SSO Cookie Inconsistent Between Atlassian Applications

Brian Tullio November 14, 2018

When Crowd generates an SSO cookie, the token is not quoted (crowd.token_key = xxxx)

When you access Jira, Confluence, or Bitbucket, the SSO cookie token is quoted (crowd.token_key = "xxxx")

Jira/Confluence/Bitbucket/Crowd don't seem to mind that the cookie value is different, but other applications (such as Apache), see it as not matching.

If I login to Jira and have it create the SSO cookie, Apache won't see it and ask me to login anyways.

If I login to Crowd and have it create the SSO cookie, Apache sees the cookie and accepts it.

If you monitor the cookie, and switch back and forth between Crowd and Jira, you can see the cookie value changing. Refresh a Crowd page, value is unquoted. Refresh a Jira page, value is quoted.

0 answers

Suggest an answer

Log in or Sign up to answer