Please follow the steps below to troubleshoot problems with SSO (single sign-on) in Crowd:

  1. Confirm that you can log in to each application with the same username and password.
    • In Crowd, click 'Applications' to view the Application Browser.
    • Click 'View' next to the application.
    • Click the 'Authentication Test' tab and follow these instructions.

  2. Set each application to use centralised SSO authentication, as follows. Ensure that each Atlassian application's WEB-INF/classes/seraph-config.xml file is using the Crowd's com.atlassian.crowd authenticator class. For example in JIRA, instead of this:

    <authenticator class="com.atlassian.jira.security.login.JiraSeraphAuthenticator"/>


    you should have this:

    <authenticator class="com.atlassian.jira.security.login.SSOSeraphAuthenticator"/>

    Please, see our Adding an Application Tutorial page to check the SSO authenticator classes for other applications. 

     

  3. If you are using a reverse proxy in front of any of the applications, you'll need to make sure that the host header is preserved in the forward. For example, in an Apache reverse proxy, you need to enable the "ProxyPreserveHost" option, and in IIS you need to use "Application Request Routing" to achieve the same.
  4. Once each application is using centralised authentication, confirm you can log in to each application with the same username and password.
  5. Ensure that each application is using the same sub-domain. For example:
    • JIRA -> jira.example.com
    • Confluence -> confluence.example.com
    • Crowd -> crowd.example.com

(info) SSO will only work with applications on the same sub-domain. Why? Crowd uses a cookie to manage SSO and your browser only has access to cookies in the same sub domain, e.g. *.example.com.

This is the value that you set in the Domain property (e.g. .example.com) for Crowd to enable SSO. This is covered in the documentation on configuring the domain.

Still having trouble?

If the above steps have not solved your problem, please gather some debugging information as described below before contacting Atlassian support:

  1. In Crowd, go to 'Administration' -> 'Logging & Profiling'. Change the com.atlassian.crowd package to DEBUG.
  2. Replicate the SSO problem you are having.
  3. Please raise a support issue on our Support System, attaching your {CROWD HOME}/logs/atlassian-crowd.log file with the debug information gathered.
RELATED TOPICS

Overview of SSO

  • No labels