Forums

Articles
Create
cancel
Showing results for 
Search instead for 
Did you mean: 

Problem: Some user can not login even with permission

Adam Laskowski December 19, 2022

Hi everyone,

recently we upgraded to Jira Data Center 8.20.13 and after that some user could not login anymore. They get this message (see image: "You can not login. Please contact your admin").

It seems to occur to new users or inactive ones who tries to login again. Usually they should get the "jira-software-users" group after login but they did not. When i give them this group they still can not login. All users are though in the userdirectory and "become user" from Scriptrunner works without problem.

We are using AD+SSO but it works for everyone else fine.

The globalpermissionentry table is missing the "USE" permission. Not sure if this is normal. 

After the update i did not clear the Jira cache. Should i do it? 

Cheers!

errorLogin.png

2 answers

1 accepted

0 votes
Answer accepted
Adam Laskowski March 16, 2023

I am late but thanks for you reply! @Bastian Stehmann 

So i was watching this problem and it seems it kind of solved itself. But recently one user got it again. 

So i only found this logs (atlassian-jira-security.log) for the user:

2023-03-16 09:39:50,335+0100 http-nio-127.0.0.1-8080-exec-129 243264 579x24335009x1 1wtkcdn 172.25.5.210,172.20.217.150,127.0.0.1 /secure/Logout!default.jspa HttpSession [1wtkcdn] destroyed for '243264' 
2023-03-16 09:39:50,335+0100 http-nio-127.0.0.1-8080-exec-129 243264 579x24335009x1 1wtkcdn 172.25.5.210,172.20.217.150,127.0.0.1 /secure/Logout!default.jspa HttpSession created [1yzte6u]
2023-03-16 09:39:50,343+0100 http-nio-127.0.0.1-8080-exec-129 243264 579x24335009x1 1wtkcdn 172.25.5.210,172.20.217.150,127.0.0.1 /secure/Logout!default.jspa The user '243264' has logged out.

 I recognized he was using this kind of url: .../plugins/servlet/oidc/callback?state=...

I tried it myself got the same error screen and this logs (atlassian-jira.log):

2023-03-16 09:50:04,824+0100 http-nio-127.0.0.1-8080-exec-73 ERROR 273306 590x24341281x1 b3xxiy 172.25.5.210,172.20.217.152,127.0.0.1 /plugins/servlet/oidc/callback [c.a.p.a.i.web.filter.ErrorHandlingFilter] [UUID: 417fa2fb-afec-4f4c-91c9-2ec72acf8e52] Unknown state in response

 It seems like a session problem but not sure how to handle it.

Adam Laskowski March 22, 2023

ok it seems like its a problem on our end. Some (new) users are not getting listed/synchronized with our OpenID, so SSO is not working for them.

0 votes
Bastian Stehmann
Community Champion
January 10, 2023

Hi @Adam Laskowski ,

Could you check the atlassian-jira.log file for the error ID? There should be some more information why the user could not log in.

Suggest an answer

Log in or Sign up to answer
DEPLOYMENT TYPE
SERVER
VERSION
8.20.13
TAGS
AUG Leaders

Atlassian Community Events