This comprehensive guide to help you troubleshoot common plugin errors –
Prerequisites
To effectively troubleshoot and fix the issue you must meet the following
prerequisites:
- You should have admin access to your Jira/Confluence instance
- You should have admin access to your Identity provider
Following are some common errors that you might see while using the OAuth SSO
plugin:
MO_OAUTH_ERROR_00001
Error |
Either Signature of the JWT Token could not be verified or the Token has
expired |
Description/Causes |
There was an issue while validating the token, it can be due to
multiple reasons -
- Signature verification failed using the configured public
key/certificate
- The token has expired
|
Solution |
- Check if the public key/certificate is configured properly
- Check if the token being used is valid and not expired
|
MO_OAUTH_ERROR_00002
Error |
Invalid issue in the response |
Description/Causes |
Invalid issue in the response from IDP
|
Solution |
Please check the configured issuer in the plugin |
MO_OAUTH_ERROR_00003
Error |
New users are unable to login - Custom SSO failed because either the user account could not be found or you are not authorised to access Application |
Description/Causes |
SSO failed because either the user account could not be found or you are not authorized to access Jira.
|
Solution |
Check if the user trying to access exists in the Jira/Confluence and
has the required app permissions
- To allow the creation of users
- You can go to the Advanced setting tab of the IDP in the plugin and
enable the “Allow user creation” → In this case if a user trying
to perform SSO is not found, the plugin will create the user.
- To not allow the creation of users
|
MO_OAUTH_ERROR_00004
Error |
Multiple users found with same email |
Description/Causes |
Users are supposed to log in using email, but there are multiple users
with the same email present in Jira/Confluence |
Solution |
To use the “login user account by” – email in User profile
mapping, please ensure all users have unique email |
MO_OAUTH_ERROR_00005
Error |
Application user not found |
Description/Causes |
Application user not found |
Solution |
- An existing user was not found
- Error while creating a new user
|
MO_OAUTH_ERROR_00006
Error |
The client is not valid. Please check the credentials |
Description/Causes |
Invalid client credentials configured |
Solution |
Please check if the configured details are valid |
MO_OAUTH_ERROR_00007
Error |
Error with the AccessTokenEndpoint |
Description/Causes |
Probably the AccessTokenEndpoint configured is returning some error from
IDP |
Solution |
- Check for the error logs on the IDP end
- If pkce_missing_challenge – You can go to the Advanced setting tab of
the IDP in the plugin and enable the “Enable PKCE”
- If there are no error logs on the IDP end, check if the Access Token
is configured properly
- If you are using a supported IDP but
want to change the access token endpoint, you can use the custom
provider option to configure the same
- Ensure that IDP and Jira/Confluence can communicate without any
interference
|
MO_OAUTH_ERROR_00008
Error |
Error validating the Signature or Issuer in the Response |
Description/Causes |
Invalid token received |
Solution |
Please check that the token received is valid and from the configured
IDP |
MO_OAUTH_ERROR_00009
Error |
Error with the Scope Configuration |
Description/Causes |
Invalid scope configured |
Solution |
Please check if the Scope you have entered is correct |
MO_OAUTH_ERROR_00010
Error |
Error with the configured state parameter |
Description/Causes |
State parameter validation failed, invalid State Parameter |
Solution |
Verify that the state parameter is properly passed between IDP and the
plugin |
MO_OAUTH_ERROR_00011
Error |
Error with the configured nonce value |
Description/Causes |
Nonce validation failed |
Solution |
Verify nonce handling between IDP and the plugin |
MO_OAUTH_ERROR_00012
Error |
The user is not allowed to log into the application. |
Description/Causes |
The user trying to perform SSO does not have access to the
application |
Solution |
- Check if the user trying to access the
has the application access–that is added to groups having application
access
- Check if the domain is allowed in the “Sign-In settings”
tab
|
MO_OAUTH_ERROR_00013
Error |
Can't sign in please check the plugin configuration. |
Description/Causes |
It is thrown when there are issues in configurations |
Solution |
Please check if the configured endpoints are correct. |
MO_OAUTH_ERROR_00014
Error |
Error with the User Info response |
Description/Causes |
Invalid User info endpoint |
Solution |
Please check if the User Info Endpoint is correctly configured |
MO_OAUTH_ERROR_00015
Error |
No License Found |
Description/Causes |
No license found configured for the plugin |
Solution |
Please add a valid license in the “Manage Apps” section |
MO_OAUTH_ERROR_00016
Error |
No Configuration Found |
Description/Causes |
Error while fetching configurations from file for backup and
restore |
Solution |
Please check if the uploaded file contains relevant data |
MO_OAUTH_ERROR_00017
Error |
Can't find application |
Description/Causes |
Unable to find IDP specific details in the configuration |
Solution |
Please check your plugin configuration |
MO_OAUTH_ERROR_00018
Error |
The user is deactivated. Can't create a user session, redirecting to
the login page. |
Description/Causes |
The user trying to access the application is deactivated, and
auto-activation of users is disabled. |
Solution |
- To enable auto-activation go to “Global SSO Settings” and
enable “Auto Activate Users on SSO”
- If you want to activate a specific user, you can do it from the
“user” section of the administrator panel
|
MO_OAUTH_ERROR_00019
Error |
Invalid SSO Request, Could not create User Session |
Description/Causes |
Mismatch or missing parameter while trying to authenticate using JWT
|
Solution |
Check if the required parameters like jwtToken and
providerId are added properly – they are case-sensitive
|
MO_OAUTH_ERROR_00020
Error |
Error with User Profile Mapping made inside the Plugin |
Description/Causes |
Error with attributes configured in user profile
|
Solution |
Attributes are case-sensitive, check if the correct attributes are
configured in the user profile section in the plugin
|
MO_OAUTH_ERROR_00021
Error |
Public Key/Certificate Not Configured To Verify JWT Token |
Description/Causes |
Public Key/Certificate Not Configured To Verify JWT Token
|
Solution |
Check if public key/certificate is configured in the JWT App
|
MO_OAUTH_ERROR_00022
Error |
JWT Authentication is disabled |
Description/Causes |
- You do not have a JWT application configured
- You have disabled the Jira SSO using the JWT Application
|
Solution |
- Check if you have a JWT application configured in the “Configured
Providers” tab
- Check if the toggle for Jira or JSM SSO is enabled to allow
authentication using JWT
|
If you’re feeling stuck, please reach out to us at support-atlassian@miniorange.atlassian.net or raise a support ticket here for assistance. We’re here to help!