Unable to login to Confluence with the error message "Cannot call sendRedirect() after the response has been committed"

Still need help?

The Atlassian Community is here for you.

Ask the community

Platform notice: Server and Data Center only. This article only applies to Atlassian products on the Server and Data Center platforms.

Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.

*Except Fisheye and Crucible

Problem

Some users are unable to login into Confluence (standalone server) with the following error message seen in the UI:

Oops - an error has occurred
System Error
Cause
java.lang.IllegalStateException: Cannot call sendRedirect() after the response has been committed
at
org.apache.catalina.connector.ResponseFacade.sendRedirect(ResponseFacade.java:494)
Stack Trace:[hide]
java.lang.IllegalStateException: Cannot call sendRedirect() after the response has been committed

The following appears in the atlassian-confluence.log

SAMLResponse : PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48c2FtbDJwOlJlc3BvbnNlIHhtbG5zOnNhbWwycD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOnByb3RvY29sIiBEZXN0aW5hdGlvbj0iaHR0cHM6Ly9jb25mbHVlbmNlLnNpbGFicy5jb20vL2luZGV4LmFjdGlvbiIgSUQ9ImlkM
...
Uw6Mi4wOmFzc2VydGlvbiI+PHNhbWwyOkF1dGhuQ29udGV4dD48c2FtbDI6QXV0aG5Db250ZXh0Q2xhc3NSZWY+dXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmFjOmNsYXNzZXM6UGFzc3dvcmRQcm90ZWN0ZWRUcmFuc3BvcnQ8L3NhbWwyOkF1dGhuQ29udGV4dENsYXNzUmVmPjwvc2FtbDI6QXV0aG5Db250ZXh0Pjwvc2FtbDI6QXV0aG5TdGF0ZW1lbnQ+PC9zYW1sMjpBc3NlcnRpb24+PC9zYW1sMnA6UmVzcG9uc2U+

RelayState : https://myconfluence.com/pages/viewpage.action?spaceKey=AAA&title=Setup

caused by: java.lang.IllegalStateException: Cannot call sendRedirect() after the response has been committed
at org.apache.catalina.connector.ResponseFacade.sendRedirect(ResponseFacade.java:494)

Diagnosis

You are using SAML/OKTA with Confluence standalone.

(info) If you are on Confluence Data Center, ensure your configuration matches what Confluence expects as noted in SAML SSO for Confluence Data Center or contact Atlassian Support.

Cause

According to the above traces, there's something wrong with SAML/OKTA code that is generating the error. The problem is related to the doForward() and to the sendRedirect() methods.

More details about both methods and we found the following external threads:

Workaround

Workaround 1

Check, and update the version of your OKTA connector plugin.

Workaround 2

Disable the OKTA/SAML SSO and use only the default Confluence authenticator

  • Disable any third-party plugins installed that enabled OKTA/SAML SSO connection with Confluence.
  • Confluence is configured to achieve SSO through the file seraph-config.xml located in the <confluence_install>/confluence/WEB-INF/classes/seraph-config.xml. Ensure that has the the default Confluence authenticator enabled and OKTA/SAML SSO authenticator disabled:
<!-- The default Confluence authenticator is uncommented (enabled) -->
<authenticator class="com.atlassian.confluence.user.ConfluenceAuthenticator"/>

Workaround 3

Install Crowd and use Crowd SSO instead. More information can be viewed here:

Resolution

OKTA and SAML SSO are currently not supported by Atlassian (Atlassian Support Offerings) . Contact OKTA support or the vendor of your OKTA connector plugin to notify about this issue.

Last modified on Nov 2, 2018

Was this helpful?

Yes
No
Provide feedback about this article
Powered by Confluence and Scroll Viewport.