Error message: The request was aborted: Could not create SSL/TLS secure channel

Problem

When trying to create a Relying Party Trust at your AD FS server, you receive a "The request was aborted: Could not create SSL/TLS secure channel" error message.

Solution

We have experienced this problem happening when the AD FS server and the Java connector of your Atlassian Data Center or Server product have incompatible TLS versions.

To fix this issue, check the TLS versions supported at your AD FS server and adjust accordingly at the Tomcat config file (tomcat-config/server.xml) of your Atlassian product.

Using Tomcat 8.5 config as an example (https://tomcat.apache.org/tomcat-8.5-doc/config/http.html#SSL_Support_-_SSLHostConfig), you can enable all TLS protocols using the parameters below:

sslProtocol="TLS"
sslEnabledProtocols="all"

CODE

An example of the Java connector would be:

<!-- Define an SSL Coyote HTTP/1.1 Connector on port 8443 -->
<Connector
protocol="org.apache.coyote.http11.Http11NioProtocol"
port="8443" maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
enableLookups="false" disableUploadTimeout="true"
acceptCount="100"
scheme="https" secure="true" SSLEnabled="true"
keystoreFile="${user.home}/.keystore" keystorePass="changeit"
clientAuth="false" sslProtocol="TLS" sslEnabledProtocols="all"/>

CODE

Problem

Solution

SAML Single Sign-On is available for Atlassian Server & Atlassian Data Center products. Our Jira Data Center, Confluence Data Center, Bitbucket Data Center, Jira Server, Confluence Server, Bitbucket Server and other apps are all available on the Atlassian Marketplace.

SAML Single Sign-On is available for Atlassian Server & Atlassian Data Center products.

Our Jira Data Center, Confluence Data Center, Bitbucket Data Center, Jira Server, Confluence Server, Bitbucket Server and other apps are all available on the Atlassian Marketplace.