I've installed JIRA and Confluence (both standalone) on a single server and integrated them to share the same user directory (that of JIRA, directly via the included Crowd plugin). It's been working well for the past few of days, but today I am the only person able to log into Confluence. Everyone can log into JIRA, but Confluence fails when trying to log other users in via the JIRA user directory. For some reason I can log in with my admin account even though it's associated with the remote directory as well.
I don't believe I changed anything since substantial recently, though I may have rebooted the server.
Watching the Confluence log, the following errors are thrown (for some hypothetical user "usern"):
2012-06-05 14:40:49,582 ERROR [http-8091-4] [crowd.manager.application.ApplicationServiceGeneric] authenticateUser Directory 'Remote JIRA Directory' is not functional during authentication of 'usern'. Skipped.
2012-06-05 14:40:49,586 WARN [http-8091-4] [atlassian.confluence.user.ConfluenceAuthenticator] authenticate OperationFailedException caught while authenticating user <usern>. com.atlassian.crowd.exception.runtime.OperationFailedException at com.atlassian.crowd.embedded.core.CrowdServiceImpl.convertOperationFailedException(CrowdServiceImpl.java:869) at com.atlassian.crowd.embedded.core.CrowdServiceImpl.authenticate(CrowdServiceImpl.java:79) at com.atlassian.crowd.embedded.atlassianuser.EmbeddedCrowdAuthenticator.authenticate(EmbeddedCrowdAuthenticator.java:30) at bucket.user.DefaultUserAccessor.authenticate(DefaultUserAccessor.java:592) [...] Caused by: com.atlassian.crowd.exception.ApplicationPermissionException: <!DOCTYPE html> <html> <head> <title>Forbidden (403)</title> [...] <section id="content" role="main"> <header><h1>Forbidden (403)</h1></header> <div class="content-container"> <div class="content-body"> <p>Encountered a <code>403 - Forbidden</code> error while loading this page.</p> <p><a href="/secure/MyJiraHome.jspa">JIRA home</a></p> </div> </div> </section> </div> </body> </html> at com.atlassian.crowd.integration.rest.service.RestExecutor.throwError(RestExecutor.java:458) at com.atlassian.crowd.integration.rest.service.RestExecutor$MethodExecutor.andReceive(RestExecutor.java:312) at com.atlassian.crowd.integration.rest.service.RestCrowdClient.authenticateUser(RestCrowdClient.java:114) at com.atlassian.crowd.directory.RemoteCrowdDirectory.authenticate(RemoteCrowdDirectory.java:146) at com.atlassian.crowd.directory.DbCachingRemoteDirectory.authenticateAndEnsureInternalUserExists(DbCachingRemoteDirectory.java:205) at com.atlassian.crowd.directory.DbCachingRemoteDirectory.authenticate(DbCachingRemoteDirectory.java:111) at com.atlassian.crowd.manager.directory.DirectoryManagerGeneric.authenticateUser(DirectoryManagerGeneric.java:277) at com.atlassian.crowd.manager.application.ApplicationServiceGeneric.authenticateUser(ApplicationServiceGeneric.java:122) at com.atlassian.crowd.embedded.core.CrowdServiceImpl.authenticate(CrowdServiceImpl.java:67) ... 107 more
Any idea of what might have caused this? I've seen various similar questions, but haven't been able to glean any answers from them. It seems like a relatively common problem.
One difference is that Confluence has the name "hpvatdev" (server name) in JIRA Application Links page, but the full name Confluence - [server hostname] - [server key] in the connection test settings.
So the problem was that Crowd (part of JIRA) was not configured correctly. Both the application links configurations for JIRA and Confluence were correct, and reference to Confluence as "hpvatdev" didn't matter.
When trying to test the User Directories connection from Confluence, the page was titled "Configure Atlassian Crowd Server" which is a hint. The full application name refers to the application name in JIRA's Crowd server (Users -> JIRA User Server). Here the name was correct, as was the password.
However it turned out that the IP address whitelist was missing 127.0.0.1, and since both JIRA and Confluence were installed on the same machine, this was the IP from which the requests were originating.
The Crowd authentication can be tested by navigating to http://[JIRA_URL]/rest/usermanagement/1/search?entity-type=user&start-index=0&max-results=1&expand=user. You will be prompted for a username and password. Enter the application name and password, and if your IP is not on the whitelist, you get that same 403 error HTML page.
"The full application name refers to the application name in JIRA's Crowd server (Users -> JIRA User Server)."
There you can assign a human-readable 'username' for each appliaction and set a password so that other applications can log into that application and use its user directory.
Judging from the stack trace, it seems that confluence was not able to connect to your JIRA instance to successfully authenticate your JIRA users.
You might want to double check if the configured URL and credential to access JIRA is correct. There is a possibility that it changes in JIRA but not in Confluence.
Hope it helps.
Would like help about 'URL does not specify a valid Crowd user management rest service' message. We are not using crowd, just the internal JIRA and the application use to work. Can't seem to configure the system to work correctly. We have logging turned on. Even after going to backups of Confluence and JIRA that use to work still have the same issue while in the User directories in Confluence.. Can't synchronize, can't pass the test.. any help would be appreciated. JIRA and Confluence on same machine, deleted browser cookies.
Hello Community 👋🏼 I’m Makisa, a product manager on Confluence Server and Data Center. Confluence Server & Data Center 7.0, our latest platform release, is now available and we wanted to shar...
Connect with like-minded Atlassian users at free events near you!Find an event
Connect with like-minded Atlassian users at free events near you!
Unfortunately there are no Community Events near you at the moment.Host an event
You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events