Create
cancel
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in

Next challenges

Recent achievements

  • Global
  • Personal

Recognition

  • Give kudos
  • Received
  • Given

Leaderboard

  • Global

Trophy case

Kudos (beta program)

Kudos logo

You've been invited into the Kudos (beta program) private group. Chat with others in the program, or give feedback to Atlassian.

View group

It's not the same without you

Join the community to find out what other Atlassian users are discussing, debating and creating.

Atlassian Community Hero Image Collage

Connecting Confluence to Jira for user directory - Error 403 Forbidden

Error message:
Verbindungstest fehlgeschlagen. Antwort vom Server:
com.atlassian.crowd.exception.ApplicationPermissionException: Forbidden (403) Encountered a "403 - Forbidden" error while loading this page. client.forbidden.exception Go to Jira home

What i did in Jira:
1) i disabled Secruity / Whitelist to ensure confluence is not blocked by jira
2) "Jira user server": i configured a "Application name" and "Password" (copy& paste to avoid typos) and the following list of allowed IPs:

192.168.8.102
confluence.fritz.box
::1
192.168.8.101
confluence
192.168.8.230
hypervisor
hypervisor.fritz.box
127.0.0.1

What i did in Confluence:
3) i configured to use URL "http://jira.fritz.box" and the same "Application name" and "Password" as above.
4) when clicking on "Test-Einstellungen" i get the above error

It was configured and working in earlyer versions of jira and confluence but failed somehow after migrating to IP and after updating to new version of both. I did not recognize that error in between, so i do not know after which change it got broken.

So maybe there is some bad (broken cache, now incompatible config, etc.) stuff in my home dir or in my database...

How to debug it further?

There is no network issue no firewall between jira and confluence. Nslookup, ping and curl is working between both containers. Application Links between jira and confluence are reported by jira and confluence as conneted. No timeouts in the logs. Above error seams to be an authentication issue / jira security feature.


Background:
Jira runs in a docker container. Its postgresql database server runs in another docker container. Both containers are in the same docker network (--net). Both container run on the same docker host (physical machine). Jira container is published as port 80 to a dedicated IP on that host (192.168.8.101:80:8080; host has multiple IPs assigned). My router (DNS) is resolving http://jira.fritz.box as 192.168.8.101.

Confluence runs in a docker container. Its postgresql database server runs in another docker container. Both containers are in the same docker network (--net; different to the docker network of jira). Both container run on the same docker host (physical machine). Confluence container is published as port 80 to a dedicated IP on that host (192.168.8.102:80:8080; host has multiple IPs assigned). My router (DNS) is resolving http://jira.fritz.box as 192.168.8.102


1 answer

1 accepted

As both docker containers are on the same host, the communication is not going over the wire. There is dockerNet-to-dockerNet routing doing its job. Means: from perspective of jira container the request do not come from confluence IP (confluence is bound to 192.168.8.102:80), instead it reaches jira via the gateway (172.19.0.1 in my case) of jiras docker network. If i add that gateway IP to step (2) then it works. This is not a docker problem nor it is specific to docker. If you are not aware about NAT (network address translation) between jira and confluence this can make you struggle with above message - via google you find alot people stuggeling...

I really wonder why atlassian is using two different configuration implementations:
1) wizzard on frist confluence start and
2) a config in admin area

but not making the wizzard available in the admin area.
The wizzard is pretty cool, as it do not force you to create something in jira on your own - it does that for you. I would love to see atlassian adding the wizzard to the admin area:
a) "i am a jira admin" => wizzard
b) "i am not a jira admin" => classic config tool (put pimped with gateway IP detection from wizzard)

Docker users can find the gateway IP of jira container by running:

docker inspect jira7130 | jq '.[].NetworkSettings.Networks[].Gateway'

 And if you do not have jq installed run only the left part of the pipe and search for the gateway IP in the output. Replace jira7130 by the name of your jira container.

In case somebody faces the same issue and uses swarm mode: in swarm mode containers are being accessed via ingress network which is 10.255.0.0/24 and this address must be configured as an app ip.

Like # people like this

@web-impressions hello

I have the same problem and I did as you said, but still receive the same error : Connection test failed. Response from the server: com.atlassian.crowd.exception.ApplicationPermissionException: Forbidden (403) Encountered a "403 - Forbidden" error while loading this page. client.forbidden.exception Go to Jira home 

 

 

when we first started the confluence and set the user directory to jira directory it worked. but then we had a problem and delete the application link and directory, now I cant add the same directory from admin panel.

 

any thought how to fix that?

 

thanks

Mohammadhasan

Pavel Junek Community Leader Aug 31, 2020

Hi @Mhasan,

I had the same problem as you, but once I added the IP address to "Jira user server settings", he mentioned @HeadPoint , it started working (IP for Swarm is 10.255.0.0/24).

@HeadPoint Many thanks for the help! 

Cheers,

Pavel

Suggest an answer

Log in or Sign up to answer
TAGS
Community showcase
Posted in Confluence

What do you think is the most *delightful* Confluence feature? Comment for a prize!

- Create your own custom emoji 🔥 - "Shake for Feedback" on mobile 📱 - An endless supply of GIFs via GIPHY 🤩 Is there anything quite as nice as a pleasant surprise? Comment below with what...

408 views 23 8
Join discussion

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you