NullPointerException Logging in via SSO in Confluence Data Center

Still need help?

The Atlassian Community is here for you.

Ask the community

Platform notice: Server and Data Center only. This article only applies to Atlassian products on the Server and Data Center platforms.

Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.

*Except Fisheye and Crucible

Summary

Logging in via SAML to Confluence produces a NullPointerException and the following stack trace in the UI and atlassian-confluence.log:

2020-11-06 15:37:52,504 ERROR [http-nio-8090-exec-3] [ContainerBase.[Standalone].[localhost].[/]] log Unhandled exception occurred whilst decorating page
 -- referer: https://sso.google.com/ | url: /plugins/servlet/samlconsumer | traceId: 7c45b7ec46e13fe8 | userName: anonymous
java.lang.NullPointerException
	at com.google.common.collect.Iterables.getOnlyElement(Iterables.java:254)
	at com.atlassian.plugins.authentication.impl.web.saml.SamlConsumerServlet.getAttributeOrNameId(SamlConsumerServlet.java:150)
	at com.atlassian.plugins.authentication.impl.web.saml.SamlConsumerServlet.lambda$getUsername$1(SamlConsumerServlet.java:146)
	at java.base/java.util.stream.Collectors.lambda$uniqKeysMapAccumulator$1(Unknown Source)
	at java.base/java.util.stream.ReduceOps$3ReducingSink.accept(Unknown Source)
	at java.base/java.util.ArrayList$ArrayListSpliterator.forEachRemaining(Unknown Source)
	at java.base/java.util.stream.AbstractPipeline.copyInto(Unknown Source)
	at java.base/java.util.stream.AbstractPipeline.wrapAndCopyInto(Unknown Source)
	at java.base/java.util.stream.ReduceOps$ReduceOp.evaluateSequential(Unknown Source)
	at java.base/java.util.stream.AbstractPipeline.evaluate(Unknown Source)
	at java.base/java.util.stream.ReferencePipeline.collect(Unknown Source)
	at com.atlassian.plugins.authentication.impl.web.usercontext.impl.jit.mapping.MappingExpression.evaluateWithValues(MappingExpression.java:97)
	at com.atlassian.plugins.authentication.impl.web.saml.SamlConsumerServlet.getUsername(SamlConsumerServlet.java:146)
	at com.atlassian.plugins.authentication.impl.web.saml.SamlConsumerServlet.doPost(SamlConsumerServlet.java:99)
	at javax.servlet.http.HttpServlet.service(HttpServlet.java:652)
	at javax.servlet.http.HttpServlet.service(HttpServlet.java:733)
	at com.atlassian.plugin.servlet.DelegatingPluginServlet.service(DelegatingPluginServlet.java:37)
	at javax.servlet.http.HttpServlet.service(HttpServlet.java:733)
	at com.atlassian.plugin.servlet.ServletModuleContainerServlet.service(ServletModuleContainerServlet.java:46)
	at com.atlassian.confluence.servlet.ServletModuleContainerServlet.service(ServletModuleContainerServlet.java:47)
	at javax.servlet.http.HttpServlet.service(HttpServlet.java:733)
  ...


Environment

  • Confluence Data Center 
  • Data Center SAML 

Cause


The Username Mapping attribute defined under the SSO definition in the   > General Configuration > Authentication methods menu, cannot be found in the list of attributes returned from the Identity Provider's SAML assertion.
(info) (the menu name can be General Configuration > SAML 2.0 for older Atlassian SSO plugin versions)

Solution

Capture the IdP's response by logging in as a test user (How to view SAML responses in your browser for troubleshooting) and locate the Attribute Statement section.

Find the AttributeValue that matches the user's Confluence username and copy the corresponding Attribute Name over to Username Mapping attribute defined under the SSO definition in the   > General Configuration > Authentication methods menu. 



Last modified on Nov 14, 2023

Was this helpful?

Yes
No
Provide feedback about this article
Powered by Confluence and Scroll Viewport.