SSO with Crowd not working

We have (for time being experimental) Crowd and Confluence with SSO working (with Crowd Shibboleth authenticator). Now we are trying to add JIRA to the system. Authentication from Crowd with local username works in Jira, but SSO (that Shinboleth authentication needs) does not work in Jira. In debug log there is error message:   INVALID SSO TOKEN Token doesn't match the existing token

We have changed the authenticator in seraph-config.xml. Any ideas where to look for the difference between Confluence and Jira?

4 answers

1 accepted

Accepted Answer
0 votes

Found it. The test Confluence and test Crowd were using HTTP proxy, but the test JIRA was using AJP proxy.

Therefore there was a difference in remote addresses and the SSO cookies were invalid.

I do not have the answer to your Shibboleth question, but since you say it is experimental, here's a possible alternative solution to your SSO needs. http://www.appfusions.com/display/KBRSCJ/Home 

I looked at the logs of the crowd server. It can be seen that first the Confluence tries to validate the session and succeeds. Then the Jira sends a similar request but gets a 400: 128.214.205.241 - - [01/Dec/2014:08:42:02 +0200] "POST /crowd/rest/usermanagement/1/session/BBJQUhcXUxFQW669iUsKug00 HTTP/1.1" 200 512 128.214.205.241 - - [01/Dec/2014:08:42:03 +0200] "GET /crowd/rest/usermanagement/1/session/BBJQUhcXUxFQW669iUsKug00?expand=user HTTP/1.1" 200 1027 128.214.214.218 - - [01/Dec/2014:08:42:16 +0200] "POST /crowd/rest/usermanagement/1/session/BBJQUhcXUxFQW669iUsKug00 HTTP/1.1" 400 162 128.214.214.218 - - [01/Dec/2014:08:42:16 +0200] "POST /crowd/rest/usermanagement/1/session/BBJQUhcXUxFQW669iUsKug00 HTTP/1.1" 400 162 128.214.214.218 - - [01/Dec/2014:08:42:16 +0200] "POST /crowd/rest/usermanagement/1/session/BBJQUhcXUxFQW669iUsKug00 HTTP/1.1" 400 162 Any ideas?

Here is a snip from Crowd logs: 2014-12-01 09:48:14,427 http-bio-8095-exec-20 DEBUG [crowd.manager.authentication.TokenAuthenticationManagerImpl] Current Validation Factors: ValidationFactor[remote_address=128.214.229.20] 2014-12-01 09:48:14,427 http-bio-8095-exec-20 DEBUG [crowd.manager.authentication.TokenAuthenticationManagerImpl] comparing existing token Token{identifierHash='7dWKwNE6vaxz1TWMxrARvg00', lastAccessedTime=1417419581224, createdDate=2014-12-01 09:22:18.785, duration=null, name='aalto@helsinki.fi', directoryId=32770} with a validation token Token{identifierHash='b8XOnwiNUA1MFFmkQq1hAg00', lastAccessedTime=1417420094427, createdDate=Mon Dec 01 09:48:14 EET 2014, duration=null, name='aalto@helsinki.fi', directoryId=32770} 2014-12-01 09:48:14,427 http-bio-8095-exec-20 DEBUG [crowd.manager.authentication.TokenAuthenticationManagerImpl$TokenValidationFailure] Existing token 'pfBVqHdoyBAfLBtMTn1u8g00' for user 'aalto@helsinki.fi' does not match new token 'FqtI1Ix4yCjdcQZGFQYW0g00' with validation factors 'ValidationFactor[remote_address=128.214.229.20]' 2014-12-01 09:48:14,427 http-bio-8095-exec-20 DEBUG [crowd.manager.authentication.TokenAuthenticationManagerImpl] The token keys don't match 2014-12-01 09:48:14,428 http-bio-8095-exec-20 DEBUG [crowd.console.filter.CrowdOpenSessionInViewFilter] Closing Hibernate Session in OpenSessionInViewFilter 2014-12-01 09:50:00,013 scheduler_Worker-0 DEBUG [atlassian.crowd.file.DaoRefresher] Refreshing refreshable DAOs

Suggest an answer

Log in or Sign up to answer
Community showcase
Posted Sep 25, 2018 in Jira

Atlassian Research Workshop opportunity on Sep. 28th in Austin, TX

We're looking for participants for a workshop at Atlassian! We need Jira admins who have interesting custom workflows, issue views, or boards. Think you have a story to sha...

457 views 7 5
Join discussion

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you