Unable to login to Confluence with the error message "Cannot call sendRedirect() after the response has been committed"

お困りですか?

アトラシアン コミュニティをご利用ください。

コミュニティに質問

プラットフォームについて: Server と Data Center のみ - この記事は、サーバーおよびデータセンター プラットフォームのアトラシアン製品にのみ適用されます。

問題

Some users are unable to login into Confluence (standalone server) with the following error message seen in the UI:

Oops - an error has occurred
System Error
Cause
java.lang.IllegalStateException: Cannot call sendRedirect() after the response has been committed
at
org.apache.catalina.connector.ResponseFacade.sendRedirect(ResponseFacade.java:494)
Stack Trace:[hide]
java.lang.IllegalStateException: Cannot call sendRedirect() after the response has been committed

The following appears in the atlassian-confluence.log

SAMLResponse : PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48c2FtbDJwOlJlc3BvbnNlIHhtbG5zOnNhbWwycD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOnByb3RvY29sIiBEZXN0aW5hdGlvbj0iaHR0cHM6Ly9jb25mbHVlbmNlLnNpbGFicy5jb20vL2luZGV4LmFjdGlvbiIgSUQ9ImlkM
...
Uw6Mi4wOmFzc2VydGlvbiI+PHNhbWwyOkF1dGhuQ29udGV4dD48c2FtbDI6QXV0aG5Db250ZXh0Q2xhc3NSZWY+dXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmFjOmNsYXNzZXM6UGFzc3dvcmRQcm90ZWN0ZWRUcmFuc3BvcnQ8L3NhbWwyOkF1dGhuQ29udGV4dENsYXNzUmVmPjwvc2FtbDI6QXV0aG5Db250ZXh0Pjwvc2FtbDI6QXV0aG5TdGF0ZW1lbnQ+PC9zYW1sMjpBc3NlcnRpb24+PC9zYW1sMnA6UmVzcG9uc2U+

RelayState : https://myconfluence.com/pages/viewpage.action?spaceKey=AAA&title=Setup

caused by: java.lang.IllegalStateException: Cannot call sendRedirect() after the response has been committed
at org.apache.catalina.connector.ResponseFacade.sendRedirect(ResponseFacade.java:494)

診断

You are using SAML/OKTA with Confluence standalone.

(info) If you are on Confluence Data Center, ensure your configuration matches what Confluence expects as noted in SAML SSO for Confluence Data Center or contact Atlassian Support.

原因

According to the above traces, there's something wrong with SAML/OKTA code that is generating the error. The problem is related to the doForward() and to the sendRedirect() methods.

More details about both methods and we found the following external threads:

回避策

回避策 1

Check, and update the version of your OKTA connector plugin.

回避策 2

Disable the OKTA/SAML SSO and use only the default Confluence authenticator

  • Disable any third-party plugins installed that enabled OKTA/SAML SSO connection with Confluence.
  • Confluence is configured to achieve SSO through the file seraph-config.xml located in the <confluence_install>/confluence/WEB-INF/classes/seraph-config.xml. Ensure that has the the default Confluence authenticator enabled and OKTA/SAML SSO authenticator disabled:
<!-- The default Confluence authenticator is uncommented (enabled) -->
<authenticator class="com.atlassian.confluence.user.ConfluenceAuthenticator"/>

回避策 3

Install Crowd and use Crowd SSO instead. More information can be viewed here:

ソリューション

OKTA and SAML SSO are currently not supported by Atlassian (Atlassian Support Offerings) . Contact OKTA support or the vendor of your OKTA connector plugin to notify about this issue.

最終更新日 2018 年 11 月 2 日

この内容はお役に立ちましたか?

はい
いいえ
この記事についてのフィードバックを送信する
Powered by Confluence and Scroll Viewport.