Are you in the loop? Keep up with the latest by making sure you're subscribed to Community Announcements. Just click Watch and select Articles.

Showing results for 
Search instead for 
Did you mean: 
Sign up Log in

Earn badges and make progress

You're on your way to the next level! Join the Kudos program to earn points and save your progress.

Deleted user Avatar
Deleted user

Level 1: Seed

25 / 150 points

Next: Root


1 badge earned


Participate in fun challenges

Challenges come and go, but your rewards stay with you. Do more to earn more!


Gift kudos to your peers

What goes around comes around! Share the love by gifting kudos to your peers.


Rise up in the ranks

Keep earning points to reach the top of the leaderboard. It resets every quarter so you always have a chance!


Okta SSO: Jira redirect to a weird URL if not already logged in Okta

I recently put Jira behind Okta SSO and some users complain and I was able to reproduce, when a user is not signed in to Okta, or timed out from Okta and he click on a Jira ticket link, it will not rediect back to Okta's sign-in page.  Instead, it redirect to a URL like the one below and error out:

I tried to type in the base URL, I got redirected to a similar URL like the one above instead of redirect to the Okta singin page:

Any one run into this situation?



Yes, we are dealing with the same situation. Have you been able to fix the issue?

[update] We did speak with a Okta Support rep and we where able to get this working.

Get the instructions for your version of installing and configuring Okta for JIRA from the Chiclet and re-configure JIRA. There are some things that aren't explained very well. In the login.jsp, there is the <%@ %> stuff at the beginning, you are supposed to overwrite those values with the ones supplied. And the rule for the urlrewrite are to Replace the existing rules in the file. So only one rule should be there.

The last is passing of the usernames correctly into JIRA. Our JIRA is setup to use the beginning of a users email account (kevinlynch from Okta was configured incorrectly and was sending the entire email for authentication and thus not failing the logins.

Go to the Okta Admin panel, click Directory at the top and choose 'Profile Editor'. Click on Mappings for the JIRA chiclet profile. Choose Okta to JIRA. Now at the bottom, type the username used to sign in to okta. You will see right above your typing, the user. Click on it. Now it will show on the right, the login value that is being passed to JIRA.

To fix it so that our logins where not trying to put the full email but rather the username at the beginning of the email, enter the following
String.substringBefore(, "@")
We also had to use the drop down to the right to change the yellow arrow to Green (Apply mapping on user create and update)

Once these steps where done, we could successfully login with Okta.

NOTE: The only url that would not work directly is the dashboard (because of the login gadget). We chose not to worry about this single url, because the main url and all other links (Issue links, etc.) worked correctly to kick back to okta or allow authentication.

To disable the dashboard login gadget, use

Step 5 in the first section should read:
5. Change the value of <admin-editable>false</admin-editable> to <admin-editable>true</admin-editable>

No. I contacted Jira they said its Okta's issue and Okta said its was an Jira issue.  Turned out I had to upgrade Jira to the latest version and get rid of Okta's SSO connector for Jira and use MiniOrange for Jira instead.  I think your best bet is to use other SAML tools like MiniOrange for Jira.

Christian Reichert _resolution_
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Feb 21, 2018

Hi @zuora-hlau@Kevin Lynch,

I can only confirm your direction, going another third-party plugin. We've had many customers coming on-board with us since they experienced Issues with the Okta SSO connectors over the Years.

There are many plugins to choose from, ranging from free one's to paid ones like ours.

This Marketplace Search should give a reasonable overview:


Full disclosure, I work for a marketplace vendor.

Where you guys able to fix this issue?


Log in or Sign up to comment
AUG Leaders

Atlassian Community Events