Forums
Home Q&A Discussion groups Articles Ask a question Search
Learning
Events
Champions
Community
Forums
Home Q&A Discussion groups Articles Ask a question Search
Learning Events Champions
Forums
Home Q&A Discussion groups Articles Ask a question Search
Learning Events Champions

Forums

Articles
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Okta SSO can't login - Jira onprem

Tomer Grega
Tomer Grega
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
July 29, 2020

Hi,

I've configured all steps from Okta's SAML on prem guide, but i'm unable to login using sso.

I saw this in the atlassian-jira log:

init/jira.webresources:bigpipe-init.js [c.a.j.authenticator.okta.OktaJiraAuthenticator30] Authentication result=URL_NOT_PROTECTED
2020-07-29 15:33:59,842 http-nio-8080-exec-11 INFO anonymous 933x21x2 15rmi1a 10.20.0.232 /rest/webResources/1.0/resources [c.a.j.authenticator.okta.OktaJiraAuthenticator30] Authentication result=URL_NOT_PROTECTED
2020-07-29 15:34:01,406 http-nio-8080-exec-5 INFO anonymous 934x22x2 15rmi1a 10.20.0.232 /s/-bs8asi/805000/6411e0087192541a09d88223fb51a6a0/_/images/jira-software.png [c.a.j.authenticator.okta.OktaJiraAuthenticator30] Authentication result=URL_NOT_PROTECTED
2020-07-29 15:34:01,550 http-nio-8080-exec-12 INFO anonymous 934x23x1 15rmi1a 10.20.0.232 /rest/webResources/1.0/resources [c.a.j.authenticator.okta.OktaJiraAuthenticator30] Authentication result=URL_NOT_PROTECTED
2020-07-29 15:34:06,454 ForkJoinPool.commonPool-worker-2 INFO [c.a.jira.i18n.I18nWarmer] Initialised i18n cache in 11398
2020-07-29 15:34:06,454 Caesium-1-4 INFO [c.a.jira.startup.CacheWarmerLauncher] Warmed cache(s) in 11413 ms.
2020-07-29 15:34:10,426 http-nio-8080-exec-13 INFO anonymous 934x24x1 15rmi1a 10.20.0.232 /okta_login.jsp [c.a.j.authenticator.okta.OktaJiraAuthenticator30] Authentication result=MISSING_SAML_ASSERTION
2020-07-29 15:34:10,687 http-nio-8080-exec-14 INFO anonymous 934x25x1 15rmi1a 10.20.0.232 /rest/webResources/1.0/resources [c.a.j.authenticator.okta.OktaJiraAuthenticator30] Authentication result=URL_NOT_PROTECTED
2020-07-29 15:34:10,867 http-nio-8080-exec-15 INFO anonymous 934x26x1 15rmi1a 10.20.0.232 /rest/webResources/1.0/resources [c.a.j.authenticator.okta.OktaJiraAuthenticator30] Authentication result=URL_NOT_PROTECTED
2020-07-29 15:34:11,116 Caesium-1-2 INFO ServiceRunner [c.a.j.p.h.service.ping.RefreshConnectionStatusJobHandler] Running RefreshConnectionStatusJobHandler...
2020-07-29 15:34:14,853 Caesium-1-4 INFO [c.a.j.p.h.service.connect.InstallGlancesJobHandler] Running InstallGlancesJobHandler...
2020-07-29 15:34:14,854 Caesium-1-4 INFO [c.a.j.p.h.service.connect.InstallGlancesJobHandler] There is no link to Hipchat, no need to install glances.
2020-07-29 15:34:50,737 Caesium-1-4 INFO [c.a.jira.upgrade.UpgradeScheduler] Running scheduled upgrades
2020-07-29 15:34:50,739 Caesium-1-4 INFO [c.a.jira.upgrade.LoggingUpgradeService] run upgrades has started
2020-07-29 15:34:50,931 Caesium-1-4 INFO [c.a.j.upgrade.util.BuildNumberDao] Setting current build number to 805000
2020-07-29 15:34:50,934 Caesium-1-4 DEBUG [c.a.activeobjects.osgi.ActiveObjectsServiceFactory] getService bundle [com.atlassian.jira.plugins.webhooks.jira-webhooks-plugin]
2020-07-29 15:34:50,945 Caesium-1-4 INFO [c.a.jira.upgrade.UpgradeIndexManager] There is no reindex requests of type [IMMEDIATE, DELAYED] so none will be run
2020-07-29 15:34:50,945 Caesium-1-4 INFO [c.a.j.upgrade.util.BuildNumberDao] Setting current version to 8.5.0
2020-07-29 15:34:50,948 Caesium-1-4 INFO [c.a.j.upgrade.util.BuildNumberDao] Setting downgrade version to 7.1.2
2020-07-29 15:34:50,955 Caesium-1-4 INFO [c.a.jira.upgrade.LoggingUpgradeService] run upgrades has finished successfully, and took 216 milliseconds to process.
