Forums
Home Product Q&A Discussion groups Articles Ask a question Search
Learning
Events
Champions

Forums

Articles
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Cannot add Jira User Directory to BitBucket, connection test fails with "403 - Forbidden" error

Rossy Celio
Rossy Celio February 23, 2019

I followed the configuration steps explained at this URL https://confluence.atlassian.com/bitbucketserver/connecting-bitbucket-server-to-jira-for-user-management-776640400.html.

Even though application name and password are correctly configured, the connection test returns a 403 error. Tried to change the application name and password, but without success.

Jira access log showing the same error BitBucket UI reports:

0:0:0:0:0:0:0:1 1344x960x1 - [23/Feb/2019:22:24:03 +0900] "POST /jira/rest/usermanagement/1/search?entity-type=user&start-index=0&max-results=1&expand=user HTTP/1.1" 403 14024 30 "-" "Apache-HttpClient/4.5.5 (Java/1.8.0_172)" "-"

BitBucket and Jira are installed on different machines, Jira being installed behind Apache as a front-end. Application link between Jira and BitBucket status is correct, and Jira is accessible.

Is there a way to increase Jira log output to undertand why the authentication fails, or any other way to find out what is wrong?

Thanks.

Answer
Watch
Like Marty likes this
705 views

1 answer

1 accepted

0 votes
Answer accepted
Marty
Marty
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
February 24, 2019

Hi Rossy,

I am not on the Jira team but will try to help.

You could try setting the logging level to DEBUG by following the instructions here: https://confluence.atlassian.com/adminjiraserver/logging-and-profiling-938847671.html

I hope that helps!

View More Comments
Rossy Celio
Rossy Celio February 25, 2019

Hi Martyn,

Thanks for the idea and the link!
Have not yet fixed my problem, but thanks anyway!

I tried to increase the log level for a few different components, but no extra info was logged to atlassian-jira-security.log.

For info, this are the components I increased log level to DEBUG:

  • com.atlassian.cache.event.com.atlassian.jira.crowd.embedded.ofbiz.EagerOfBizGroupCache.groupCache
  • com.atlassian.cache.event.com.atlassian.jira.crowd.embedded.ofbiz.EagerOfBizUserCache.userCache
  • com.atlassian.crowd.directory

There are so many different components, so I picked those that I thought related to Jira acting as an authentication server.

The only log file that provides a hint to what is happening is access_log.<date>, I suppose that Jira's catalina is refusing the access.

0:0:0:0:0:0:0:1 624x9504x1 - [26/Feb/2019:10:24:56 +0900] "POST /jira/rest/usermanagement/1/search?entity-type=user&start-index=0&max-results=1&expand=user HTTP/1.1" 403 14024 25 "-" "Apache-HttpClient/4.5.5 (Java/1.8.0_172)" "-"

But BitBucket is able to access the REST API as seen from this log

0:0:0:0:0:0:0:1 629x9510x1 - [26/Feb/2019:10:29:03 +0900] "GET /jira/rest/capabilities/navigation?lang=en-GB HTTP/1.1" 200 358 5 "-" "Bitbucket-6.0.0 (6000000)" "-"
0:0:0:0:0:0:0:1 629x9511x1 - [26/Feb/2019:10:29:03 +0900] "GET /jira/rest/capabilities/navigation?lang=ja-JP HTTP/1.1" 200 358 3 "-" "Bitbucket-6.0.0 (6000000)" "-"

I tried to relax the constraint on what IP addresses can access Jira User Server and even included 127.0.0.1 as Jira might see the incoming address as been the address been used by Apache front-end, but here I am, still unable to make this work.

Thanks,
Celio

Like
Rossy Celio
Rossy Celio February 25, 2019

I nailed it!

access_log.<date> says that the connecting IP is 0:0:0:0:0:0:0:1, so I added ::1/128 to the list of IP addresses, and bingo!
Hope this might help people running into the same issue.

PS:
Will need to figure out how to restraint access to with Apache configuration, but this is another topic.

Like
Reply

Suggest an answer

Log in or Sign up to answer
Bitbucket
Bitbucket
TAGS
AUG Leaders

Atlassian Community Events

    See all events
    Community
    Forums
    FAQs Forums guidelines
    Learning
    About learning Resources
    Events
    Champions
    Copyright © 2025 Atlassian
    Privacy Policy Notice at Collection Terms Security