SAML Azure JIRA Cloud Configuration Errors

We have followed the instructions mentioned in https://docs.microsoft.com/en-us/azure/active-directory/active-directory-saas-atlassian-cloud-tutorial, but are currently getting the following response.

Oops, there was an error logging you in.

Please contact your administrator to check single sign-on configuration.

Error reference: . Error reported: Invalid issuer in the Assertion/Response

Any help would be greatly appreciated as Atlassian support claims they don't see any errors and isn't much help. They keep saying the identifier is wrong, but we have it set to https://id.atlassian.com/login.

2 answers

0 votes
Brant Schroeder Community Champion Oct 26, 2017

This is caused by the incorrect Single Sign-on Issuer configured. Make sure you have copied the entityID attribute correctly, including the trailing slash.

We've copied it directly from the embedded Azure configuration, but are continuing to get the error.

and our JIRA SAML config:  ScreenShot165.jpg

0 votes
Brant Schroeder Community Champion Oct 26, 2017

Place a / on the back of the identity provider entity ID url.

I tested changing the entity ID with a slash and received the following errors.

 

without.jpgwith.jpg

Error with Entity ID: https://id.atlassian.com/login/ 

I'm unclear if we're putting the / on both the Azure and JIRA sides or just one side?

Brant Schroeder Community Champion Oct 26, 2017

In the JIRA config the Identity provider Entity ID text box should have the SAML Entity ID which you copied from Azure portal this should end in a /.  In the Identity provider SSO URL should have the SAML Single Sign-On Service URL which you copied from Azure portal and should not have an ending /.   Add the certificate and save the settings.   Make sure that Azure AD settings have the correct identifier URL and test again.

Hmm.  Thanks so much for trying to help!!  This is what we have - still getting the oops error:

JIRA Side:

Identity provider Entity IDhttps://sts.windows.net/afd68e8f-a6e1-499f-9638-dceea8479772/

Identity provider SSO URLhttps://login.microsoftonline.com/afd68e8f-a6e1-499f-9638-dceea8479772/saml2

Azure Side:

Identifierhttps://id.atlassian.com/login

Reply URL: https://id.atlassian.com/login/saml/acs

Jason Worley Atlassian Team Nov 08, 2017

According to the instructions that follow:

https://docs.microsoft.com/en-us/azure/active-directory/active-directory-saas-atlassian-cloud-tutorial

... the identifier URL should be as so:

https://<instancename>.atlassian.net/admin/saml/edit 

hoping this helps 

Suggest an answer

Log in or Join to answer
Community showcase
Sarah Schuster
Posted Jan 29, 2018 in Jira

What are common themes you've seen across successful & failed Jira Software implementations?

Hey everyone! My name is Sarah Schuster, and I'm a Customer Success Manager in Atlassian specializing in Jira Software Cloud. Over the next few weeks I will be posting discussion topics (8 total) to ...

2,958 views 12 18
Join discussion

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you
Atlassian Team Tour

Join us on the Team Tour

We're bringing product updates and pro tips on teamwork to ten cities around the world.

Save your spot