Confluence/JIRA: "Remote user directory is not functional during authentication"

I've installed JIRA and Confluence (both standalone) on a single server and integrated them to share the same user directory (that of JIRA, directly via the included Crowd plugin). It's been working well for the past few of days, but today I am the only person able to log into Confluence. Everyone can log into JIRA, but Confluence fails when trying to log other users in via the JIRA user directory. For some reason I can log in with my admin account even though it's associated with the remote directory as well.

I don't believe I changed anything since substantial recently, though I may have rebooted the server.

Watching the Confluence log, the following errors are thrown (for some hypothetical user "usern"):

2012-06-05 14:40:49,582 ERROR [http-8091-4] [crowd.manager.application.ApplicationServiceGeneric] authenticateUser Directory 'Remote JIRA Directory' is not functional during authentication of 'usern'. Skipped.

Followed by:

2012-06-05 14:40:49,586 WARN [http-8091-4] [atlassian.confluence.user.ConfluenceAuthenticator] authenticate OperationFailedException caught while authenticating user <usern>.

com.atlassian.crowd.exception.runtime.OperationFailedException

        at com.atlassian.crowd.embedded.core.CrowdServiceImpl.convertOperationFailedException(CrowdServiceImpl.java:869)

        at com.atlassian.crowd.embedded.core.CrowdServiceImpl.authenticate(CrowdServiceImpl.java:79)

        at com.atlassian.crowd.embedded.atlassianuser.EmbeddedCrowdAuthenticator.authenticate(EmbeddedCrowdAuthenticator.java:30)

        at bucket.user.DefaultUserAccessor.authenticate(DefaultUserAccessor.java:592)
[...]

 Caused by: com.atlassian.crowd.exception.ApplicationPermissionException: <!DOCTYPE html>

<html>

 

<head>

    <title>Forbidden (403)</title>

[...]

<section id="content" role="main">

        <header><h1>Forbidden (403)</h1></header>

        <div class="content-container">

            <div class="content-body">

                <p>Encountered a <code>403 - Forbidden</code> error while loading this page.</p>

                <p><a href="/secure/MyJiraHome.jspa">JIRA home</a></p>

            </div>

        </div>

    </section>

</div>

</body>

</html>

 

        at com.atlassian.crowd.integration.rest.service.RestExecutor.throwError(RestExecutor.java:458)

        at com.atlassian.crowd.integration.rest.service.RestExecutor$MethodExecutor.andReceive(RestExecutor.java:312)

        at com.atlassian.crowd.integration.rest.service.RestCrowdClient.authenticateUser(RestCrowdClient.java:114)

        at com.atlassian.crowd.directory.RemoteCrowdDirectory.authenticate(RemoteCrowdDirectory.java:146)

        at com.atlassian.crowd.directory.DbCachingRemoteDirectory.authenticateAndEnsureInternalUserExists(DbCachingRemoteDirectory.java:205)

        at com.atlassian.crowd.directory.DbCachingRemoteDirectory.authenticate(DbCachingRemoteDirectory.java:111)

        at com.atlassian.crowd.manager.directory.DirectoryManagerGeneric.authenticateUser(DirectoryManagerGeneric.java:277)

        at com.atlassian.crowd.manager.application.ApplicationServiceGeneric.authenticateUser(ApplicationServiceGeneric.java:122)

        at com.atlassian.crowd.embedded.core.CrowdServiceImpl.authenticate(CrowdServiceImpl.java:67)

        ... 107 more

Any idea of what might have caused this? I've seen various similar questions, but haven't been able to glean any answers from them. It seems like a relatively common problem.

Additional info:

  • Both apps are configured for Trusted Applications incoming and outgoing authentication
  • Both apps are configured for Basic Access for outgoing authentication
  • Both apps have a tick icon next to the outgoing auth, but not incoming
  • Both apps have to correct Application URLs to the other app
  • I can't configure Basic Access for Incoming Auth for either application; I get stuck in a loop of admin login screens, and eventually it says it's configured, but when I click "close" there's an error message about requiring SudoWeb or something and I get kicked out to another admin login screen.

One difference is that Confluence has the name "hpvatdev" (server name) in JIRA Application Links page, but the full name Confluence - [server hostname] - [server key] in the connection test settings.

3 answers

1 accepted

This widget could not be displayed.

So the problem was that Crowd (part of JIRA) was not configured correctly. Both the application links configurations for JIRA and Confluence were correct, and reference to Confluence as "hpvatdev" didn't matter.

When trying to test the User Directories connection from Confluence, the page was titled "Configure Atlassian Crowd Server" which is a hint. The full application name refers to the application name in JIRA's Crowd server (Users -> JIRA User Server). Here the name was correct, as was the password.

However it turned out that the IP address whitelist was missing 127.0.0.1, and since both JIRA and Confluence were installed on the same machine, this was the IP from which the requests were originating.

The Crowd authentication can be tested by navigating to http://[JIRA_URL]/rest/usermanagement/1/search?entity-type=user&start-index=0&max-results=1&expand=user. You will be prompted for a username and password. Enter the application name and password, and if your IP is not on the whitelist, you get that same 403 error HTML page.

I get the same problem.

but "Enter the application name and password" ,what is it mean?

how can i get the name and password?

thanks for your help!

"The full application name refers to the application name in JIRA's Crowd server (Users -> JIRA User Server)."

There you can assign a human-readable 'username' for each appliaction and set a password so that other applications can log into that application and use its user directory.

Thanks Oliver, that was a good hint. For me I had to take a look into the log file where I could see the IP address where the request is coming from (which was local but since it was proxied, it was the external IP) and add it to the list.

When I try to go to the crowd authentication URL above with my organization.atlassian.net domain, I get a 404 page rather than an authentication prompt. Synchronization was working as of a month ago, but now, I can't have remote users login or synchronize users.

This widget could not be displayed.

Judging from the stack trace, it seems that confluence was not able to connect to your JIRA instance to successfully authenticate your JIRA users.

You might want to double check if the configured URL and credential to access JIRA is correct. There is a possibility that it changes in JIRA but not in Confluence.

Hope it helps.

Cheers,

Septa Cahyadiputra

All the URLs and passwords were correct. Turns out the IP in the Crowd configuration was wrong. Thanks for making me keep digging though!

This widget could not be displayed.

Would like help about 'URL does not specify a valid Crowd user management rest service' message. We are not using crowd, just the internal JIRA and the application use to work. Can't seem to configure the system to work correctly. We have logging turned on. Even after going to backups of Confluence and JIRA that use to work still have the same issue while in the User directories in Confluence.. Can't synchronize, can't pass the test.. any help would be appreciated. JIRA and Confluence on same machine, deleted browser cookies.

Suggest an answer

Log in or Sign up to answer
Community showcase
Posted Monday in Confluence

Why start from scratch? Introducing four new templates for Confluence Cloud

Hi my Community friends!  For those who don't know me, I'm a product marketer on the Confluence Cloud team - nice to meet you! For those of you who do, you know that I've been all up in your Co...

466 views 6 6
Join discussion

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you