I am preparing for the migration of our JIRA instance from JIRA Server to JIRA Data Center. As part of the process, I will also switch from LDAP Authentication to OIDC SSO (built-in JIRA Authentication method). I have been testing the migration process quite heavily but there are still some problems I can’t find a solution for:
- There are more than 20k users currently in our primary JIRA user directory (LDAP type). Once I create a new Authentication method (of type OIDC) I use the built-in tool to migrate users from LDAP directory to the internal JIRA directory. Unfortunately the process fails for more than 1000 users with the following error:
/plugins/servlet/embedded-crowd/directories/migrate/ [c.a.event.internal.AsynchronousAbleEventDispatcher] There was an exception thrown trying to dispatch event [com.atlassian.crowd.event.user.UserAttributeStoredEvent@660eae48] from the invoker [com.atlassian.event.internal.ComparableListenerInvoker@44090ab4]
java.lang.RuntimeException: Listener: com.atlassian.jira.plugins.dvcs.listener.UserAttributeStoredEventListener event: com.atlassian.crowd.event.user.UserAttributeStoredEvent
at com.atlassian.event.internal.SingleParameterMethodListenerInvoker.invoke(SingleParameterMethodListenerInvoker.java:49)
at com.atlassian.diagnostics.internal.platform.monitor.event.EventSystemMonitor.invokeMonitored(EventSystemMonitor.java:105)
at com.atlassian.diagnostics.internal.platform.monitor.event.MonitoredListenerInvoker.invoke(MonitoredListenerInvoker.java:38)
at com.atlassian.event.internal.ComparableListenerInvoker.invoke(ComparableListenerInvoker.java:48)
at com.atlassian.event.internal.AsynchronousAbleEventDispatcher.lambda$null$0(AsynchronousAbleEventDispatcher.java:37)
at com.atlassian.event.internal.AsynchronousAbleEventDispatcher.dispatch(AsynchronousAbleEventDispatcher.java:85)
at com.atlassian.diagnostics.internal.platform.monitor.event.MonitoredEventDispatcher.dispatch(MonitoredEventDispatcher.java:36)
at com.atlassian.event.internal.EventPublisherImpl.publish(EventPublisherImpl.java:114)
at com.atlassian.event.internal.LockFreeEventPublisher.publish(LockFreeEventPublisher.java:40)
at com.atlassian.crowd.core.event.DelegatingMultiEventPublisher.publish(DelegatingMultiEventPublisher.java:24)
at com.atlassian.crowd.manager.directory.DirectoryManagerGeneric.storeUserAttributes(DirectoryManagerGeneric.java:437)
at jdk.internal.reflect.GeneratedMethodAccessor1437.invoke(Unknown Source)
at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.base/java.lang.reflect.Method.invoke(Method.java:566)
at com.atlassian.plugin.util.ContextClassLoaderSettingInvocationHandler.invoke(ContextClassLoaderSettingInvocationHandler.java:26)
at com.sun.proxy.$Proxy91.storeUserAttributes(Unknown Source)
at jdk.internal.reflect.GeneratedMethodAccessor1437.invoke(Unknown Source)
at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.base/java.lang.reflect.Method.invoke(Method.java:566)
at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:344)
at org.eclipse.gemini.blueprint.service.importer.support.internal.aop.ServiceInvoker.doInvoke(ServiceInvoker.java:56)
at org.eclipse.gemini.blueprint.service.importer.support.internal.aop.ServiceInvoker.invoke(ServiceInvoker.java:60)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:186)
at org.springframework.aop.support.DelegatingIntroductionInterceptor.doProceed(DelegatingIntroductionInterceptor.java:137)
at org.springframework.aop.support.DelegatingIntroductionInterceptor.invoke(DelegatingIntroductionInterceptor.java:124)
at com.atlassian.jira.servermetrics.MetricsCollectorFilter.doFilter(MetricsCollectorFilter.java:25)
... 25 filtered
at org.apache.tomcat.util.threads.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1191)
at org.apache.tomcat.util.threads.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:659)
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
at java.base/java.lang.Thread.run(Thread.java:829)
Caused by: java.lang.NullPointerException
at com.atlassian.jira.plugins.dvcs.listener.FirstLoginHandler.onFirstLogin(FirstLoginHandler.java:50)
at com.atlassian.jira.plugins.dvcs.listener.UserAttributeStoredEventListener.onUserAttributeStore(UserAttributeStoredEventListener.java:57)
at jdk.internal.reflect.GeneratedMethodAccessor970.invoke(Unknown Source)
at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.base/java.lang.reflect.Method.invoke(Method.java:566)
... 362 more
- Some of our users have been using Basic authentication with username:password (not API token) (with an LDAP user directory) quite heavily but from what I see this will stop working once we switch to OIDC and migrate users from the LDAP directory to the JIRA Internal directory. Is that intended? I expected some kind of Password Grant flow to be used when OIDC is used as the primary authentication method.