It's not the same without you

Join the community to find out what other Atlassian users are discussing, debating and creating.

Atlassian Community Hero Image Collage

Okta SSO: Jira redirect to a weird URL if not already logged in Okta

I recently put Jira behind Okta SSO and some users complain and I was able to reproduce, when a user is not signed in to Okta, or timed out from Okta and he click on a Jira ticket link, it will not rediect back to Okta's sign-in page.  Instead, it redirect to a URL like the one below and error out:

https://xyzcompany.com/login.jsp?os_destination=https://xyzcompany.com/jira/browse/CMC-19055

I tried to type in the base URL https://xyzcompany.com/jira, I got redirected to a similar URL like the one above instead of redirect to the Okta singin page:

https://xyzcompany.com/login.jsp?os_destination=https://xyzcompany.com/jira/secure/MyJiraHome.jspa

Any one run into this situation?

thanks

1 comment

Yes, we are dealing with the same situation. Have you been able to fix the issue?

[update] We did speak with a Okta Support rep and we where able to get this working.

Get the instructions for your version of installing and configuring Okta for JIRA from the Chiclet and re-configure JIRA. There are some things that aren't explained very well. In the login.jsp, there is the <%@ %> stuff at the beginning, you are supposed to overwrite those values with the ones supplied. And the rule for the urlrewrite are to Replace the existing rules in the file. So only one rule should be there.

The last is passing of the usernames correctly into JIRA. Our JIRA is setup to use the beginning of a users email account (kevinlynch from kevinlynch@domain.com). Okta was configured incorrectly and was sending the entire email for authentication and thus not failing the logins.

Go to the Okta Admin panel, click Directory at the top and choose 'Profile Editor'. Click on Mappings for the JIRA chiclet profile. Choose Okta to JIRA. Now at the bottom, type the username used to sign in to okta. You will see right above your typing, the user. Click on it. Now it will show on the right, the login value that is being passed to JIRA.

To fix it so that our logins where not trying to put the full email but rather the username at the beginning of the email, enter the following
String.substringBefore(user.email, "@")
We also had to use the drop down to the right to change the yellow arrow to Green (Apply mapping on user create and update)

Once these steps where done, we could successfully login with Okta.

NOTE: The only url that would not work directly is the dashboard (because of the login gadget). We chose not to worry about this single url, because the main url and all other links (Issue links, etc.) worked correctly to kick back to okta or allow authentication.

To disable the dashboard login gadget, use https://confluence.atlassian.com/jirakb/howto-hide-the-login-gadget-from-the-system-dashboard-in-jira-6-4-7-790795313.html

Step 5 in the first section should read:
5. Change the value of <admin-editable>false</admin-editable> to <admin-editable>true</admin-editable>

No. I contacted Jira they said its Okta's issue and Okta said its was an Jira issue.  Turned out I had to upgrade Jira to the latest version and get rid of Okta's SSO connector for Jira and use MiniOrange for Jira instead.  I think your best bet is to use other SAML tools like MiniOrange for Jira.

Hi @zuora-hlau@Kevin Lynch,

I can only confirm your direction, going another third-party plugin. We've had many customers coming on-board with us since they experienced Issues with the Okta SSO connectors over the Years.

There are many plugins to choose from, ranging from free one's to paid ones like ours.

This Marketplace Search should give a reasonable overview: https://marketplace.atlassian.com/search?query=saml


Cheers,
  Christian

Full disclosure, I work for a marketplace vendor.

Comment

Log in or Sign up to comment
Community showcase
Posted in Jira

Calling all Jira Cloud users! Give us feedback on our exploration of a new navigation.

Hi everyone! My name’s Matt and I’m a product manager at Atlassian. I work in the navigation & findability space for all our Jira Cloud products. We’ve been working on trying to improve the exp...

1,246 views 20 13
Join discussion

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you