SAML Azure JIRA Cloud Configuration Errors

We have followed the instructions mentioned in https://docs.microsoft.com/en-us/azure/active-directory/active-directory-saas-atlassian-cloud-tutorial, but are currently getting the following response.

Oops, there was an error logging you in.

Please contact your administrator to check single sign-on configuration.

Error reference: . Error reported: Invalid issuer in the Assertion/Response

Any help would be greatly appreciated as Atlassian support claims they don't see any errors and isn't much help. They keep saying the identifier is wrong, but we have it set to https://id.atlassian.com/login.

2 answers

This widget could not be displayed.
Brant Schroeder Community Champion Oct 26, 2017

This is caused by the incorrect Single Sign-on Issuer configured. Make sure you have copied the entityID attribute correctly, including the trailing slash.

We've copied it directly from the embedded Azure configuration, but are continuing to get the error.

and our JIRA SAML config:  ScreenShot165.jpg

This widget could not be displayed.
Brant Schroeder Community Champion Oct 26, 2017

Place a / on the back of the identity provider entity ID url.

I tested changing the entity ID with a slash and received the following errors.

 

without.jpgwith.jpg

Error with Entity ID: https://id.atlassian.com/login/ 

I'm unclear if we're putting the / on both the Azure and JIRA sides or just one side?

Brant Schroeder Community Champion Oct 26, 2017

In the JIRA config the Identity provider Entity ID text box should have the SAML Entity ID which you copied from Azure portal this should end in a /.  In the Identity provider SSO URL should have the SAML Single Sign-On Service URL which you copied from Azure portal and should not have an ending /.   Add the certificate and save the settings.   Make sure that Azure AD settings have the correct identifier URL and test again.

Hmm.  Thanks so much for trying to help!!  This is what we have - still getting the oops error:

JIRA Side:

Identity provider Entity IDhttps://sts.windows.net/afd68e8f-a6e1-499f-9638-dceea8479772/

Identity provider SSO URLhttps://login.microsoftonline.com/afd68e8f-a6e1-499f-9638-dceea8479772/saml2

Azure Side:

Identifierhttps://id.atlassian.com/login

Reply URL: https://id.atlassian.com/login/saml/acs

Jason Worley Atlassian Team Nov 08, 2017

According to the instructions that follow:

https://docs.microsoft.com/en-us/azure/active-directory/active-directory-saas-atlassian-cloud-tutorial

... the identifier URL should be as so:

https://<instancename>.atlassian.net/admin/saml/edit 

hoping this helps 

Suggest an answer

Log in or Sign up to answer
Atlassian Summit 2018

Meet the community IRL

Atlassian Summit is an excellent opportunity for in-person support, training, and networking.

Learn more
Community showcase
Posted Wednesday in New to Jira

Are you planning to trial, or are currently trialling Jira Software? - We want to talk to you!

Hello! I'm Rayen, a product manager at Atlassian. My team and I are working hard to improve the trial experience for Jira Software Cloud. We are interested in   talking to 20 people planning t...

112 views 2 0
Join discussion

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you