Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

ApplicationPermissionException: Forbidden (403) Encountered a "403 - Forbidden" error while loading

sathishyellanty
sathishyellanty November 7, 2017

we have upgraded the confluence version to 7.5 and during this process we had to force migrate on to a new server due to some hard ware issues.

After the migration we are not able to authenticate confluence with jira. We are getting an error 

" com.atlassian.crowd.exception.ApplicationPermissionException: Forbidden (403) Encountered a "403 - Forbidden" error while loading this page. client.forbidden.exception Go to JIRA home". 

 

On Googling , i saw a document saying to create an application in the jira server under user management > jira user servers. how ever in the jira i'm not able to find the option "JIRA User Server" . Am i missing some thing here. This was working fine before upgrade.

Answer
Watch
Like Be the first to like this
8070 views

1 answer

1 vote
Andy Heinzer
Andy Heinzer
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
November 8, 2017

It sounds like you're using Jira Server to host a user server for Confluence.  Since you had to change servers for this upgrade of Confluence, what likely happened is that this new server has a different IP address than the old one.

As a result, the new server cannot communicate with Jira in order to make sure these users can authenticate in Confluence.   If that is the case, then the easiest solution is to change the IP of the new confluence server to be the address of the old server and restart.  That should fix this.

If for some reason you can't do this, then you will likely need to follow the steps in Restore Passwords To Recover Admin User Rights in order to login with a local confluence admin account first.   You would need to do this to be able to reconfigure Confluence to connect to your Jira instance.

Once that is done, you might then also need to update Jira to tell it the new IP address of this new Confluence instance.  Steps to do that are in Allowing connections to JIRA for user management.

View More Comments
Ninos Malki
Ninos Malki November 9, 2017

Hello Andrew,

Thank you for the reply. I have solved the issue with the help for the following link, seems like it is a bug in Jira.

https://community.atlassian.com/t5/Jira-questions/How-do-I-enable-JIRA-User-Server/qaq-p/423016

 

http://localhost:8080/secure/admin/ConfigureCrowdServer.jspa using this link directly I was able to add the application and configured the confluence.

//Sathish

Like
Andy Heinzer
Andy Heinzer
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
November 9, 2017

Glad to hear that you found a solution.  However I don't think that the bug you referenced is the actual cause in this situation.  That bug was in reference to functional differences after migrating from Jira Cloud to Jira Server.  Also, that bug was fixed over 3 years ago.

In this case, since the IP address would have likely changed for the confluence instance, that seems like the most likely cause here.

You should still be able to navigate within Jira by going to Cog Icon -> User Management -> Jira user server to access this. Alternatively, you can also press the 'G' key twice in order to bring up a shortcut menu where you can then search for the "Jira user server" as another way to reach this.

If you are not seeing this menu item, and you are logged into Jira as a system administrator, then I would be interested to learn more about your Jira instance to understand why that menu item might not be appearing there.   If that is the case, please let me know what version of Jira this is as well.

Regards,
Andy

Like
Ikhoon_Chon
Ikhoon Chon March 19, 2018

Hello Andrew,

I'm also struggling with the same problem. The worse thing is, the way you mentioned - Restore Passwords To Recover Admin User Rights - is also not working.

I have modified setenv.sh as below and restart confluence (I even restarted Jira in advance just for sure)

 

...
CATALINA_OPTS="-Dconfluence.context.path=${CONFLUENCE_CONTEXT_PATH} ${CATALINA_OPTS}"
CATALINA_OPTS="-Datlassian.recovery.password=admin ${CATALINA_OPTS}"

export CATALINA_OPTS

 

But I still cannot login with recovery_admin - only the error message saying "Sorry, an error occurred trying to log you in. Please try again."

Could you give me any advice on this?

 

Regards,

Ikhoon

Like
Andy Heinzer
Andy Heinzer
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
March 19, 2018

What version of Confluence do you have?  What version of Jira?  Are you using Crowd with Confluence as well? 

It's possible the instructions to follow for Confluence could be different between the versions.  So it's important to make sure you find the version of the document that matches your version of confluence.  You can find this in the top right corner of that document.

Also try to use a unique temporary password.

If it's still failing, try to look into the $CONFHome/logs/atlassian-confluence.log file to see what kind of error might be thrown in the logs when this login fails.

Like
Ikhoon_Chon
Ikhoon Chon March 19, 2018

Jira 7.4.1 and Confluence 6.3.1 are used, but no Crowd.

