Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

OpenID - "Oops - an error has occurred"

Daniel
Daniel April 27, 2021

I'm trying to setup OID with Amazon Cognito. I setup everything as needed but when I open Confluence and login with the SSO details, I get the following error:

Cause

java.lang.NullPointerException
    at com.atlassian.plugins.authentication.impl.web.oidc.OidcConsumerServlet.doGet(OidcConsumerServlet.java:114)

 Googling around I found some similar errors but their solutions didn't apply to my case, at least not as far as I know.

Any help would be appreciated :)

Answer
Watch
Like # people like this
1120 views

2 answers

2 accepted

0 votes
Answer accepted
Danny Rehelis
Danny Rehelis April 27, 2021

Hey @Thiago Masutti

Just wanted to drop-in and update we've managed to overcome this,

What if you create the same user in the Confluence internal directory, disable JIT provisioning and try the authentication?

This definitely worked.

JIT user provisioning failed for us due to the fact the the local user Cognito pool we were testing with, users were not part of any group. Once a group was created and populated with users, JIT provisioning worked and we've managed to log-in!

Thanks a bunch for the help!

View More Comments
Kourtney Barnes
Kourtney Barnes June 9, 2021

Hey @Danny Rehelis , I'm having this exact same issue. For the group field what value are you putting there.

I'm getting 

We can't log you in right now

Please contact your administrator.

Technical details

 Could you tell me what values you are putting for the JIT fields? Below is what I have setup. 

Display Name :: ${given_name} ${family_name}

Email :: ${email}

Groups :: cognito:groups

JIT Scopes :: profile email
Like
Danny Rehelis
Danny Rehelis June 9, 2021

Hey @Kourtney Barnes , on our setup, `JIT scopes` is left empty.

I'd suggest enabling stack trace information in the error pages to understand what is behind that `Technical details` error.

https://confluence.atlassian.com/enterprise/saml-single-sign-on-for-atlassian-data-center-applications-857050705.html#SAMLsinglesign-onforAtlassianDataCenterapplications-authenticationscreen

(at the very bottom)

Like
Reply
0 votes
Answer accepted
Thiago Masutti
Thiago Masutti
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
April 27, 2021

Hi @Daniel
Welcome to the Atlassian Community.

If you check the application logs you may have an error related to this issue, together with a stack trace.

Could you please paste that here?

Kind regards,
Thiago Masutti

View More Comments
Like
Thiago Masutti
Thiago Masutti
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
April 27, 2021

Can you paste a screenshot of the OIDC configuration in Confluence?
You may redact some information if needed.

Like
Daniel
Daniel April 27, 2021

Sure thing @Thiago Masutti 

SBXgR9L

Like
Thiago Masutti
Thiago Masutti
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
April 27, 2021

Thanks @Daniel 

On Username mapping you need to use ${sub} instead of just sub.
See if that works.

Have you manually added any information on the Additional settings section?
Have you faced any error when using the automatic configuration?

If so, check if you have access to to your Amazon Cognito tenant from the Confluence server.
Maybe running the following command will help with ensuring network connection is possible from the server.

telnet <your-tenant>.amazoncognito.com 443

Let us know the results.

Kind regards,
Thiago Masutti

Like
Daniel
Daniel April 27, 2021

I tried ${sub} before I used sub, that didn't change anything .

I manually added the information in additional settings because it couldn't recognize those automatically. I opened a thread about it earlier actually but thought it might be resolved thanks to editing everything manually. 

443 port seems to be open:

[ec2-user@confluence ~]$ nc -zv URL.auth.eu-west-1.amazoncognito.com 443
Ncat: Version 7.50 ( https://nmap.org/ncat )
Ncat: Connected to IP:443.
Ncat: 0 bytes sent, 0 bytes received in 0.02 seconds.

 

Like
Thiago Masutti
Thiago Masutti
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
April 27, 2021

Just added a comment on the other thread  and it should fix this problem as well

Like
Daniel
Daniel April 27, 2021

@Thiago Masutti Thank you! Now it can fetch the info automatically, but I'm facing a new issue when I'm logging in.

 

I created a local user in my Cognito pool and when I login, I get the following error:

We can't log you in right now

Please contact your administrator.

Technical details

And here's a long list of errors: com.atlassian.plugins.authentication.impl.web.usercontext.impl.jit.JitException - Pastebin.com

Like
Thiago Masutti
Thiago Masutti
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
April 27, 2021

That's great, @Daniel 

That issue is related to the JIT user provisioning feature.

What if you create the same user in the Confluence internal directory, disable JIT provisioning and try the authentication?

Note that you are using OIDC sub as the username mapping, so that should be the username in Confluence as well.

With this we will at least guarantee the authentication flow is working fine and then focus on JIT.

Kind regards,
Thiago Masutti

Like
Reply

Suggest an answer

Log in or Sign up to answer
Confluence
Confluence
TAGS
AUG Leaders

Atlassian Community Events

    See all events