Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Unable to login to Bitbucket via extranet

Kevin Kirchhof
Kevin Kirchhof May 28, 2018

Hi everyone,

I habe setup Crowd for centralized authentication service. Now I have the problem, that I am not able to login to my Bitbucket aplication from outside the proxy (extranet). If i logon from the local connector (without proxy settings set in bitbucket.properties), I am able to login, so the user credentials and the autnetication with Crowd is fine. But if I set the proxy settings in Bitbucket and try to login from extranet, the login request ends in a HTTP/404 response in URL <http_host>/j_atl_security_check.

Figuring out the logs, I was just able to find these two outputs that seems to be similar to these issue.

<server-ip>:51345,0:0:0:0:0:0:0:1 | https | o@15ASSAKx736x18x1 | - | 2018-05-28 12:16:45,589 | "POST /rest/analytics/1.0/publish/bulk HTTP/1.1" | "https://<bitbucket-application>.<my-domain>.<tld>/login" "Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; Touch; rv:11.0) like Gecko" | 500 | 0 | 31479 | - | 21851 | - | 
<server-ip>:51341,0:0:0:0:0:0:0:1 | https | o@15ASSAKx736x19x1 | - | 2018-05-28 12:16:46,823 | "POST /j_atl_security_check HTTP/1.1" | "https://<bitbucket-application>.<my-domain>.<tld>/login" "Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; Touch; rv:11.0) like Gecko" | 404 | 0 | 0 | - | 20140 | - |

Do someone may have a hint for me how to solve this issue? Is it may related to a domain name resolution against Crowd?

Unfortunately I have no further or more specific log entries found. :(

In addition, if I try to access Bitbucket on the server itself and login, the login works though the domain is redirected form the local address (localhost) to the proxy name address. But even if the login works, no content is displayed in Bitbucket: I can only view my logon and the "headline" of the Bitbucket website, like:

no-content.png

For proxy settings, I've used this guide: https://confluence.atlassian.com/kb/proxying-atlassian-server-applications-with-microsoft-internet-information-services-iis-833931378.html
I've set Bitbuckets "server.xml" properties like explained in https://confluence.atlassian.com/bitbucketserver/migrate-server-xml-customizations-to-bitbucket-properties-897811761.html and https://confluence.atlassian.com/bitbucketserver/bitbucket-server-config-properties-776640155.html#BitbucketServerconfigproperties-Server; I am running Bitbucket version 5.10.1 and Crowd in version 3.2.0.

The server and its environment: One Windows Server 2012 R2 runs the Bitbucket application, as well the Crowd application as well the IIS (8.5) proxy, with ARR 3.5 installed.

Thanks in advance

Kevin

Answer
Watch
Like Be the first to like this
2206 views

2 answers

1 accepted

0 votes
Answer accepted
Kevin Kirchhof
Kevin Kirchhof July 3, 2018

SOLVED

Finally I have found out the problem:

The problem was, that in the configuation of ht ereverse proxy, there was a whitepace character in the rewrite destination. After removing the whitespace character of from the end of the destination to the rewrite target, I was able to login to bitbucket, using my Crwod user credentials. 

Thank you all for assisting.

Cheers

Reply
1 vote
Felipe Kraemer
Felipe Kraemer
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
May 29, 2018

Hi @Kevin Kirchhof,

Regarding the Bitbucket x Crowd issue, can you please try adding '0.0.0.0/0' to the whitelist on the Remote Addresses on Crowd and try logging into Bitbucket Server once more? This should enable access from every address, and will help us determine if Bitbucket Server is able to connect and authenticate with your Crowd server.

Also, if you have a system admin user in Bitbucket Server internal user directory you can try logging into Bitbucket from extranet. If you don't have an local System Admin you can recover access tot your Bitbucket Server instance  from extranet by following the steps listed in Lockout recovery process. Both should allow you to log into Bitbucket Server from extranet and verify if the Crowd directory is still reachable and if users can be synced.

 

If you still face issues, we'll have to take a closer look at either instances configuration files and log files, and for that we'll create a support request on your behalf.

Please let us know if those suggestions mentioned above helped or not.

Cheers,

Felipe

View More Comments
Kevin Kirchhof
Kevin Kirchhof June 19, 2018

Hi @Felipe Kraemer,

first of all I would like to thank you very much for your reply.

I have set the IP address to the list of trusted prich servers, though I am not able to login. I have tried to figure out the issue by IIS failed request tracing, but was not able to figure out any issues (just found error codes like 0 and ‘request completed sucessfully’; I set the filter for this log to http error states 502.3 and logged the WWW-Server URL Rewrite).

 

If I try to login with the administrative user in Bitbuckets internal directory, I am running into the problem, that the username of this user equals the username of my account in Crowd. And I have set crowd in the list of user directives at top. If I try to logon via the server itself, eg http://localhost:1 for Bitbucket and http://localhost:2/crowd for Crowd, I am able to login with the user credential set in Crowd and if I review the sync status of users in Bitbucket, I can see synced users from Crowd. But if I try to logon from any other system, eg my personal computer, I am running into the issue, that https://bitbucket.my-domain.tld/j_atl_security_check respons with eigther http/404 or http/503.2. The following screenshot shows the website (from my mobile device), after logging in from extranet.

BDE39346-E034-41D5-9FDD-B7AD17C1FB23.png

 

Please let me know which of the configuration and log files I can provide for you. Opening a support request therefore is fine for me.

 

Thank you again very much in advance,

Kevin

 

Like
Kevin Kirchhof
Kevin Kirchhof June 21, 2018

Hi @Felipe Kraemer,

 

du you already have some updates related to my issue?

thanks in advance.

cheers,

kevin

Like
Reply

Suggest an answer

Log in or Sign up to answer
Bitbucket
Bitbucket
TAGS
AUG Leaders

Atlassian Community Events

    See all events