SSO directory sync disabling Atlassian Connect Add-on

Hi there,

We’ve noticed that several clients with SSO appear to have the directory/user syncs revoking access to our Atlassian Connect Add-On app. Has anyone had this issue or have a resolution/idea to resolve?
(It’s happening for Confluence Cloud and Jira Cloud)



That’s troubling. And it would be good to hear from more in the community, who might be suffering the same.

Could you provide a bit more detail? What are some of the symptoms you first observed? How did you discover the correlation to SSO? Hopefully, some of those answers would help others see if they might be having the same problems.

As for work-around, if related to the following issue, there might be admin configuration to fix:

Thanks for the quick reply @ibuchanan . I noticed it’s never happened with non-SSO instances of Confluence/Jira (over many years)… and still isn’t happening… but with SSO-enabled instances now, it does seem to be occurring.

When they uninstall/reinstall, it works for a few hours, then stops working and I just get 401 responses from the API… with the message “The request has not been applied because it lacks valid authentication credentials for the target resource.”
(Setting jwt via querystring or Authorization: ‘JWT token’ header produces the same result)

Hmm ok @ibuchanan , actually I notice when an instance installs the app again, they’re now getting a unique Secret (whereas it was the same secret for everyone for the past few years).

Was this change made recently? Do I have to get everyone to uninstall/re-install the add-on?

FYI: It works on the SSO teams once I have the new unique secret! (But also it’s still working for some teams with the old static secret :thinking: )


That’s really an odd interaction. I can’t explain it. But yes, there are new (again) secrets per:

Ah yup! That’s it! I’m storing them, but it wasn’t propagating across our entire solution.

Thanks for the insights @ibuchanan !

1 Like