How to set JIT provisioning in the JIRA service desk
Mengyuan He
I'm New Here 
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Hi, we met a problem in JIT setting with Azure AD, the attributes we set in the JIT provisioning could not be found.
Following are the log we are seeing when we try to login with JIT enabled, it reports attribute could not found, we also tried the full url like ${"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname"} but doesn't work.
We are wondering which attribute name we should use for the setting, could you provide any advice on this?
Recipient="https://xxxx/plugins/servlet/samlconsumer"/></SubjectConfirmation></Subject><Conditions NotBefore="2024-04-12T07:33:24.609Z" NotOnOrAfter="2024-04-12T08:38:24.609Z"><AudienceRestriction><Audience>https://xxxxxx</Audience></AudienceRestriction></Conditions><AttributeStatement><Attribute Name="http://schemas.microsoft.com/identity/claims/tenantid"><AttributeValue>xxxx</AttributeValue></Attribute><Attribute Name="http://schemas.microsoft.com/identity/claims/objectidentifier"><AttributeValue>xxxx</AttributeValue></Attribute><Attribute Name="http://schemas.microsoft.com/identity/claims/identityprovider"><AttributeValue>https://sts.windows.net/xxxx/</AttributeValue></Attribute><Attribute Name="http://schemas.microsoft.com/claims/authnmethodsreferences"><AttributeValue>http://schemas.microsoft.com/ws/2008/06/identity/authenticationmethod/password</AttributeValue><AttributeValue>http://schemas.microsoft.com/ws/2008/06/identity/authenticationmethod/x509</AttributeValue><AttributeValue>http://schemas.microsoft.com/claims/multipleauthn</AttributeValue></Attribute><Attribute Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname"><AttributeValue>xxxx</AttributeValue></Attribute><Attribute Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname"><AttributeValue>xxxx</AttributeValue></Attribute><Attribute Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"><AttributeValue>xxxx@xxxx.com</AttributeValue></Attribute><Attribute Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/Name"><AttributeValue>xxxx</AttributeValue></Attribute></AttributeStatement><AuthnStatement AuthnInstant="2024-04-12T04:20:36.090Z" SessionIndex="_e29090f9-2a30-4428-a933-df049d141500"><AuthnContext><AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:Password</AuthnContextClassRef></AuthnContext></AuthnStatement></Assertion></samlp:Response>
2024-04-12 07:38:25,258+0000 http-nio-8080-exec-20 DEBUG anonymous 458x5992x1 1bayh07 10.217.201.80 /plugins/servlet/samlconsumer [c.o.saml2.authn.SamlResponse] SAMLResponse has NameID --> xxxx@xxxx.com
2024-04-12 07:38:25,259+0000 http-nio-8080-exec-20 DEBUG anonymous 458x5992x1 1bayh07 10.217.201.80 /plugins/servlet/samlconsumer [c.o.saml2.authn.SamlResponse] SAMLResponse has NameID Format --> urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
2024-04-12 07:38:25,259+0000 http-nio-8080-exec-20 DEBUG anonymous 458x5992x1 1bayh07 10.217.201.80 /plugins/servlet/samlconsumer [c.o.saml2.authn.SamlResponse] SAMLResponse has attributes: {http://schemas.microsoft.com/identity/claims/tenantid=[3f0bdd77-1711-49bc-9b8c-6f2ba3e1c085], http://schemas.microsoft.com/identity/claims/identityprovider=[https://sts.windows.net/3f0bdd77-1711-49bc-9b8c-6f2ba3e1c085/], http://schemas.xmlsoap.org/ws/2005/05/identity/claims/Name=[xxxx], http://schemas.microsoft.com/identity/claims/objectidentifier=[xxxx], http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname=[xxxx], http://schemas.microsoft.com/claims/authnmethodsreferences=[http://schemas.microsoft.com/ws/2008/06/identity/authenticationmethod/password, http://schemas.microsoft.com/ws/2008/06/identity/authenticationmethod/x509, http://schemas.microsoft.com/claims/multipleauthn], http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname=[xxxx], http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress=[xxxx.com]}
2024-04-12 07:38:25,261+0000 http-nio-8080-exec-20 DEBUG anonymous 458x5992x1 1bayh07 10.217.201.80 /plugins/servlet/samlconsumer [c.onelogin.saml2.Auth] processResponse success --> XXXXXXXXX
2024-04-12 07:38:25,268+0000 http-nio-8080-exec-20 ERROR anonymous 458x5992x1 1bayh07 10.217.201.80 /plugins/servlet/samlconsumer [c.a.p.a.i.w.u.i.jit.mapping.SamlUserDataFromIdpMapper] Could not find givenname in the SAML response, it could mean that there is misconfiguration
2024-04-12 07:38:25,268+0000 http-nio-8080-exec-20 ERROR anonymous 458x5992x1 1bayh07 10.217.201.80 /plugins/servlet/samlconsumer [c.a.p.a.i.web.filter.ErrorHandlingFilter] [UUID: d9f1f911-2d3d-42be-bdb4-6b63e54643ea] Attribute [givenname] could not be found
com.atlassian.plugins.authentication.impl.web.usercontext.impl.jit.JitException: Attribute [givenname] could not be found
at com.atlassian.plugins.authentication.impl.web.usercontext.impl.jit.mapping.SamlUserDataFromIdpMapper.extractAttribute(SamlUserDataFromIdpMapper.java:42)
1 answer
Ivan Lima
Rising Star 
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.