Forums
Home Product Q&A Discussion groups Articles Ask a question Search
Learning
Events
Champions

Forums

Articles
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Not able to log in to Jira

Sairaj Naidu
Sairaj Naidu June 27, 2019

Since last Friday only two people unable to access Jira with the screen attachment name "Jirauser".

 

We login through SAML and in AD the user login is success except in jira but he able to access other application.

 

Please let us know if you need any more information

 

 

Answer
Watch
Like Be the first to like this
2933 views

9 answers

0 votes
Jon Espen Ingvaldsen Kantega SSO
Jon Espen Ingvaldsen Kantega SSO
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
June 28, 2019

It is the Microsoft add-on which throws an error message at the parsing and validation of the SAML response here. I believe this happens before user record data is retrieved from Jira and that the problem is independent of both how the user records stored and special characters are handled in Jira. 

-Jon Espen
Kantega SSO

Reply
0 votes
Sairaj Naidu
Sairaj Naidu June 27, 2019

Hi,

We found special characters in Display name.

Due to that it is failing.

can you please tell how to solve special characters in Jira.

Thank you,

Sairaj

Reply
0 votes
Jon Espen Ingvaldsen Kantega SSO
Jon Espen Ingvaldsen Kantega SSO
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
June 27, 2019

A useful tool for troubleshooting such problems is to use Browser addons that can show the SAML messages. One such tool the SAML Message Decoder for Chrome https://chrome.google.com/webstore/detail/saml-message-decoder/mpabchoaimgbdbbjjieoaeiibojelbhm

You could try to install this and see whether there is something suspicious in the SAML request / response pair when the login fails. 

-Jon Espen
Kantega SSO

Reply
0 votes
Sairaj Naidu
Sairaj Naidu June 27, 2019

We are using SAML single sign-on by Microsoft for all users but only two users are not able to login from 10 days and previously there are able to login and working fine for them

Reply
0 votes
Jon Espen Ingvaldsen Kantega SSO
Jon Espen Ingvaldsen Kantega SSO
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
June 27, 2019

It appears that the users are sent to OneLogin for authentication, and when they are redirected back to Jira your SSO product denies to accept the SAML response message from OneLogin. The reason in your case is that the signature is not valid.

Invalid signature can mean you don't have the public key certificate of the IdP so you can't validate its signature. Did you exchange metadata xml files as part of the OneLogin integration?

It is a bit strange if this only happens for two of your users. Is the the error consistent, and does it always happen when these two users login?

It looks like you use the native SAML features from Atlassian. I work for Kantega SSO, which provide alternative SSO solutions with more configuration options and user provisioning support. Please reach out if you continue to struggle getting the OneLogin integration right and is interested in evaluating alternative SSO solutions.

-Jon Espen
Kantega SSO

Reply
0 votes
Sairaj Naidu
Sairaj Naidu June 27, 2019

2019-06-27 17:00:39,496 http-nio-8080-exec-47 ERROR anonymous 1020x3171806x1 suuf8t IP,IP /plugins/servlet/samlconsumer [c.a.p.a.i.web.filter.ErrorHandlingFilter] Received invalid SAML response: Signature validation failed. SAML Response rejected
com.atlassian.plugins.authentication.impl.web.saml.provider.InvalidSamlResponse: Received invalid SAML response: Signature validation failed. SAML Response rejected
at com.atlassian.plugins.authentication.impl.web.saml.provider.impl.OneloginJavaSamlProvider.lambda$extractSamlResponse$1(OneloginJavaSamlProvider.java:89)
at com.atlassian.plugin.util.ContextClassLoaderSwitchingUtil.runInContext(ContextClassLoaderSwitchingUtil.java:48)
at com.atlassian.plugins.authentication.impl.web.saml.provider.impl.OneloginJavaSamlProvider.extractSamlResponse(OneloginJavaSamlProvider.java:80)
at com.atlassian.plugins.authentication.impl.web.saml.SamlConsumerServlet.doPost(SamlConsumerServlet.java:87)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:661)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:742)
at com.atlassian.plugin.servlet.DelegatingPluginServlet.service(DelegatingPluginServlet.java:37)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:742)
at com.atlassian.plugin.servlet.ServletModuleContainerServlet.service(ServletModuleContainerServlet.java:45)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:742)
... 53 filtered
at com.atlassian.plugins.authentication.impl.web.filter.ErrorHandlingFilter.doFilter(ErrorHandlingFilter.java:83)
... 3 filtered
at com.atlassian.web.servlet.plugin.request.RedirectInterceptingFilter.doFilter(RedirectInterceptingFilter.java:21)
... 58 filtered
at com.atlassian.jira.security.JiraSecurityFilter.lambda$doFilter$0(JiraSecurityFilter.java:66)
... 1 filtered
at com.atlassian.jira.security.JiraSecurityFilter.doFilter(JiraSecurityFilter.java:64)
... 36 filtered
at com.atlassian.jira.servermetrics.CorrelationIdPopulatorFilter.doFilter(CorrelationIdPopulatorFilter.java:30)
... 10 filtered
at com.atlassian.web.servlet.plugin.request.RedirectInterceptingFilter.doFilter(RedirectInterceptingFilter.java:21)
... 4 filtered

Reply
0 votes
Jon Espen Ingvaldsen Kantega SSO
Jon Espen Ingvaldsen Kantega SSO
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
June 27, 2019

Do you use a third party SSO add-on to setup SAML in your Jira?

 

Also, do you see any error messages in you Jira application log related to this? If you do not have access to the Jira server you can use the LastLog add-on to expose the logs in the Jira user interface.

 

Regards,
Jon Espen
Kantega SSO

Reply
0 votes
Sairaj Naidu
Sairaj Naidu June 27, 2019

Jirauser.pngWe can't log you in right nowThis may be for a variety of reasons, we suggest trying again.
If that doesn't work, contact your JIRA administrator for help.Try again

Reply
0 votes
Jon Espen Ingvaldsen Kantega SSO
Jon Espen Ingvaldsen Kantega SSO
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
June 27, 2019

Hi @Sairaj Naidu 

Do have an error message or screenshot describing their error experience?

Regards,

Jon Espen

Kantega SSO

Reply

Suggest an answer

Log in or Sign up to answer
Confluence
Confluence
TAGS
AUG Leaders

Atlassian Community Events

    See all events
    Community
    Forums
    FAQs Forums guidelines
    Learning
    About learning Resources
    Events
    Champions
    Copyright © 2025 Atlassian
    Privacy Policy Terms Security
    Welcome illustration

    Welcome to the new Atlassian Community

    Online forums and learning are now in one easy-to-use experience.

    By continuing, you accept the updated Community Terms of Use and acknowledge the Privacy Policy. Your public name, photo, and achievements may be publicly visible and available in search engines.