Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Date published

2023-02-23

Summary

A bug in version Kantega SSO Enterprise version 6.7.0 breaks login when using OIDC and JIT provisioning

Affected apps

Kantega SAML SSO OIDC Kerberos Single Sign-on for Jira
Kantega SAML SSO OIDC Kerberos Single Sign-on for Confluence
Kantega SAML SSO OIDC Kerberos Single Sign-on for Bitbucket
Kantega SAML SSO OIDC Kerberos Single Sign-on for Bamboo

Affected version

Kantega SSO Enterprise version 6.7.0

Affected product feature

Identity Providers > OIDC

Warning

Ongoing incident: We have received reports that a bug has been found in the OpenID Connect login in version 6.7.0. This leads to a broken login when running just-in-time user provisioning. Downgrade is recommended until an update is published.

Details

Because of an error parsing of attributes in the ID token with the new feature in 6.7.0, any non-username attributes like email and groups and other data are exempt from the data that is parsed in the login process, thereby breaking just-in-time user provisioning and group assignments since this data is lost along the way.

This will in some cases lead to a broken login, and users will not be able to log into the respective Atlassian system. So far it seems like this bug only affects installations that are running just-in-time user provisioning in their OIDC setup.
We are investigating whether this issue also affects SAML login.


Version 6.7.0. has been withdrawn from the marketplace. Please downgrade to the previous version (6.6.3), and await a patch to be released in version 6.7.1. If you have trouble downgrading or get errors in the manage apps section, please see this process on how to downgrade to a stable version: Reverting Kantega SSO Enterprise to a stable version

Downloads for previous stable version

...

Jira

...