2020-07-29 15:34:50,955 Caesium-1-4 INFO [c.a.jira.upgrade.UpgradeScheduler] JIRA upgrades completed successfully
2020-07-29 15:34:50,960 Caesium-1-4 INFO [c.a.jira.upgrade.UpgradeScheduler] Plugins upgrades completed successfully
2020-07-29 15:34:50,960 Caesium-1-4 INFO [c.a.jira.upgrade.UpgradeIndexManager] Reindexing is not allowed after this upgrade and there is no immediate reindex requests
2020-07-29 15:34:51,376 http-nio-8080-exec-22 INFO anonymous 934x27x1 - 127.0.0.1 /rest/gadgets/1.0/g/feed [c.a.j.authenticator.okta.OktaJiraAuthenticator30] Authentication result=URL_NOT_PROTECTED
2020-07-29 15:34:51,418 Caesium-1-2 DEBUG ServiceRunner [c.a.activeobjects.osgi.ActiveObjectsServiceFactory] getService bundle [com.atlassian.jira.plugins.inform.event-plugin]
2020-07-29 15:34:52,582 Caesium-1-3 DEBUG [c.a.activeobjects.osgi.ActiveObjectsServiceFactory] getService bundle [com.atlassian.troubleshooting.plugin-jira]
2020-07-29 15:35:32,663 http-nio-8080-exec-23 ERROR anonymous 935x28x1 15rmi1a 10.20.0.232 /secure/Dashboard.jspa [c.a.j.authenticator.okta.OktaJiraAuthenticator30] Error parsing SAML response: Configuration does not have a matching issuer
com.okta.saml.SAMLException: Configuration does not have a matching issuer
at com.okta.saml.SAMLResponse.validatedResponse(SAMLResponse.java:116)
at com.okta.saml.SAMLResponse.<init>(SAMLResponse.java:61)
at com.okta.saml.SAMLResponse.<init>(SAMLResponse.java:54)
at com.okta.saml.AbstractSAMLValidator.getSAMLResponse(AbstractSAMLValidator.java:77)
at com.okta.saml.util.OktaAuthPeer.getSAMLResponse(OktaAuthPeer.java:125)
at com.atlassian.jira.authenticator.okta.OktaJiraAuthenticator30.extractUserFromSAMLAssertion(OktaJiraAuthenticator30.java:296)
at com.atlassian.jira.authenticator.okta.OktaJiraAuthenticator30.handleLoginRequest(OktaJiraAuthenticator30.java:123)
at com.atlassian.jira.authenticator.okta.OktaJiraAuthenticator30.getUser(OktaJiraAuthenticator30.java:92)
... 1 filtered
at com.atlassian.jira.security.JiraSecurityFilter.doFilter(JiraSecurityFilter.java:64)
... 39 filtered
at com.atlassian.jira.servermetrics.CorrelationIdPopulatorFilter.doFilter(CorrelationIdPopulatorFilter.java:30)
... 10 filtered
at com.atlassian.web.servlet.plugin.request.RedirectInterceptingFilter.doFilter(RedirectInterceptingFilter.java:21)
... 4 filtered
at com.atlassian.web.servlet.plugin.LocationCleanerFilter.doFilter(LocationCleanerFilter.java:36)
... 26 filtered
at com.atlassian.jira.servermetrics.MetricsCollectorFilter.doFilter(MetricsCollectorFilter.java:25)
... 11 filtered
at com.atlassian.jira.authenticator.okta.OktaLoginFilter.doFilter(OktaLoginFilter.java:73)
... 16 filtered
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
at java.lang.Thread.run(Thread.java:748)
2020-07-29 15:35:32,669 http-nio-8080-exec-23 INFO anonymous 935x28x1 15rmi1a 10.20.0.232 /secure/Dashboard.jspa [c.a.j.authenticator.okta.OktaJiraAuthenticator30] Authentication result=INVALID_SAML_ASSERTION
2020-07-29 15:35:32,673 http-nio-8080-exec-23 ERROR anonymous 935x28x1 15rmi1a 10.20.0.232 /secure/Dashboard.jspa [c.a.j.authenticator.okta.OktaJiraAuthenticator30] Error parsing SAML response: Configuration does not have a matching issuer
com.okta.saml.SAMLException: Configuration does not have a matching issuer
at com.okta.saml.SAMLResponse.validatedResponse(SAMLResponse.java:116)
at com.okta.saml.SAMLResponse.<init>(SAMLResponse.java:61)
at com.okta.saml.SAMLResponse.<init>(SAMLResponse.java:54)
at com.okta.saml.AbstractSAMLValidator.getSAMLResponse(AbstractSAMLValidator.java:77)
at com.okta.saml.util.OktaAuthPeer.getSAMLResponse(OktaAuthPeer.java:125)
at com.atlassian.jira.authenticator.okta.OktaJiraAuthenticator30.extractUserFromSAMLAssertion(OktaJiraAuthenticator30.java:296)
