Unable to login to Confluence with the error message "Cannot call sendRedirect() after the response has been committed"
プラットフォームについて: Server および Data Center のみ。この記事は、Server および Data Center プラットフォームのアトラシアン製品にのみ適用されます。
Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.
*Fisheye および Crucible は除く
問題
Some users are unable to login into Confluence (standalone server) with the following error message seen in the UI:
Oops - an error has occurred
System Error
Cause
java.lang.IllegalStateException: Cannot call sendRedirect() after the response has been committed
at
org.apache.catalina.connector.ResponseFacade.sendRedirect(ResponseFacade.java:494)
Stack Trace:[hide]
java.lang.IllegalStateException: Cannot call sendRedirect() after the response has been committed
The following appears in the atlassian-confluence.log
SAMLResponse : PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48c2FtbDJwOlJlc3BvbnNlIHhtbG5zOnNhbWwycD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOnByb3RvY29sIiBEZXN0aW5hdGlvbj0iaHR0cHM6Ly9jb25mbHVlbmNlLnNpbGFicy5jb20vL2luZGV4LmFjdGlvbiIgSUQ9ImlkM
...
Uw6Mi4wOmFzc2VydGlvbiI+PHNhbWwyOkF1dGhuQ29udGV4dD48c2FtbDI6QXV0aG5Db250ZXh0Q2xhc3NSZWY+dXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmFjOmNsYXNzZXM6UGFzc3dvcmRQcm90ZWN0ZWRUcmFuc3BvcnQ8L3NhbWwyOkF1dGhuQ29udGV4dENsYXNzUmVmPjwvc2FtbDI6QXV0aG5Db250ZXh0Pjwvc2FtbDI6QXV0aG5TdGF0ZW1lbnQ+PC9zYW1sMjpBc3NlcnRpb24+PC9zYW1sMnA6UmVzcG9uc2U+
RelayState : https://myconfluence.com/pages/viewpage.action?spaceKey=AAA&title=Setup
caused by: java.lang.IllegalStateException: Cannot call sendRedirect() after the response has been committed
at org.apache.catalina.connector.ResponseFacade.sendRedirect(ResponseFacade.java:494)
診断
You are using SAML/OKTA with Confluence standalone.
If you are on Confluence Data Center, ensure your configuration matches what Confluence expects as noted in SAML SSO for Confluence Data Center or contact Atlassian Support.
原因
According to the above traces, there's something wrong with SAML/OKTA code that is generating the error. The problem is related to the doForward() and to the sendRedirect() methods.
More details about both methods and we found the following external threads:
- java - how to fix Cannot call sendRedirect() after the response has been committed? - Stack Overflow
- servlets - java.lang.IllegalStateException: Cannot (forward - sendRedirect - create session) after response has been committed - Stack Overflow
回避策
回避策 1
Check, and update the version of your OKTA connector plugin.
回避策 2
Disable the OKTA/SAML SSO and use only the default Confluence authenticator
- Disable any third-party plugins installed that enabled OKTA/SAML SSO connection with Confluence.
- Confluence is configured to achieve SSO through the file seraph-config.xml located in the <confluence_install>/confluence/WEB-INF/classes/seraph-config.xml. Ensure that has the the default Confluence authenticator enabled and OKTA/SAML SSO authenticator disabled:
<!-- The default Confluence authenticator is uncommented (enabled) -->
<authenticator class="com.atlassian.confluence.user.ConfluenceAuthenticator"/>
回避策 3
Install Crowd and use Crowd SSO instead. More information can be viewed here:
ソリューション
OKTA and SAML SSO are currently not supported by Atlassian (Atlassian Support Offerings) . Contact OKTA support or the vendor of your OKTA connector plugin to notify about this issue.