Versions Compared

Version Old Version 2 New Version Current
Changes made by

Christian Eitel

Jaime Capitel

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.


Warning

!!! We have migrated this cloud instance to our own hosted server instance !!!


Please follow this link to find the content you are looking for: 

https://wiki.resolution.de/doc/saml-sso/latest/jira/knowledgebase-articles/technical/signature-certificate-errors

Thank you for your understanding.

Problem

I am using JIRA or Confluence. In the SAML Single Sign process i will be redirected to the Identity Provider and successful authenticated. If I am returned from the Identitiy provider to JIRA/Confluence I get the error message:

. I tried to access my JIRA main URL https://<jira-URL>, /login.jsp, /default.jsp, /secure/Dashboard.jspa and /secure/MyJiraHome.jspa but im always end up on the normal login page.

Solution

The "Enable SSO Redirect" is working with the "Force SSO URLs" field. That means that the plugin is only redirecting requests to URLs matching the regular expressions from the Force SSO URLs. To ensure that your main and all normal login URLs will be redirected, please check if the "Force SSO URLs" has included the default values: 

/default.jsp
/secure/Dashboard.jspa
/secure/MyJiraHome.jspa

You also can delete the whole "Force SSO URLs" field and save the plugin configuration to restore the default values. 

 Processing saml failed: com.resolution.samlprocessor.SAMLProcessorException: Assertion signature validation failed

Processing saml failed: com.resolution.samlprocessor.SAMLProcessorException: Neither Response or Assertion contains a valid signature

Solution

  1. The most occurring reason for this error is because the wrong token signing certificate is used. Please check if the right certificate from your Identity Provider is included in the "IdP Token Signing Certificate" field from your plugin configuration.

  2. It could be that your JIRA/Confluence system is using a wrong encoding e.g. "ANSI_X3.4-1968". You can check your System Encoding in the following way:
    • For JIRA: Choose the cog icon Image Added → System → System info → System Encoding
    • For Confluence : Choose the cog icon Image Added → General configuration → Encoding

With the wrong system encoding the certificate cant be decoded properly. As solution you can change your encoding back to the standard value "UTF-8" with follwing steps:

 For JIRA: 

    • On the <jira/-install>/bin (or <tomcat-home>/bin for JIRA WAR installations) directory, open the setenv.sh(Linux)/setenv.bat(Windows) file.
    • Add the line: JVM_SUPPORT_RECOMMENDED_ARGS="-Dfile.encoding=utf-8" and save it.
    • Restart JIRA.

For Confluence: 

    • Choose the cog icon Image Added, then choose General Configuration under Confluence Administration

    • Choose General Configuration in the left-hand panel.

    • Choose Edit.

    • Enter the "UTF-8" in the text box next to Encoding

    • Choose Save.

Filter by label (Content by label)
showLabelsfalse
max5
spacesSAMLKB
showSpacefalse
sortmodified
reversetrue
typepage
cqllabel in ( "support" , "jira" , "servicedesk" ) and type = "page" and space = "SAMLKB"
labelsjira servicedesk support

Page Properties
hiddentrue


 
Related issues