SSO with Crowd not working

We have (for time being experimental) Crowd and Confluence with SSO working (with Crowd Shibboleth authenticator). Now we are trying to add JIRA to the system. Authentication from Crowd with local username works in Jira, but SSO (that Shinboleth authentication needs) does not work in Jira. In debug log there is error message:   INVALID SSO TOKEN Token doesn't match the existing token

We have changed the authenticator in seraph-config.xml. Any ideas where to look for the difference between Confluence and Jira?

4 answers

1 accepted

This widget could not be displayed.

Found it. The test Confluence and test Crowd were using HTTP proxy, but the test JIRA was using AJP proxy.

Therefore there was a difference in remote addresses and the SSO cookies were invalid.

This widget could not be displayed.

I do not have the answer to your Shibboleth question, but since you say it is experimental, here's a possible alternative solution to your SSO needs. http://www.appfusions.com/display/KBRSCJ/Home 

This widget could not be displayed.

I looked at the logs of the crowd server. It can be seen that first the Confluence tries to validate the session and succeeds. Then the Jira sends a similar request but gets a 400: 128.214.205.241 - - [01/Dec/2014:08:42:02 +0200] "POST /crowd/rest/usermanagement/1/session/BBJQUhcXUxFQW669iUsKug00 HTTP/1.1" 200 512 128.214.205.241 - - [01/Dec/2014:08:42:03 +0200] "GET /crowd/rest/usermanagement/1/session/BBJQUhcXUxFQW669iUsKug00?expand=user HTTP/1.1" 200 1027 128.214.214.218 - - [01/Dec/2014:08:42:16 +0200] "POST /crowd/rest/usermanagement/1/session/BBJQUhcXUxFQW669iUsKug00 HTTP/1.1" 400 162 128.214.214.218 - - [01/Dec/2014:08:42:16 +0200] "POST /crowd/rest/usermanagement/1/session/BBJQUhcXUxFQW669iUsKug00 HTTP/1.1" 400 162 128.214.214.218 - - [01/Dec/2014:08:42:16 +0200] "POST /crowd/rest/usermanagement/1/session/BBJQUhcXUxFQW669iUsKug00 HTTP/1.1" 400 162 Any ideas?

This widget could not be displayed.

Here is a snip from Crowd logs: 2014-12-01 09:48:14,427 http-bio-8095-exec-20 DEBUG [crowd.manager.authentication.TokenAuthenticationManagerImpl] Current Validation Factors: ValidationFactor[remote_address=128.214.229.20] 2014-12-01 09:48:14,427 http-bio-8095-exec-20 DEBUG [crowd.manager.authentication.TokenAuthenticationManagerImpl] comparing existing token Token{identifierHash='7dWKwNE6vaxz1TWMxrARvg00', lastAccessedTime=1417419581224, createdDate=2014-12-01 09:22:18.785, duration=null, name='aalto@helsinki.fi', directoryId=32770} with a validation token Token{identifierHash='b8XOnwiNUA1MFFmkQq1hAg00', lastAccessedTime=1417420094427, createdDate=Mon Dec 01 09:48:14 EET 2014, duration=null, name='aalto@helsinki.fi', directoryId=32770} 2014-12-01 09:48:14,427 http-bio-8095-exec-20 DEBUG [crowd.manager.authentication.TokenAuthenticationManagerImpl$TokenValidationFailure] Existing token 'pfBVqHdoyBAfLBtMTn1u8g00' for user 'aalto@helsinki.fi' does not match new token 'FqtI1Ix4yCjdcQZGFQYW0g00' with validation factors 'ValidationFactor[remote_address=128.214.229.20]' 2014-12-01 09:48:14,427 http-bio-8095-exec-20 DEBUG [crowd.manager.authentication.TokenAuthenticationManagerImpl] The token keys don't match 2014-12-01 09:48:14,428 http-bio-8095-exec-20 DEBUG [crowd.console.filter.CrowdOpenSessionInViewFilter] Closing Hibernate Session in OpenSessionInViewFilter 2014-12-01 09:50:00,013 scheduler_Worker-0 DEBUG [atlassian.crowd.file.DaoRefresher] Refreshing refreshable DAOs

Suggest an answer

Log in or Sign up to answer
Atlassian Summit 2018

Meet the community IRL

Atlassian Summit is an excellent opportunity for in-person support, training, and networking.

Learn more
Community showcase
Posted Wednesday in New to Jira

Are you planning to trial, or are currently trialling Jira Software? - We want to talk to you!

Hello! I'm Rayen, a product manager at Atlassian. My team and I are working hard to improve the trial experience for Jira Software Cloud. We are interested in   talking to 20 people planning t...

83 views 1 0
Join discussion

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you