Come for the products,
stay for the community

The Atlassian Community can help you and your team get more value out of Atlassian products and practices.

Atlassian Community about banner
4,364,818
Community Members
 
Community Events
168
Community Groups

Using SSOSAML with WAP and ELB

I was able to get the re:Solution SSOSAML plugin to work with our ADFS, an AWS ELB [Elastic Load Balancer], and Jira [Jira, Confluence, and Jira Service Desk].

However, when we introduced the WAP reverse proxy for extra security, SSOSAML no longer worked.  No log files or debug sessions showed the reason.

One way around it was to disable HTTP/2.0 on the WAP.

Another was to disable HTTP/2.0 on the ELB.

I tried changing the application server's server.xml file from HTTP/1.1 to 2.0 but it wouldn't work.

I would have thought that if HTTP/2.0 didn't work, the handshake would down-select to 1.1 but that was obviously not happening.

I hope this helps someone who runs into this in the future; I spent about a month tearing my hair out before the WAP guy suggested looking at HTTP [I noticed that some logs mentioned 1.1 and others mentioned 2.0 but I didn't follow-up on that observation].

1 answer

1 accepted

0 votes
Answer accepted

I am sure @Christian Reichert _resolution_ will want to respond to this if not already (since you mention trying to combat the issue for a month)

when we introduced the WAP reverse proxy for extra security, SSOSAML no longer worked.  No log files or debug sessions showed the reason.

How exactly did this manifest itself?

Full disclosure, I am asking as a competitor, it'd be foolish not to learn from this.

The session would stop at

https://{JSD-server}/plugins/servlet/samlsso?redirectTo=%2F

 

The error message displayed:

An error occurred during a connection to {JSD-server}.

 

   The page you are trying to view cannot be shown because the authenticity of the received data could not be verified.

 

Turning on debug mode in the web browser did not yield any additional useful info.

 

A transaction that did not involve the WAP kept going past the above statement but nothing jumped out that suggested it was an HTTP version issue.

Suggest an answer

Log in or Sign up to answer
TAGS

Atlassian Community Events