Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

I broke SSO and ssl on the site during upgrade to 7.6.1

JiraYo
JiraYo
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
December 12, 2017

Ok so i was running 7.5.2 version and everything was working fine. The site told me it needed to update to 7.6.1. So i downloaded the installer, made a backup of the database and proceeded with the install. Immediately after the install, it prompts you to check out the plugins for updates. I did this and two plugins needed to be updated.

 

however i then tried to login to the site and i just get a blank page at the URL https://jira.DOMAIN.COM/plugins/servlet/samlsso?redirectTo=%2F

 

i was using a single sign on plugin, however it did not say that it needed an update. I rebooted the server and still nothing. We are just testing the system now, so its no big deal that its down for a bit, however i need to know 1) what i did wrong and 2) how do i fix this?

 

is there some way to load the site without the offending plugin? I checked the logs and besides some java errors nothing jumps out.

 

I thought these updates were a bit more turnkey than this. oh well. is there some kind of failsafe mode that i can get into the backend with? i did create local logins before enabling single sign on.

Answer
Watch
Like Be the first to like this
1266 views

3 answers

1 accepted

0 votes
Answer accepted
JiraYo
JiraYo
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
December 13, 2017

Due to having SSL enabled (come on jira, who doesnt now a days) i needed to manually (!!!) edit xml files to get this to work.

being very careful this time about reading all prompts, i noticed at the last message before you reactivate the server it says that "server.xml has been modified and cant be upgraded". And sure enough if you diff the backup version to the live version, they have reset your "connector" (line 53 in new server.xml). Had to replace with my line 170 from the old server XML file.

Why the upgrade does not cover this should rightly be a bug. Why would you not migrate the connector setting that makes the whole website work!!

 

You also have to manually copy back jira.jks from backup. Wow. Definitely not a turn key upgrade. Having SSL enabled should not be a "custom code" type situation in my opinion....

 

oh and the path is here "c:\Program Files\Atlassian\JIRA\conf\server.xml"

Reply
0 votes
Christian Reichert (resolution)
Christian Reichert (resolution)
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
December 13, 2017

Hi @JiraYo,

I agree with you by now there should be better handling of a SSL enabled instance. As it isn't really the exception anymore.

Usually the server.xml doesn't change from version to version - so it's mostly a matter of copying your keystone & your server.xml before the upgrade. Do the upgrade, look at the diffs (if there were any server.xml changes) and then copy back your saved versions & restart Jira.

You are also using our SAML Single Sign On Plugin (thanks!), so let me give you some more plugin specific tips.

 

1) If you run into startup Issues you can in the newest Jira versions, disable all or specific plugins via command line parameter.

To diable our plugin this would look like

Jira

Linux:

<installation-directory>/bin/start-jira.sh --disable-addons=com.resolution.atlasplugins.samlsso.Jira:com.resolution.samlwrapper-plugin

Windows:

<installation-directory>/bin/start-jira.bat /disableaddons=com.resolution.atlasplugins.samlsso.Jira:com.resolution.samlwrapper-plugin

More info's on our KB article, as well as more generalistic on the one from Atlassian here

2) Bypassing SSO to login with local account

If you need to bypass the SSO Login Process to login with a local Username you can do this by appending ?nosso to the product's normal Login URL. In your case, Jira, this would look like:

https://<jira-baseurl>/login.jsp?nosso

More info's in our KB article.

3) Contact our support ...

I monitor this Forum out of interest & hence answer Questions where I can. But there is no real SLA to that.

If you run into trouble with our plugin specifically, the quickest Way to get help is to contact our dedicated support via: https://resolution.de/go/support

Hope your upgrade tonight goes better!

All the best,

Christian

View More Comments
JiraYo
JiraYo
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
December 14, 2017

thanks chris. All good info to add.

 

i prefer forums over dedicated support channels as then everyone can benefit from the answer. I also deal with a lot of companies who simply have no tech support or only pay support (cisco, microsoft) so i always will go to forums first. But i will keep in mind, thanks.

Like
Reply
0 votes
JiraYo
JiraYo
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
December 13, 2017

had to restore from backup and will try upgrade again today with plugins in safe mode this time. I figured out that the plugins are stored in c:\Program Files\Atlassian\Application Data\JIRA\plugins\installed-plugins

 

but moving out those sso plugins just gave me another error about not being able to communicate securely with the server.

Reply

Suggest an answer

Log in or Sign up to answer
Jira
Jira Software
TAGS
AUG Leaders

Atlassian Community Events

    See all events