And below is the log when I try to login with 'recovery_admin' (or any other account actually)

I replaced our domain name in below log with '(Our Domain)' - Jira and Confluence are running under the same domain name but port is different (Confluence's port is 12013 but Jira's port is 80)

 

2018-03-19 16:24:56,599 ERROR [http-nio-12013-exec-3] [crowd.manager.application.ApplicationServiceGeneric] authenticateUser Directory 'Remote JIRA Directory' is not functional during authentication of 'recovery_admin'. Skipped.
 -- referer: http://(Our Domain):12013/login.action?os_destination=%2Findex.action&permissionViolation=true | url: /dologin.action | traceId: fd167642c596170e
2018-03-19 16:24:56,601 WARN [http-nio-12013-exec-3] [confluence.impl.hibernate.ConfluenceHibernateTransactionManager] doRollback Performing rollback. Transactions:
 ->[com.atlassian.confluence.user.DefaultUserAccessor.authenticate]: PROPAGATION_REQUIRED,ISOLATION_DEFAULT (Session #1901113736)
 -- referer: http://(Our Domain):12013/login.action?os_destination=%2Findex.action&permissionViolation=true | url: /dologin.action | traceId: fd167642c596170e
2018-03-19 16:24:56,603 WARN [http-nio-12013-exec-3] [atlassian.confluence.user.ConfluenceAuthenticator] authenticate OperationFailedException caught while authenticating user <recovery_admin>.
 -- referer: http://(Our Domain):12013/login.action?os_destination=%2Findex.action&permissionViolation=true | url: /dologin.action | traceId: fd167642c596170e
com.atlassian.crowd.exception.runtime.OperationFailedException
 at com.atlassian.crowd.embedded.core.CrowdServiceImpl.convertOperationFailedException(CrowdServiceImpl.java:945)
 at com.atlassian.crowd.embedded.core.CrowdServiceImpl.authenticate(CrowdServiceImpl.java:87)
 at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
 at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
 at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
 at java.lang.reflect.Method.invoke(Method.java:498)
 at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:302)
 at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:190)
 at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:157)
 at com.atlassian.spring.interceptors.SpringProfilingInterceptor.invoke(SpringProfilingInterceptor.java:16)
 at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:179)
 at org.springframework.transaction.interceptor.TransactionInterceptor$1.proceedWithInvocation(TransactionInterceptor.java:99)
...
...
 at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:684)
 at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1533)
 at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(NioEndpoint.java:1489)
 at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
 at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
 at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
 at java.lang.Thread.run(Thread.java:748)
Caused by: com.atlassian.crowd.exception.ApplicationPermissionException: Forbidden (403) Encountered a "403 - Forbidden" error while loading this page. client.forbidden.exception Go to JIRA home
 at com.atlassian.crowd.integration.rest.service.RestExecutor$MethodExecutor.throwError(RestExecutor.java:614)
 at com.atlassian.crowd.integration.rest.service.RestExecutor$MethodExecutor.andReceive(RestExecutor.java:417)
 at com.atlassian.crowd.integration.rest.service.RestCrowdClient.authenticateUser(RestCrowdClient.java:162)
 at com.atlassian.crowd.directory.RemoteCrowdDirectory.authenticate(RemoteCrowdDirectory.java:194)
 at com.atlassian.crowd.directory.DbCachingRemoteDirectory.authenticateAndUpdateInternalUser(DbCachingRemoteDirectory.java:272)
 at com.atlassian.crowd.directory.DbCachingRemoteDirectory.authenticate(DbCachingRemoteDirectory.java:183)
 at com.atlassian.crowd.manager.directory.DirectoryManagerGeneric.authenticateUser(DirectoryManagerGeneric.java:311)
 at com.atlassian.crowd.manager.application.ApplicationServiceGeneric.authenticateUser(ApplicationServiceGeneric.java:198)
 at com.atlassian.crowd.embedded.core.CrowdServiceImpl.authenticate(CrowdServiceImpl.java:75)
 ... 188 more



Like
Andy Heinzer
Andy Heinzer
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
March 22, 2018

Hi @Ikhoon_Chon

Looking at your stacktrace, it looks like the recovery_admin account is also trying to use the Jira server to authenticate.  In this situation, those steps won't work because your confluence instance can't reach this Jira server.

Instead I would recommend trying to follow the steps in this KB Restore Passwords To Recover Admin User Rights.  Since Jira is setup to be your user server, the steps are the same here as if you had Crowd configured to be the user server for Confluence.   The steps in this other KB will have you reset the password for an admin account that exists in the internal directory and then change the user directory order to make sure that this internal directory is on top.  Following these steps instead will allow you to at least login to Confluence as an admin. From there you can then change the user directory settings as needed.

Like
Ikhoon_Chon
Ikhoon Chon April 1, 2018

Thanks, Andrew.

That's the correct guide, now I can finally log in Confluence with admin.

Still I can see Forbidden(403) error msg, but I will try to solve it referring to your first answer for this thread.

I will let you know when it works.

Like
Reply

Suggest an answer

Log in or Sign up to answer
Confluence
Confluence
TAGS
AUG Leaders

Atlassian Community Events

    See all events