Symptoms:
- EasySSO for Bamboo is installed and you are using the SAML authenticator
SAML Login Redirect binding is being used
EasySSO SAML configured to create new users on login, or update group membership on login
When logging in and new user would be created, or group membership would be changed, the user is unable to login and the following exception appears on the screen
java.lang.IllegalStateException: XSRF: A mutative operation was attempted on InternalUser within a non-mutative HTTP request:
Cause:
Bamboo has very thorough XSRF checks which prevents any database changes at all on GET requests.
Since the redirect binding causes the browser to make a GET request which updates user details, Bamboo rejects the request.
How to resolve the issue:
Use the POST binding type for SAML login.