Missed Team ’24? Catch up on announcements here.

×
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Confluence/JIRA: "Remote user directory is not functional during authentication"

Oliver Lade
Oliver Lade June 4, 2012

I've installed JIRA and Confluence (both standalone) on a single server and integrated them to share the same user directory (that of JIRA, directly via the included Crowd plugin). It's been working well for the past few of days, but today I am the only person able to log into Confluence. Everyone can log into JIRA, but Confluence fails when trying to log other users in via the JIRA user directory. For some reason I can log in with my admin account even though it's associated with the remote directory as well.

I don't believe I changed anything since substantial recently, though I may have rebooted the server.

Watching the Confluence log, the following errors are thrown (for some hypothetical user "usern"):

2012-06-05 14:40:49,582 ERROR [http-8091-4] [crowd.manager.application.ApplicationServiceGeneric] authenticateUser Directory 'Remote JIRA Directory' is not functional during authentication of 'usern'. Skipped.

Followed by:

2012-06-05 14:40:49,586 WARN [http-8091-4] [atlassian.confluence.user.ConfluenceAuthenticator] authenticate OperationFailedException caught while authenticating user <usern>.

com.atlassian.crowd.exception.runtime.OperationFailedException

        at com.atlassian.crowd.embedded.core.CrowdServiceImpl.convertOperationFailedException(CrowdServiceImpl.java:869)

        at com.atlassian.crowd.embedded.core.CrowdServiceImpl.authenticate(CrowdServiceImpl.java:79)

        at com.atlassian.crowd.embedded.atlassianuser.EmbeddedCrowdAuthenticator.authenticate(EmbeddedCrowdAuthenticator.java:30)

        at bucket.user.DefaultUserAccessor.authenticate(DefaultUserAccessor.java:592)
[...]

 Caused by: com.atlassian.crowd.exception.ApplicationPermissionException: <!DOCTYPE html>

<html>

 

<head>

    <title>Forbidden (403)</title>

[...]

<section id="content" role="main">

        <header><h1>Forbidden (403)</h1></header>

        <div class="content-container">

            <div class="content-body">

                <p>Encountered a <code>403 - Forbidden</code> error while loading this page.</p>

                <p><a href="/secure/MyJiraHome.jspa">JIRA home</a></p>

            </div>

        </div>

    </section>

</div>

</body>

</html>

 

        at com.atlassian.crowd.integration.rest.service.RestExecutor.throwError(RestExecutor.java:458)

        at com.atlassian.crowd.integration.rest.service.RestExecutor$MethodExecutor.andReceive(RestExecutor.java:312)

        at com.atlassian.crowd.integration.rest.service.RestCrowdClient.authenticateUser(RestCrowdClient.java:114)

        at com.atlassian.crowd.directory.RemoteCrowdDirectory.authenticate(RemoteCrowdDirectory.java:146)

        at com.atlassian.crowd.directory.DbCachingRemoteDirectory.authenticateAndEnsureInternalUserExists(DbCachingRemoteDirectory.java:205)

        at com.atlassian.crowd.directory.DbCachingRemoteDirectory.authenticate(DbCachingRemoteDirectory.java:111)

        at com.atlassian.crowd.manager.directory.DirectoryManagerGeneric.authenticateUser(DirectoryManagerGeneric.java:277)

        at com.atlassian.crowd.manager.application.ApplicationServiceGeneric.authenticateUser(ApplicationServiceGeneric.java:122)

        at com.atlassian.crowd.embedded.core.CrowdServiceImpl.authenticate(CrowdServiceImpl.java:67)

        ... 107 more

Any idea of what might have caused this? I've seen various similar questions, but haven't been able to glean any answers from them. It seems like a relatively common problem.

