Hi everyone,
recently we upgraded to Jira Data Center 8.20.13 and after that some user could not login anymore. They get this message (see image: "You can not login. Please contact your admin").
It seems to occur to new users or inactive ones who tries to login again. Usually they should get the "jira-software-users" group after login but they did not. When i give them this group they still can not login. All users are though in the userdirectory and "become user" from Scriptrunner works without problem.
We are using AD+SSO but it works for everyone else fine.
The globalpermissionentry table is missing the "USE" permission. Not sure if this is normal.
After the update i did not clear the Jira cache. Should i do it?
Cheers!
I am late but thanks for you reply! @Bastian Stehmann
So i was watching this problem and it seems it kind of solved itself. But recently one user got it again.
So i only found this logs (atlassian-jira-security.log) for the user:
2023-03-16 09:39:50,335+0100 http-nio-127.0.0.1-8080-exec-129 243264 579x24335009x1 1wtkcdn 172.25.5.210,172.20.217.150,127.0.0.1 /secure/Logout!default.jspa HttpSession [1wtkcdn] destroyed for '243264'
2023-03-16 09:39:50,335+0100 http-nio-127.0.0.1-8080-exec-129 243264 579x24335009x1 1wtkcdn 172.25.5.210,172.20.217.150,127.0.0.1 /secure/Logout!default.jspa HttpSession created [1yzte6u]
2023-03-16 09:39:50,343+0100 http-nio-127.0.0.1-8080-exec-129 243264 579x24335009x1 1wtkcdn 172.25.5.210,172.20.217.150,127.0.0.1 /secure/Logout!default.jspa The user '243264' has logged out.
I recognized he was using this kind of url: .../plugins/servlet/oidc/callback?state=...
I tried it myself got the same error screen and this logs (atlassian-jira.log):
2023-03-16 09:50:04,824+0100 http-nio-127.0.0.1-8080-exec-73 ERROR 273306 590x24341281x1 b3xxiy 172.25.5.210,172.20.217.152,127.0.0.1 /plugins/servlet/oidc/callback [c.a.p.a.i.web.filter.ErrorHandlingFilter] [UUID: 417fa2fb-afec-4f4c-91c9-2ec72acf8e52] Unknown state in response
It seems like a session problem but not sure how to handle it.
ok it seems like its a problem on our end. Some (new) users are not getting listed/synchronized with our OpenID, so SSO is not working for them.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi @Adam Laskowski ,
Could you check the atlassian-jira.log file for the error ID? There should be some more information why the user could not log in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.