Create
cancel
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in

It's not the same without you

Join the community to find out what other Atlassian users are discussing, debating and creating.

Atlassian Community Hero Image Collage

Why do urls that link to specific issues or pages in Jira redirect to dashboard after sso? Edited

In our instance of Jira Server (and when unauthenticated), links to specific target URLs such as:

https://jira.company.com/browse/Issue-Number-One 

redirects users to:

https://jira.company.com/secure/Dashboard.jspa 

after authenticating with SSO.

This seems really dumb... shouldn't the user be redirected back to the originally requested URL?  Hopefully, I simply have something misconfigured, but I wasn't able to find anything in searches.  I'm using Okta for authentication via SAML 2.0 integration.  It's easy enough to just click the original URL again or copy-paste-enter, but it's maddening to my user environment.

FYI - We're running 8.6.0.

 

Any ideas?

4 answers

What app are you using on the Jira Server side?

Jira Server itself doesn't do SAML, you would need a 3rd party app to integrate while JIRA Data Center has an app from Atlassian to do this.

The app is responsible for the redirects once the response from the IdP arrives, though certainly if Okta doesn't send the RelayState due to misconfiguration then there is nothing the app can do. The app is also responsible for sending the RelayState value to Okta in the SP-initiated SSO case.

If the redirects are not happening it is most likely that the app is not doing what it should. You can check if the RelayState is present using in the browser Developer Tools on the network tab, by examining headers/parameters being sent by Okta back to Jira Server.

There are multiple SAML apps for Jira Server on Atlassian Marketplace, all of them superior to "default" OKTA way. Obviously, "superior" is an opinion, and I work for Techtime, an Atlassian Marketplace Top Vendor and vendor of EasySSO app for Server and Data Center. 

We target complex environments where there may be a need for additional authenticators – besides SAML, we provide 4 more: NTLM, Kerberos, HTTP Headers and X.509.

Thanks for the response, we're using Jira Server version.

John Funk Community Leader Jan 08, 2020

Sorry - not sure what the equivalent for server is then or if it even exists. :-(

0 votes
Steven Behnke Community Leader Jan 08, 2020

How are you integrating SSO? This is entirely dependent on how you use SSO and configured it.

In a TYPICAL SSO environment, you will be directed to the SSO server with information about WHERE you come from. Then when you come back from the SSO service, you are directed to the right place. 

For instance:

I use the SAML module mod_auth_mellon for Apach2. When you click "sign in", you are directed to and endpoint like @get /mellon/login?returnTo=%2Fpages%2Fviewpage.action%3FspaceKey%3DIT%26title%%2BPlanning

This information is leveraged by ADFS and directs you accordingly, because we configured it to.

I configured SSO via Okta's standard SAML 2.0 implementation steps.  The last piece, being directed to the right place after successful SSO, is not happening.  It's just dumping all new SSO sessions to the dashboard instead of the returnTo you mention above.  Having read your implementation, I expect that I'm just missing that piece of configuration that conveys a relaystate so Jira knows where to send the user after being redirected from the SSO endpoint.

We're also facing the problem. Is this something that needs to be fixed at SSO level or more of a Jira setting?

It's either on IdP level, where IdP ignores what the SSO app sends to it, or on the app level (most likely) - so all depends on what app you are using?

We're using Okta for SSO. 

If you mean you are using OKTA's provided app inside your Jira Server, I believe it's OKTA's app problem.

I don't think there are any updates on Okta part,

I found this link to their documentation which is pretty different from what they usually provide as a guide for integration with Jira.

This might be a solution to what is happening with RelayState and its value being lost at the first login attempt.

Did you guys had a chance to test this?

Thanks

Any progress on this ?

I don't think OKTA app has changed since January, so I guess, no?

Suggest an answer

Log in or Sign up to answer
TAGS
Community showcase
Published in Jira Software

How to create Jira issus from Excel file?

When to use CSV importer When managing your processes in Jira, there are many occasions where you need to create a lot of tasks. Creating them one by one will cost you a lot of time and effort and i...

4,308 views 22 31
Read article

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you