I have having issues setting up Okta SSO on my Jira standalone instance v7.1.10.
I have followed the direction on the Okta setup page. I have double checked my config files till I can't see straight. I have check file ownership and permissions, and now I am out of ideas
2017-12-23 03:05:59,759 localhost-startStop-1 ERROR [o.a.c.c.C.[Standalone].[localhost].[/]] Exception starting filter trustedapps
java.lang.RuntimeException: Could not load security config 'seraph-config.xml': Error caught in initialisation of authenticator class 'com.atlassian.jira.authenticator.okta.OktaJiraAuthenticator30': Okta Authenticator initialization FAILED: : java.lang.RuntimeException: Okta Authenticator initialization FAILED:
at com.atlassian.seraph.config.SecurityConfigFactory.loadInstance(SecurityConfigFactory.java:60)
at com.atlassian.seraph.config.SecurityConfigFactory.getInstance(SecurityConfigFactory.java:21)
at com.atlassian.security.auth.trustedapps.seraph.filter.SeraphTrustedApplicationsFilter.<init>(SeraphTrustedApplicationsFilter.java:16)
at com.atlassian.seraph.filter.TrustedApplicationsFilter.<init>(TrustedApplicationsFilter.java:17)
at com.atlassian.jira.security.auth.trustedapps.TrustedApplicationFilter.<init>(TrustedApplicationFilter.java:25)
... 3 filtered
at java.lang.reflect.Constructor.newInstance(Constructor.java:423)
at java.lang.Class.newInstance(Class.java:442)
... 8 filtered
at java.util.concurrent.FutureTask.run(FutureTask.java:266)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
at java.lang.Thread.run(Thread.java:748)
Caused by: com.atlassian.seraph.config.ConfigurationException: Error caught in initialisation of authenticator class 'com.atlassian.jira.authenticator.okta.OktaJiraAuthenticator30': Okta Authenticator initialization FAILED: : java.lang.RuntimeException: Okta Authenticator initialization FAILED:
at com.atlassian.seraph.config.SecurityConfigImpl.configureClass(SecurityConfigImpl.java:345)
at com.atlassian.seraph.config.SecurityConfigImpl.configureAuthenticator(SecurityConfigImpl.java:258)
at com.atlassian.seraph.config.SecurityConfigImpl.<init>(SecurityConfigImpl.java:194)
at com.atlassian.seraph.config.SecurityConfigFactory.loadInstance(SecurityConfigFactory.java:56)
... 21 more
at com.atlassian.jira.authenticator.okta.OktaJiraAuthenticator30.init(OktaJiraAuthenticator30.java:65)
at com.atlassian.seraph.config.SecurityConfigImpl.configureClass(SecurityConfigImpl.java:337)
... 24 more
Caused by: java.lang.NullPointerException
at java.io.File.<init>(File.java:277)
at com.okta.saml.util.OktaAuthPeer.readFile(OktaAuthPeer.java:89)
at com.okta.saml.util.OktaAuthPeer.init(OktaAuthPeer.java:51)
at com.okta.saml.util.OktaAuthPeer.<init>(OktaAuthPeer.java:40)
at com.atlassian.jira.authenticator.okta.OktaJiraAuthenticator30.init(OktaJiraAuthenticator30.java:62)
This section of the error makes me think that the config file name is not being passed.
Caused by: java.lang.NullPointerException
at java.io.File.<init>(File.java:277)
Anyone have any ideas on how to troubleshoot? Am I chasing the wrong thing? Any other pointers or suggestions welcome.
Thanks in advance.
Hi @Ryan Lucas
Did you check the following post? https://community.atlassian.com/t5/Jira-questions/Issue-trying-integrate-Okta-with-our-JIRA/qaq-p/137615
Your issue seems to be very similar.
Looks like Seraph cannot find your okta-config-jira.xml file. According to that post, you can pass the full path of the file as an init parameter (okta.config.file) in Okta's authenticator element in seraph-config.xml. My understanding is that by default Seraph seems to expect to find the file in the atlassian-jira folder.
Hope this helps.
I did find that post but it seems my issue is different somehow. I have the config file located in the atlassian-Jira folder and the full path is defined. It’s like the value isn’t being respected. I even tried removing the full path. Also If I change the value of of the config file parameter to a dummy value the error doesn’t change.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Have you tried reaching out to Okta?
Alternatively you can try with the same settings using our add-on, and perhaps you get enough clues to make things right.
https://marketplace.atlassian.com/search?query=kantega
(l work for the vendor Kantega Single Sign-on)
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.