'Can't save your settings' Error when configuring 'Username mapping' for SAML SSO setup in Jira
Platform notice: Server and Data Center only. This article only applies to Atlassian products on the Server and Data Center platforms.
Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.
*Except Fisheye and Crucible
Summary
When configuring 'Username mapping' as ${NameID} as part of the SAML SSO setup, it fails with message, "Can't save your settings" as below:
The configuration saves fine with only $NameID and does not show any Errors. However, when adding curly braces '{}' around NameID, it fails with above Error.
Note- The correct format to configure the username mapping to use NameID claim from the SAML response is ${NameID}.
Environment
Jira Server/Data Center
Diagnosis
- Bypassing the proxy as outlined in Bypass a proxy or SSL to test network connectivity for Jira server will fix the problem.
- Turning off the web application firewall (WAF) will also fix the problem.
Cause
There is a configuration at Reverse proxy(App gateway with WAF)/load balancer or firewall that blocks some requests from Jira..
Solution
- Network team needs to be engaged in order to look at reverse proxy configuration, as well as in the web application firewall (WAF) settings.
- Though we provide documents for implementation of proxy, issues related to Proxy/Load Balancer/WAF is out of scope for Atlassian Support as per Atlassian Support Offerings.