Subscribe to our security and critical updates mailing list if you want to receive updates about announcements like this on email.
Date published | 2023-02-23 |
---|---|
Summary | A bug in version Kantega SSO Enterprise version 6.7.0 breaks login when using OIDC and JIT provisioning |
Affected apps | Kantega SAML SSO OIDC Kerberos Single Sign-on for Jira |
Affected version | |
Affected product feature | Identity Providers > OIDC |
Warningnote |
---|
Ongoing incident: We have received reports that a bug has been found in the OpenID Connect login in version 6.7.0. This leads to a broken login when running just-in-time user provisioning. Downgrade is recommended until an update is published. |
...
Because of an error parsing of attributes in the ID token with the new feature in 6.7.0, any non-username attributes like email and groups and other data are exempt from the data that is parsed in the login process, thereby breaking just-in-time user provisioning and group assignments since this data is lost along the way.
This will in some cases lead to a broken login, and users will not be able to log into the respective Atlassian system. So far it seems like this bug only affects installations that are running just-in-time user provisioning in their OIDC setup.
Version 6.7.0. has been withdrawn from the marketplace. Please downgrade to the previous version (6.6.3), and await a patch to be released in version 6.7.1. If you have trouble downgrading or get errors in the manage apps section, please see this process on how to downgrade to a stable version: Reverting Downgrading Kantega SSO Enterprise to a stable the previous version
Downloads for previous stable version
...