POST binding is currently disabled in the Marketplace release of our Fisheye/Crucible addon. If you cannot use REDIRECT binding with your Identity Provider follow these steps:

  1. Shut down your Fisheye/Crucible server.
  2. Go to the applications lib folder (e.g. /opt/atlassian/fecru/lib) and move xercesImpl-2.7.1.jar outside of this folder (e.g. to your home directory).
  3. Download xercesImpl-2.8.0.jar from Maven Central (xercesImpl-2.8.0.jar) and place it in the applications lib folder.
  4. Start your Fisheye/Crucible server.
  5. Download this special build and install it via the UPM:

Background info

Fisheye/Crucible comes with the bundled version 2.7.1 of Xerces that has a bug that takes effect during evaluating the signature of the SAML response. Therefore we have decided to disable this feature in the Marketplace build. This bug was fixed in Xerces 2.8.0. Until Fisheye/Crucible it shipped with an updated version of Xerces this workaround needs to be applied.

If you want to be notified on news about this Fisheye/Crucible bug, please vote for or watch this issue: