I broke SSO and ssl on the site during upgrade to 7.6.1 Edited

Ok so i was running 7.5.2 version and everything was working fine. The site told me it needed to update to 7.6.1. So i downloaded the installer, made a backup of the database and proceeded with the install. Immediately after the install, it prompts you to check out the plugins for updates. I did this and two plugins needed to be updated.

 

however i then tried to login to the site and i just get a blank page at the URL https://jira.DOMAIN.COM/plugins/servlet/samlsso?redirectTo=%2F

 

i was using a single sign on plugin, however it did not say that it needed an update. I rebooted the server and still nothing. We are just testing the system now, so its no big deal that its down for a bit, however i need to know 1) what i did wrong and 2) how do i fix this?

 

is there some way to load the site without the offending plugin? I checked the logs and besides some java errors nothing jumps out.

 

I thought these updates were a bit more turnkey than this. oh well. is there some kind of failsafe mode that i can get into the backend with? i did create local logins before enabling single sign on.

3 answers

1 accepted

Due to having SSL enabled (come on jira, who doesnt now a days) i needed to manually (!!!) edit xml files to get this to work.

being very careful this time about reading all prompts, i noticed at the last message before you reactivate the server it says that "server.xml has been modified and cant be upgraded". And sure enough if you diff the backup version to the live version, they have reset your "connector" (line 53 in new server.xml). Had to replace with my line 170 from the old server XML file.

Why the upgrade does not cover this should rightly be a bug. Why would you not migrate the connector setting that makes the whole website work!!

 

You also have to manually copy back jira.jks from backup. Wow. Definitely not a turn key upgrade. Having SSL enabled should not be a "custom code" type situation in my opinion....

 

oh and the path is here "c:\Program Files\Atlassian\JIRA\conf\server.xml"

had to restore from backup and will try upgrade again today with plugins in safe mode this time. I figured out that the plugins are stored in c:\Program Files\Atlassian\Application Data\JIRA\plugins\installed-plugins

 

but moving out those sso plugins just gave me another error about not being able to communicate securely with the server.

Hi @JiraYO,

I agree with you by now there should be better handling of a SSL enabled instance. As it isn't really the exception anymore.

Usually the server.xml doesn't change from version to version - so it's mostly a matter of copying your keystone & your server.xml before the upgrade. Do the upgrade, look at the diffs (if there were any server.xml changes) and then copy back your saved versions & restart Jira.

You are also using our SAML Single Sign On Plugin (thanks!), so let me give you some more plugin specific tips.

 

1) If you run into startup Issues you can in the newest Jira versions, disable all or specific plugins via command line parameter.

To diable our plugin this would look like

Jira

Linux:

<installation-directory>/bin/start-jira.sh --disable-addons=com.resolution.atlasplugins.samlsso.Jira:com.resolution.samlwrapper-plugin

Windows:

<installation-directory>/bin/start-jira.bat /disableaddons=com.resolution.atlasplugins.samlsso.Jira:com.resolution.samlwrapper-plugin

More info's on our KB article, as well as more generalistic on the one from Atlassian here

2) Bypassing SSO to login with local account

If you need to bypass the SSO Login Process to login with a local Username you can do this by appending ?nosso to the product's normal Login URL. In your case, Jira, this would look like:

https://<jira-baseurl>/login.jsp?nosso

More info's in our KB article.

3) Contact our support ...

I monitor this Forum out of interest & hence answer Questions where I can. But there is no real SLA to that.

If you run into trouble with our plugin specifically, the quickest Way to get help is to contact our dedicated support via: https://resolution.de/go/support

Hope your upgrade tonight goes better!

All the best,

Christian

thanks chris. All good info to add.

 

i prefer forums over dedicated support channels as then everyone can benefit from the answer. I also deal with a lot of companies who simply have no tech support or only pay support (cisco, microsoft) so i always will go to forums first. But i will keep in mind, thanks.

Suggest an answer

Log in or Sign up to answer
How to earn badges on the Atlassian Community

How to earn badges on the Atlassian Community

Badges are a great way to show off community activity, whether you’re a newbie or a Champion.

Learn more
Community showcase
Published Thursday in Jira

5 ways you can make the most of Jira Software and Bitbucket Cloud

As part of the Bitbucket product team I'm always interested in better understanding what kind of impact the use of our tools have on the way you work. In a recent study we conducted of software devel...

75 views 0 5
Read article

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you