SSO with Crowd not working

We have (for time being experimental) Crowd and Confluence with SSO working (with Crowd Shibboleth authenticator). Now we are trying to add JIRA to the system. Authentication from Crowd with local username works in Jira, but SSO (that Shinboleth authentication needs) does not work in Jira. In debug log there is error message:   INVALID SSO TOKEN Token doesn't match the existing token

We have changed the authenticator in seraph-config.xml. Any ideas where to look for the difference between Confluence and Jira?

4 answers

1 accepted

Found it. The test Confluence and test Crowd were using HTTP proxy, but the test JIRA was using AJP proxy.

Therefore there was a difference in remote addresses and the SSO cookies were invalid.

I do not have the answer to your Shibboleth question, but since you say it is experimental, here's a possible alternative solution to your SSO needs. 

I looked at the logs of the crowd server. It can be seen that first the Confluence tries to validate the session and succeeds. Then the Jira sends a similar request but gets a 400: - - [01/Dec/2014:08:42:02 +0200] "POST /crowd/rest/usermanagement/1/session/BBJQUhcXUxFQW669iUsKug00 HTTP/1.1" 200 512 - - [01/Dec/2014:08:42:03 +0200] "GET /crowd/rest/usermanagement/1/session/BBJQUhcXUxFQW669iUsKug00?expand=user HTTP/1.1" 200 1027 - - [01/Dec/2014:08:42:16 +0200] "POST /crowd/rest/usermanagement/1/session/BBJQUhcXUxFQW669iUsKug00 HTTP/1.1" 400 162 - - [01/Dec/2014:08:42:16 +0200] "POST /crowd/rest/usermanagement/1/session/BBJQUhcXUxFQW669iUsKug00 HTTP/1.1" 400 162 - - [01/Dec/2014:08:42:16 +0200] "POST /crowd/rest/usermanagement/1/session/BBJQUhcXUxFQW669iUsKug00 HTTP/1.1" 400 162 Any ideas?

Here is a snip from Crowd logs: 2014-12-01 09:48:14,427 http-bio-8095-exec-20 DEBUG [crowd.manager.authentication.TokenAuthenticationManagerImpl] Current Validation Factors: ValidationFactor[remote_address=] 2014-12-01 09:48:14,427 http-bio-8095-exec-20 DEBUG [crowd.manager.authentication.TokenAuthenticationManagerImpl] comparing existing token Token{identifierHash='7dWKwNE6vaxz1TWMxrARvg00', lastAccessedTime=1417419581224, createdDate=2014-12-01 09:22:18.785, duration=null, name='', directoryId=32770} with a validation token Token{identifierHash='b8XOnwiNUA1MFFmkQq1hAg00', lastAccessedTime=1417420094427, createdDate=Mon Dec 01 09:48:14 EET 2014, duration=null, name='', directoryId=32770} 2014-12-01 09:48:14,427 http-bio-8095-exec-20 DEBUG [crowd.manager.authentication.TokenAuthenticationManagerImpl$TokenValidationFailure] Existing token 'pfBVqHdoyBAfLBtMTn1u8g00' for user '' does not match new token 'FqtI1Ix4yCjdcQZGFQYW0g00' with validation factors 'ValidationFactor[remote_address=]' 2014-12-01 09:48:14,427 http-bio-8095-exec-20 DEBUG [crowd.manager.authentication.TokenAuthenticationManagerImpl] The token keys don't match 2014-12-01 09:48:14,428 http-bio-8095-exec-20 DEBUG [crowd.console.filter.CrowdOpenSessionInViewFilter] Closing Hibernate Session in OpenSessionInViewFilter 2014-12-01 09:50:00,013 scheduler_Worker-0 DEBUG [atlassian.crowd.file.DaoRefresher] Refreshing refreshable DAOs

Suggest an answer

Log in or Join to answer
Community showcase
Sarah Schuster
Posted Jan 29, 2018 in Jira

What are common themes you've seen across successful & failed Jira Software implementations?

Hey everyone! My name is Sarah Schuster, and I'm a Customer Success Manager in Atlassian specializing in Jira Software Cloud. Over the next few weeks I will be posting discussion topics (8 total) to ...

3,213 views 13 19
Join discussion

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you
Atlassian Team Tour

Join us on the Team Tour

We're bringing product updates and pro tips on teamwork to ten cities around the world.

Save your spot