Update for our Zephyr for Jira Server/DataCenter customers : Our team is working on a major version release of Zephyr for Jira to be compatible with Jira 8 .The tentative ETA for the release of this compatible version is by end of March 2019.Please watch this space and anticipate further notifications from the Zephyr team on the updates with regards to the release of the same.Till then we suggest you to use lower version of Jira for seamless operations of Zephyr plugin.For any further feedback , follow up queries or suggestions kindly 'Submit a Ticket' with us.
Support | Zephyr

Zephyr SSO Authentication issue troubleshooting steps

Created on


> We support SAML compliant SSO.

> Make sure below details customer has to keep ready to configure Zephyr with SSO authentication. 

     * Identity provider URL ( This should point to their SSO login URL. When we click on Login via SSO button in the Zephyr login desktop, this click navigates to IDP URL. So please make sure that IDP URL they are entering should be able to access from the browser & that should navigate to their SSO login page)

     * Identity provider issuer ID ( This value is Entity ID in their SAML metadata)

     * SSO Certificate 

>  Users have to use the below as SSO & Audience URLs while performing SAML configuration at their end. 

  • Single Sign-On URL:  <Zephyr_hostname>/flex/saml/sso
  • Audience URL:  <Zephyr_hostname>/flex/saml/sso* This Audience URL allows our Zephyr instance to verify that is it the intended recipient of a SAML response.


> How to handle below errors?



2018-07-06 07:06:22,967 ERROR [http-nio-443-exec-4] SAMLResponseUtil.processSAMLResponse(144) | The assertion issuer didn't match the expected value

2018-07-06 07:07:31,531 ERROR [http-nio-443-exec-1] SAMLResponseUtil.processSAMLResponse(130) | org.opensaml.common.SAMLException: Issuer invalidated by issuer value http://COMPANY.COM/adfs/services/trust : http://company.com/adfs/services/trust
Handling:  Identity provider issuer id is case sensitive. So if you see above error in Zephyr log Check the issuer ID in their metadata & enter exactly the same value under  Identity provider issuer id box under Zephyr SSO configuration page.
ERROR [http-nio-443-exec-5] SAMLResponseUtil.processSAMLResponse(150) | The NameID value is missing from the SAML response; this is likely an IDP configuration issue
 For fixing the above error have changed below things :
    * Changed the attribute of NameID to the email address
   * Added the NameID to the SAML Subject
ERROR [http-nio-443-exec-9] SAMLResponseUtil.getCredential(210) | java.security.cert.CertificateException: Could not parse certificate: java.io.IOException: Illegal header: -----BEGIN CERTIFICATE----- 
  * Seems there are some additional space/characters added in the saved certificate, that results to above error.  Open the certificate file & re-save the file by removing unknown characters/space.
> In Zephyr Cluster environment if they are configuring SSO authentication, make sure to have SSO certificate in both servers under the path Zephyr installation directory\zephyrdata\persist folder. If this certificate is in one server & not in another server you will get #35 error in the URL while logging via SSO.
Knowledge Base Information:
Product: Zephyr Enterprise Edition
Version: 6.x 

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request
Powered by Zendesk