In our instance of Jira Server (and when unauthenticated), links to specific target URLs such as:
redirects users to:
after authenticating with SSO.
This seems really dumb... shouldn't the user be redirected back to the originally requested URL? Hopefully, I simply have something misconfigured, but I wasn't able to find anything in searches. I'm using Okta for authentication via SAML 2.0 integration. It's easy enough to just click the original URL again or copy-paste-enter, but it's maddening to my user environment.
FYI - We're running 8.6.0.
What app are you using on the Jira Server side?
Jira Server itself doesn't do SAML, you would need a 3rd party app to integrate while JIRA Data Center has an app from Atlassian to do this.
The app is responsible for the redirects once the response from the IdP arrives, though certainly if Okta doesn't send the RelayState due to misconfiguration then there is nothing the app can do. The app is also responsible for sending the RelayState value to Okta in the SP-initiated SSO case.
If the redirects are not happening it is most likely that the app is not doing what it should. You can check if the RelayState is present using in the browser Developer Tools on the network tab, by examining headers/parameters being sent by Okta back to Jira Server.
There are multiple SAML apps for Jira Server on Atlassian Marketplace, all of them superior to "default" OKTA way. Obviously, "superior" is an opinion, and I work for Techtime, an Atlassian Marketplace Top Vendor and vendor of EasySSO app for Server and Data Center.
We target complex environments where there may be a need for additional authenticators – besides SAML, we provide 4 more: NTLM, Kerberos, HTTP Headers and X.509.
How are you integrating SSO? This is entirely dependent on how you use SSO and configured it.
In a TYPICAL SSO environment, you will be directed to the SSO server with information about WHERE you come from. Then when you come back from the SSO service, you are directed to the right place.
I use the SAML module mod_auth_mellon for Apach2. When you click "sign in", you are directed to and endpoint like @get /mellon/login?returnTo=%2Fpages%2Fviewpage.action%3FspaceKey%3DIT%26title%%2BPlanning
This information is leveraged by ADFS and directs you accordingly, because we configured it to.
I configured SSO via Okta's standard SAML 2.0 implementation steps. The last piece, being directed to the right place after successful SSO, is not happening. It's just dumping all new SSO sessions to the dashboard instead of the returnTo you mention above. Having read your implementation, I expect that I'm just missing that piece of configuration that conveys a relaystate so Jira knows where to send the user after being redirected from the SSO endpoint.
I don't think there are any updates on Okta part,
I found this link to their documentation which is pretty different from what they usually provide as a guide for integration with Jira.
This might be a solution to what is happening with RelayState and its value being lost at the first login attempt.
Did you guys had a chance to test this?
When to use CSV importer When managing your processes in Jira, there are many occasions where you need to create a lot of tasks. Creating them one by one will cost you a lot of time and effort and i...
Connect with like-minded Atlassian users at free events near you!Find an event
Connect with like-minded Atlassian users at free events near you!
Unfortunately there are no Community Events near you at the moment.Host an event
You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events