Important Update Effective February 1, 2024!
Due to recent changes in Jira and Confluence, we've made the tough decision to discontinue the OpenID Connect (OIDC)/OAuth app and no longer provide new versions for the newest Jira/Confluence releases as of January 31, 2024.
This is due to some necessary components no longer shipping with Jira/Confluence, which would require some extensive rewrites of the OIDC App.
Important Update! This app will be discontinued soon!
Due to recent changes in Jira, which no longer ships with some components required for our Read Receipts app to run, we've made the tough decision to discontinue the app, as of Februar 5, 2025.
Important Update! This app will be discontinued soon!
We've made the tough business decision to discontinue the app, as of January 11, 2025.
Empty response while using a load balancer with SAML SSO enabled
Problem:
Receiving an empty response page with the SAML SSO app for Jira, Confluence, Bitbucket, or Bamboo enabled while using (F5 or similar) load balancer or problems with SSO in general,
when running a load balancer in front of your Atlassian Server or Data Center application.
Solution:
Change the configuration of the load balancer health check, to monitor the /status URL of every node instead of the baseURL.
The /status returns the following on a healthy node:
URL | Expected Content | Expected HTTP Status |
---|---|---|
HTTP://<node_IP_address>:<port>/status | {"state":"RUNNING"} | 200 OK |
A little more background:
The load balancer is usually configured to frequently monitor the status of each node, and ensure that it is sending traffic to nodes operating normally.
You can find out the node's status by checking http://<node_IP_address>:<port>/status
.
The node will respond with an HTTP response and a JSON payload describing the state of it.
The balancer can use either response or the JSON to determine where to send live traffic.
If that health check fails, the load balancer will declare a node bad and no longer route traffic to it.
With the SAML app for Server / Data Center disabled and monitoring the baseURL of the node, the default login page is served instead,
which will be recognized as an HTML page resulting in success instead.
With the SAML app for Server / Data Center app enabled, if you monitor the baseURL of the node, the app will issue a 302 redirect to a URL belonging to it and eventually to the IdP.
This initial 302 response is by default not interpreted as success by a load-balancer.
Failed health checks will start taking nodes out of service until no more nodes are available, resulting in an empty response.
More information about load balancer configuration options can be found on the below Atlassian documentation page:
https://confluence.atlassian.com/enterprise/load-balancer-configuration-options-935383760.html