Atlassian Data Center"
- Uninstall this app.
- Download SSO for Atlassian Server and Data Center version 4.2.4
- Upload this app from the Manage apps page ( the Upload app button )
Although it shows incompatible, it will work -
- With both authentications enabled - 2021-09-13_22-50-51.mp4
- With Product login form is disabled - 2021-09-13_22-52-12.mp4
Notes
If the Product login form is disabled, the login gadget will not be displayed on the dashboard. However, when clicking on "Log in" it will be visible there but the IDP login option will still not be visible.
2021-09-13_22-47-40.mp4
- is cloned from
-
JRASERVER-72793 Upgrading SSO for Atlassian Data Center plugin breaks SAML log in page
-
- Closed
-
- is related to
-
-
- Closed
-
-
JRASERVER-71982 Upgrade PostgresSQL JDBC driver to 42.2.16+ version
- Closed
- relates to
-
-
- Gathering Impact
-
- is cloned by
-
KRAK-4437 Loading...