Just a heads up: On March 24, 2025, starting at 4:30pm CDT / 19:30 UTC, the site will be undergoing scheduled maintenance for a few hours. During this time, the site might be unavailable for a short while. Thanks for your patience.

×
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

How to disable SAML 2.0 in Jira Data Center 8.2 when we can't log in

Steve Mills
Steve Mills August 27, 2019

Yesterday. we were testing configuring SAML 2.0 in our Jira Data Center 8.2.  We were not successful and thought we were very careful to ensure we had selected "Use SAML as secondary authentication" selected until we were successful, but had run some tests where we had it set as primary (and leaving the session open.)

 

It appears to me that the configuration was last saved with "Use SAML as primary authentication" selected but it is failing.  We are essentially locked out.

 

Is ther some way of setting "SAML Authentication to secondary" or change the SAML 2.0 to "Use Login Form" instead of SAML Single Sign-on or somehow to force an interactive user logon?

In this:

https://confluence.atlassian.com/adminjiraserver/saml-sso-for-jira-data-center-applications-938847031.html

I saw this:

If you make a mistake configuring the SAML authentication, or are unable to log in using your IdP, you can restore login form authentication by using issuing a DELETE request (using a username and password for an administrator configured in your user directory):

curl -u admin_user:admin_password -X DELETE http://base-url/product/rest/authconfig/1.0/saml

But I don't understand the context of where this is run.  Is this right in my browser or from a command line on the linux machine?

Answer
Watch
Like Be the first to like this
4429 views

2 answers

1 accepted

0 votes
Answer accepted
Christian Reichert (resolution)
Christian Reichert (resolution)
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
August 27, 2019

You need to run this from a terminal command line / basically a machine which has curl installed. (What is curl - https://dev.to/ibmdeveloper/what-is-curl-and-why-is-it-all-over-api-docs-9mh)

It basically does a REST API call to remove the SAML Config. After that you should be able to login again.

Cheers,
Christian

View More Comments
Steve Mills
Steve Mills August 27, 2019

Thanks! A more tech savy member of our team knew what to do with this when he came in.

Like
Rama Penumarti
Rama Penumarti
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
February 10, 2020

I am, getting "Forbidden (403)" error when I try to disable SSO using the curl command

curl -u "localadmin_username:localadmin_password" -X DELETE -k https://jiraurl/product/rest/authconfig/1.0/saml

Like B G likes this
Reply
0 votes
Deleted user April 21, 2022

Best way is to use the fallback URL.  From there you can change your configuration as needed.  Much more simple.

https://confluence.atlassian.com/jirakb/bypass-saml-authentication-for-jira-data-center-869009810.html

Reply

Suggest an answer

Log in or Sign up to answer
Jira
Jira
TAGS
AUG Leaders

Atlassian Community Events

    See all events