at com.atlassian.jira.authenticator.okta.OktaJiraAuthenticator30.handleLoginRequest(OktaJiraAuthenticator30.java:123)
at com.atlassian.jira.authenticator.okta.OktaJiraAuthenticator30.getUser(OktaJiraAuthenticator30.java:92)
at com.atlassian.seraph.auth.AbstractAuthenticator.getUser(AbstractAuthenticator.java:45)
at com.atlassian.jira.mobile.auth.ApplicationUserProvider.getRemoteUser(ApplicationUserProvider.java:38)
... 15 filtered
at com.atlassian.jira.security.JiraSecurityFilter.lambda$doFilter$0(JiraSecurityFilter.java:66)
... 1 filtered
at com.atlassian.jira.security.JiraSecurityFilter.doFilter(JiraSecurityFilter.java:64)
... 39 filtered
at com.atlassian.jira.servermetrics.CorrelationIdPopulatorFilter.doFilter(CorrelationIdPopulatorFilter.java:30)
... 10 filtered
at com.atlassian.web.servlet.plugin.request.RedirectInterceptingFilter.doFilter(RedirectInterceptingFilter.java:21)
... 4 filtered
at com.atlassian.web.servlet.plugin.LocationCleanerFilter.doFilter(LocationCleanerFilter.java:36)
... 26 filtered
at com.atlassian.jira.servermetrics.MetricsCollectorFilter.doFilter(MetricsCollectorFilter.java:25)
... 11 filtered
at com.atlassian.jira.authenticator.okta.OktaLoginFilter.doFilter(OktaLoginFilter.java:73)
... 16 filtered
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
at java.lang.Thread.run(Thread.java:748)
2020-07-29 15:35:32,674 http-nio-8080-exec-23 INFO anonymous 935x28x1 15rmi1a 10.20.0.232 /secure/Dashboard.jspa [c.a.j.authenticator.okta.OktaJiraAuthenticator30] Authentication result=INVALID_SAML_ASSERTION
2020-07-29 15:35:33,027 http-nio-8080-exec-3 INFO anonymous 935x29x1 15rmi1a 10.20.0.232 /rest/webResources/1.0/resources [c.a.j.authenticator.okta.OktaJiraAuthenticator30] Authentication result=URL_NOT_PROTECTED
2020-07-29 15:35:33,234 http-nio-8080-exec-2 INFO anonymous 935x30x1 15rmi1a 10.20.0.232 /rest/webResources/1.0/resources [c.a.j.authenticator.okta.OktaJiraAuthenticator30] Authentication result=URL_NOT_PROTECTED
2020-07-29 15:35:33,297 http-nio-8080-exec-4 INFO anonymous 935x31x1 15rmi1a 10.20.0.232 /plugins/servlet/gadgets/dashboard-diagnostics [c.a.j.authenticator.okta.OktaJiraAuthenticator30] Authentication result=URL_NOT_PROTECTED
2020-07-29 15:35:33,738 http-nio-8080-exec-1 INFO anonymous 935x32x1 15rmi1a 10.20.0.232 /rest/analytics/1.0/publish/bulk [c.a.j.authenticator.okta.OktaJiraAuthenticator30] Authentication result=URL_NOT_PROTECTED
2020-07-29 15:36:16,026 http-nio-8080-exec-25 ERROR anonymous 936x33x1 15rmi1a 10.20.0.232 /secure/Dashboard.jspa [c.a.j.authenticator.okta.OktaJiraAuthenticator30] Error parsing SAML response: Configuration does not have a matching issuer
com.okta.saml.SAMLException: Configuration does not have a matching issuer
at com.okta.saml.SAMLResponse.validatedResponse(SAMLResponse.java:116)
at com.okta.saml.SAMLResponse.<init>(SAMLResponse.java:61)
at com.okta.saml.SAMLResponse.<init>(SAMLResponse.java:54)
at com.okta.saml.AbstractSAMLValidator.getSAMLResponse(AbstractSAMLValidator.java:77)
at com.okta.saml.util.OktaAuthPeer.getSAMLResponse(OktaAuthPeer.java:125)
at com.atlassian.jira.authenticator.okta.OktaJiraAuthenticator30.extractUserFromSAMLAssertion(OktaJiraAuthenticator30.java:296)
at com.atlassian.jira.authenticator.okta.OktaJiraAuthenticator30.handleLoginRequest(OktaJiraAuthenticator30.java:123)
at com.atlassian.jira.authenticator.okta.OktaJiraAuthenticator30.getUser(OktaJiraAuthenticator30.java:92)
... 1 filtered
at com.atlassian.jira.security.JiraSecurityFilter.doFilter(JiraSecurityFilter.java:64)
... 39 filtered
at com.atlassian.jira.servermetrics.CorrelationIdPopulatorFilter.doFilter(CorrelationIdPopulatorFilter.java:30)
... 10 filtered
at com.atlassian.web.servlet.plugin.request.RedirectInterceptingFilter.doFilter(RedirectInterceptingFilter.java:21)
... 4 filtered
at com.atlassian.web.servlet.plugin.LocationCleanerFilter.doFilter(LocationCleanerFilter.java:36)
... 26 filtered
at com.atlassian.jira.servermetrics.MetricsCollectorFilter.doFilter(MetricsCollectorFilter.java:25)
... 11 filtered
at com.atlassian.jira.authenticator.okta.OktaLoginFilter.doFilter(OktaLoginFilter.java:73)
... 16 filtered
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
at java.lang.Thread.run(Thread.java:748)
2020-07-29 15:36:16,027 http-nio-8080-exec-25 INFO anonymous 936x33x1 15rmi1a 10.20.0.232 /secure/Dashboard.jspa [c.a.j.authenticator.okta.OktaJiraAuthenticator30] Authentication result=INVALID_SAML_ASSERTION
2020-07-29 15:36:16,030 http-nio-8080-exec-25 ERROR anonymous 936x33x1 15rmi1a 10.20.0.232 /secure/Dashboard.jspa [c.a.j.authenticator.okta.OktaJiraAuthenticator30] Error parsing SAML response: Configuration does not have a matching issuer
com.okta.saml.SAMLException: Configuration does not have a matching issuer
at com.okta.saml.SAMLResponse.validatedResponse(SAMLResponse.java:116)
at com.okta.saml.SAMLResponse.<init>(SAMLResponse.java:61)
at com.okta.saml.SAMLResponse.<init>(SAMLResponse.java:54)
at com.okta.saml.AbstractSAMLValidator.getSAMLResponse(AbstractSAMLValidator.java:77)
at com.okta.saml.util.OktaAuthPeer.getSAMLResponse(OktaAuthPeer.java:125)
at com.atlassian.jira.authenticator.okta.OktaJiraAuthenticator30.extractUserFromSAMLAssertion(OktaJiraAuthenticator30.java:296)
at com.atlassian.jira.authenticator.okta.OktaJiraAuthenticator30.handleLoginRequest(OktaJiraAuthenticator30.java:123)
at com.atlassian.jira.authenticator.okta.OktaJiraAuthenticator30.getUser(OktaJiraAuthenticator30.java:92)
at com.atlassian.seraph.auth.AbstractAuthenticator.getUser(AbstractAuthenticator.java:45)
at com.atlassian.jira.mobile.auth.ApplicationUserProvider.getRemoteUser(ApplicationUserProvider.java:38)
... 15 filtered
at com.atlassian.jira.security.JiraSecurityFilter.lambda$doFilter$0(JiraSecurityFilter.java:66)
... 1 filtered
at com.atlassian.jira.security.JiraSecurityFilter.doFilter(JiraSecurityFilter.java:64)
... 39 filtered
at com.atlassian.jira.servermetrics.CorrelationIdPopulatorFilter.doFilter(CorrelationIdPopulatorFilter.java:30)
... 10 filtered
at com.atlassian.web.servlet.plugin.request.RedirectInterceptingFilter.doFilter(RedirectInterceptingFilter.java:21)
... 4 filtered
at com.atlassian.web.servlet.plugin.LocationCleanerFilter.doFilter(LocationCleanerFilter.java:36)
... 26 filtered
at com.atlassian.jira.servermetrics.MetricsCollectorFilter.doFilter(MetricsCollectorFilter.java:25)
... 11 filtered
at com.atlassian.jira.authenticator.okta.OktaLoginFilter.doFilter(OktaLoginFilter.java:73)
... 16 filtered
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
at java.lang.Thread.run(Thread.java:748)

Answer
Watch
Like Be the first to like this
1643 views

1 answer

0 votes
Mike
Mike
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Champions.
Get recognized
July 29, 2020

Do you see your user in the OKTA group configured to authenticate to JIRA (within admin okta config)? 

View More Comments
Tomer Grega
Tomer Grega
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
July 29, 2020

Yes, i updated the ticket with erros from atlassian-jira log. maybe someone could assist. tnx.

Like
Reply

Suggest an answer

Log in or Sign up to answer
Jira
Jira
TAGS
AUG Leaders

Atlassian Community Events

    See all events
    Community
    Forums
    FAQs Forums guidelines
    Learning
    About learning Resources
    Events
    Champions
    Copyright © 2025 Atlassian
    Privacy Policy Notice at Collection Terms Security