Forums
Home Product Q&A Discussion groups Articles Ask a question Search
Learning
Events
Champions

Forums

Articles
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Anyone familiar how to fix user doesn't exist in product SAML assertion?

Tom L
Tom L September 8, 2020

Recently, after our Crowd upgrade, there are several users who cannot login to Confluence data center with the following error:

2020-09-08 14:18:03,019 ERROR [http-nio-8090-exec-11] [impl.web.filter.ErrorHandlingFilter] doFilter Received SAML assertion for user (username), but the user doesn't exist in the product
com.atlassian.plugins.authentication.impl.web.usercontext.AuthenticationFailedException: Received SAML assertion for user (username), but the user doesn't exist in the product

The user exists in Confluence, and can be found via the API. The user exists in Crowd and can be found in the delegated authentication directory. The user also exists in the IdP.

Any ideas how to resolve this?

Answer
Watch
Like Be the first to like this
1139 views

1 answer

1 vote
Arnav Ghatage
Arnav Ghatage
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
September 20, 2021

Hi Tom,

It seems like the plugin you are using on confluence, does not have Just-In-Time provisioning or remote directory sync or an option to change user identifier in the SSO configuration. Crowd send SSO user's username in NameID SAML attribute which confluence uses to identify SSO users but it seems it is unable to find any user in confluence with received NameID value. You can try out this plugin: Confluence SAML SSO. This add-on allows you to test configurations and see all the attributes received in the SAML response. Also, can use the different SAML Attributes to identify SSO user if required.

Feel free to ask me any more questions that you have.

I work for miniOrange, a top SSO vendors in the Atlassian Marketplace. Reach out to us via atlassiansupport@xecurify.com

 
Thanks,
Arnav

Reply

Suggest an answer

Log in or Sign up to answer
Confluence
Confluence
TAGS
AUG Leaders

Atlassian Community Events

    See all events
    Community
    Forums
    FAQs Forums guidelines
    Learning
    About learning Resources
    Events
    Champions
    Copyright © 2025 Atlassian
    Privacy Policy Terms Security
    Welcome illustration

    Welcome to the new Atlassian Community

    Online forums and learning are now in one easy-to-use experience.

    By continuing, you accept the updated Community Terms of Use and acknowledge the Privacy Policy. Your public name, photo, and achievements may be publicly visible and available in search engines.