Forums
Home Product Q&A Discussion groups Articles Ask a question Search
Learning
Events

Forums

Articles
Create
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

SSO OIDC - Unknown State in Response Error - [Frequently]

Reab
Reab May 3, 2021

 

We are using Jira Software SSO through OIDC and Keycloak. However, we frequently get "We can't log you in right now" after successful login  while actually the user has logged in and able to access the system (false positive) as shown below:

 

Jira erro -sso.PNG

 

The server logs: 

 

 /plugins/servlet/oidc/callback; user: USERNAME ERROR USERNAME /plugins/servlet/oidc/callback [c.a.p.a.i.web.filter.ErrorHandlingFilter] [UUID:  Unknown state in response
com.atlassian.plugins.authentication.impl.web.usercontext.AuthenticationFailedException: Unknown state in response
at com.atlassian.plugins.authentication.impl.web.oidc.OidcConsumerServlet.lambda$doGet$0(OidcConsumerServlet.java:111)
at java.util.Optional.orElseThrow(Optional.java:290)
at com.atlassian.plugins.authentication.impl.web.oidc.OidcConsumerServlet.doGet(OidcConsumerServlet.java:111)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:626)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:733)
at com.atlassian.plugin.servlet.DelegatingPluginServlet.service(DelegatingPluginServlet.java:37)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:733)
at com.atlassian.plugin.servlet.ServletModuleContainerServlet.service(ServletModuleContainerServlet.java:47)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:733)
... 48 filtered

 

I need to investigate this issue where to look?

 

 

Thanks

Answer
Watch
Like Be the first to like this
1957 views

2 answers

0 votes
Elias Brattli Sørensen - Kantega SSO
Elias Brattli Sørensen - Kantega SSO
Contributor
August 22, 2023

Hi guys,

I have been working quite a lot with OIDC, and have some thoughts and hypotheses.
To troubleshoot this, I would hit the F12 button and perform a network capture to see the requests in the browser. From the looks of it, the callback URL was hit again somehow, after the successful login was performed. In that case, the state variable is no longer cached as the server likely received a replay of a completed login. The explanation for such an error could be many, but maybe something in your network stack leads to this replay / hiccup?

Another possibility that might explain such issues sometimes is that this is caused by a faulty sticky session configuration in a multi-node setup or something, or that the shared cache / file system between nodes is out of sync.

Were you able to resolve the issues, both of you? @Joe Red  @Reab 

Regards,
Elias
Kantega SSO

Reply
0 votes
Joe Red
Joe Red
Contributor
November 3, 2022

Anyone have any thoughts on this?

I am receiving the same error with a very similar setup as @Reab 

 

@Reab What did you do to troubleshoot?

View More Comments
Gita Meskauskas
Gita Meskauskas February 16, 2024

I am having similar issue, any suggestions? @Joe Red @Reab 

Like
Elias Brattli Sørensen - Kantega SSO
Elias Brattli Sørensen - Kantega SSO
Contributor
February 21, 2024

Hi @Gita Meskauskas ,

Can you share more about the errors you're experiencing? While I am not familiar with  Atlassian's OIDC plugin, I am familiar with OpenID Connect and Atlassian software, and I'm happy to help you understand the issue.
See my other comment for suggestions and thoughts.

Best,
Elias
Kantega SSO

Like Gita Meskauskas likes this
Reply

Suggest an answer

Log in or Sign up to answer
Jira
Jira
TAGS
atlassian, atlassian government cloud, fedramp, webinar, register for webinar, atlassian cloud webinar, fedramp moderate offering, work faster with cloud

Unlocking the future with Atlassian Government Cloud ☁️

Atlassian Government Cloud has achieved FedRAMP Authorization at the Moderate level! Join our webinar to learn how you can accelerate mission success and move work forward faster in cloud, all while ensuring your critical data is secure.

Register Now
AUG Leaders

Atlassian Community Events

Community
Forums
FAQs Forums guidelines
Learning
About learning Resources
Events
Copyright © 2025 Atlassian
Privacy Policy Terms Security
Welcome illustration

Welcome to the new Atlassian Community

Online forums and learning are now in one easy-to-use experience.

By continuing, you accept the updated Community Terms of Use and acknowledge the Privacy Policy. Your public name, photo, and achievements may be publicly visible and available in search engines.