Native SSO for Atlassian Server and Data Center fails to enable due to Okta integration
Platform notice: Server and Data Center only. This article only applies to Atlassian products on the Server and Data Center platforms.
Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.
*Except Fisheye and Crucible
Summary
The SSO for Atlassian Server and Data Center plugin fails to enable in Confluence Data Center due to an unsatisfied dependency error when using the Okta Authenticator integration.
Diagnosis
The following error can be found in the atlassian-confluence.log during Confluence startup or an attempt to enable the plugin:
2022-04-27 11:21:55,189 ERROR [ThreadPoolAsyncTaskExecutor::Thread 34] [plugin.osgi.factory.OsgiPlugin] onPluginContainerFailed Unable to start the plugin container for plugin 'com.atlassian.plugins.authentication.atlassian-authentication-plugin'
-- referer: http://localhost:27122/c7122/plugins/servlet/upm | url: /c7122/rest/plugins/1.0/com.atlassian.plugins.authentication.atlassian-authentication-plugin-key | traceId: 3fecf565e5d90267 | userName: banana@banana.banana
org.springframework.beans.factory.UnsatisfiedDependencyException: Error creating bean with name 'ssoConfigServiceImpl': Unsatisfied dependency expressed through constructor parameter 3; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'auditingIdpConfigService': Instantiation of bean failed; nested exception is org.springframework.beans.BeanInstantiationException: Failed to instantiate [com.atlassian.plugins.authentication.impl.config.AuditingIdpConfigService]: No default constructor found; nested exception is java.lang.NoSuchMethodException: com.atlassian.plugins.authentication.impl.config.AuditingIdpConfigService.<init>()
The SSO for Atlassian Server and Data Center plugin failed to be enabled:
2022-04-26 11:55:36,547 ERROR [lifecycle:thread-25] [sal.confluence.lifecycle.TenantAwareLifecycleManager] triggerLifecycleAsTenant Unable to start component: com.atlassian.plugins.authentication.impl.web.oidc.OidcDiscoveryRefreshJob
-- url: /c7122/rest/plugins/1.0/ | referer: https://localhost:8443/c7122/plugins/servlet/upm | traceId: 76655d56d054cc59 | userName: banana@banana.banana
java.lang.RuntimeException: java.lang.IllegalStateException: plugin [{com.atlassian.plugins.authentication.atlassian-authentication-plugin}] invoking ActiveObjects before <ao> configuration module is enabled or plugin is missing an <ao> configuration module. Note that scanning of entities from the ao.model package is no longer supported.
at com.atlassian.plugins.authentication.impl.web.oidc.OidcDiscoveryRefreshJob.onStart(OidcDiscoveryRefreshJob.java:87)
at com.atlassian.sal.confluence.lifecycle.TenantAwareLifecycleManager$PerTenantLifecycleExecution.lambda$triggerLifecycleAsTenant$1(TenantAwareLifecycleManager.java:186)
...
Caused by: java.lang.IllegalStateException: plugin [{com.atlassian.plugins.authentication.atlassian-authentication-plugin}] invoking ActiveObjects before <ao> configuration module is enabled or plugin is missing an <ao> configuration module. Note that scanning of entities from the ao.model package is no longer supported.
at com.atlassian.activeobjects.osgi.TenantAwareActiveObjects.delegate(TenantAwareActiveObjects.java:166)
at com.atlassian.activeobjects.osgi.TenantAwareActiveObjects.executeInTransaction(TenantAwareActiveObjects.java:342)
at jdk.internal.reflect.GeneratedMe
While the SSO for Atlassian Server and Data Center can be enabled, we're still seeing error message being thrown
Cause
The Okta Authenticator integration injects a okta-confluence-x.x.x.jar into Confluence that interferes with the native SSO Authentication plugin.
This is similar to Confluence Cloud Migration Assistant fails to enable due to Okta integration where the same JAR from Okta causes an issue with Confluence bundled plugin
Solution
Revert the implementation of Okta Authenticator integration and restart Confluence.