Additional info:

  • Both apps are configured for Trusted Applications incoming and outgoing authentication
  • Both apps are configured for Basic Access for outgoing authentication
  • Both apps have a tick icon next to the outgoing auth, but not incoming
  • Both apps have to correct Application URLs to the other app
  • I can't configure Basic Access for Incoming Auth for either application; I get stuck in a loop of admin login screens, and eventually it says it's configured, but when I click "close" there's an error message about requiring SudoWeb or something and I get kicked out to another admin login screen.

One difference is that Confluence has the name "hpvatdev" (server name) in JIRA Application Links page, but the full name Confluence - [server hostname] - [server key] in the connection test settings.

Answer
Watch
Like Sorin Sbarnea (Citrix) likes this
10990 views

4 answers

1 accepted

10 votes
Answer accepted
Oliver Lade
Oliver Lade June 4, 2012

So the problem was that Crowd (part of JIRA) was not configured correctly. Both the application links configurations for JIRA and Confluence were correct, and reference to Confluence as "hpvatdev" didn't matter.

When trying to test the User Directories connection from Confluence, the page was titled "Configure Atlassian Crowd Server" which is a hint. The full application name refers to the application name in JIRA's Crowd server (Users -> JIRA User Server). Here the name was correct, as was the password.

However it turned out that the IP address whitelist was missing 127.0.0.1, and since both JIRA and Confluence were installed on the same machine, this was the IP from which the requests were originating.

The Crowd authentication can be tested by navigating to http://[JIRA_URL]/rest/usermanagement/1/search?entity-type=user&start-index=0&max-results=1&expand=user. You will be prompted for a username and password. Enter the application name and password, and if your IP is not on the whitelist, you get that same 403 error HTML page.

View More Comments
xin99xin@gmail.
xin99xin@gmail.com July 5, 2012

I get the same problem.

but "Enter the application name and password" ,what is it mean?

how can i get the name and password?

thanks for your help!

Like
Oliver Lade
Oliver Lade July 6, 2012

"The full application name refers to the application name in JIRA's Crowd server (Users -> JIRA User Server)."

There you can assign a human-readable 'username' for each appliaction and set a password so that other applications can log into that application and use its user directory.

Like Roland Suess likes this
André Wösten
André Wösten August 11, 2015

Thanks Oliver, that was a good hint. For me I had to take a look into the log file where I could see the IP address where the request is coming from (which was local but since it was proxied, it was the external IP) and add it to the list.

Like
Kevin Chen
Kevin Chen December 5, 2016

When I try to go to the crowd authentication URL above with my organization.atlassian.net domain, I get a 404 page rather than an authentication prompt. Synchronization was working as of a month ago, but now, I can't have remote users login or synchronize users.

Like wu_junjie likes this
Reply
1 vote
Septa Cahyadiputra
Septa Cahyadiputra
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
June 4, 2012

Judging from the stack trace, it seems that confluence was not able to connect to your JIRA instance to successfully authenticate your JIRA users.

You might want to double check if the configured URL and credential to access JIRA is correct. There is a possibility that it changes in JIRA but not in Confluence.

Hope it helps.

Cheers,

Septa Cahyadiputra

View More Comments
Oliver Lade
Oliver Lade June 4, 2012

All the URLs and passwords were correct. Turns out the IP in the Crowd configuration was wrong. Thanks for making me keep digging though!

Like
Reply
0 votes
zuojiming
zuojiming March 6, 2019

Hi, are you finish this qus, I neek Help ,please tell me answer. thks.

Reply
0 votes
Tad Jose
Tad Jose July 9, 2014

Would like help about 'URL does not specify a valid Crowd user management rest service' message. We are not using crowd, just the internal JIRA and the application use to work. Can't seem to configure the system to work correctly. We have logging turned on. Even after going to backups of Confluence and JIRA that use to work still have the same issue while in the User directories in Confluence.. Can't synchronize, can't pass the test.. any help would be appreciated. JIRA and Confluence on same machine, deleted browser cookies.

Reply

Suggest an answer

Log in or Sign up to answer
Confluence
Confluence
TAGS
AUG Leaders

Atlassian Community Events

    See all events