Create
cancel
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Celebration

Earn badges and make progress

You're on your way to the next level! Join the Kudos program to earn points and save your progress.

Deleted user Avatar
Deleted user

Level 1: Seed

25 / 150 points

Next: Root

Avatar

1 badge earned

Collect

Participate in fun challenges

Challenges come and go, but your rewards stay with you. Do more to earn more!

Challenges
Coins

Gift kudos to your peers

What goes around comes around! Share the love by gifting kudos to your peers.

Recognition
Ribbon

Rise up in the ranks

Keep earning points to reach the top of the leaderboard. It resets every quarter so you always have a chance!

Leaderboard

Come for the products,
stay for the community

The Atlassian Community can help you and your team get more value out of Atlassian products and practices.

Atlassian Community about banner
4,462,136
Community Members
 
Community Events
176
Community Groups

Intermittent error message refreshing a page from idle timeout

Hello Friends, I had posted this as an Atlassian bug, forgive me for the multiple questions and very long detail, but anyone seen this type of problem that can advise please?

Relevant config details:
- clustered on-prem environment.
- Integrated with OneLogin as the IDP
- System Time is EST (3 hours ahead of Customer Time as error messages show, which is PST)
- Last week enabled idle session timeout via this case: https://support.atlassian.com/requests/CSP-308449
- Disabled rememberme and renamed the seraph expected cookie to force all open windows at that time to re-authenticate.

I cannot figure out the exact scenario to consistently reproduce this, but refreshing a page that has been open after the idle session timeout period intermittently produces this error message.
Date: 2022-07-11 14:47:55 (which is 17:47:55 in the log files)
- Valid OneLogin session existed (idle session timeout value for OneLogin is 8 hours)
- Valid Confluence session existing, governed by the JSESSION Cookie, default setting of 60 minutes
- Wait until idle session timeout period completes and refresh page
- Expected result: Confluence recognizes idle session and should call out to OneLogin, which should see a valid OneLogin session for the user and simply send back the SAML response for that user. NOTE that this does sometimes work as expected.
- Note the userName: anonymous setting in the logfiles.
- Hitting back button DOES correctly produce the expected result (redirects to OneLogin which sees a valid OneLogin session and sends back a SAML assertion, reloading the page seamlessly).

Something went wrong
We couldn't log you in. This may be for a variety of reasons. We suggest trying again.
Return to login
If the problem persists, contact your Confluence administrator.
3bb9bc11-7590-4c8e-abf5-07e1066fa38e
Date: 2022-07-11 14:47:55

See the attached logfile, I added an entry at the bottom to highlight this error:
**** Refreshed a page here from kerrykane@agilesys.com.

1) What could be causing this?
2) Please help me understand how clustering operates - is it active/passive? And when does it decide to cutover to the active node and how can I tell that from the logs? Asking because it does look as if node d7677f43 was active earlier today, and in this scenario I was running from node d7677f62. I believe expected results should still work however (redirect to OneLogin who sends back a valid SAML response and page refreshes seamlessly)??

BTW, did find this KB that describes exact same errors, but the SSO Plugin we’re running is a newer version than it suggests upgrading to: https://confluence.atlassian.com/confkb/received-invalid-saml-response-the-response-has-an-inresponseto-attribute-onelogin_-abc-de-fg-while-no-inresponseto-was-expected-after-session-times-out-while-re-authenticating-to-azure-sso-1050548417.html

Our version is 4.2.12, however in the Maintenance, App Compatibility is shows as ‘incompatible’, and there does not seem to be a newer version for this deployment
3) How should we be interpreting plugin compatibility when one says incompatible and yet there’s no newer version?

0 answers

Suggest an answer

Log in or Sign up to answer
TAGS

Atlassian Community Events