Login loop redirect after migrating confluence servers

Nick Zolnoor December 19, 2017

Alright, here is my issue: After migrating migrating Confluence 6.0.1 from one server to an Amazon EC2 instance and migrating my PostgreSQL DB as well, I am able to reach the login page but all login attempts fail.

Steps taken:
1) Install Confluence on new server as a service (I have tried both 6.0.1 and 6.0.7)
2) Ensure that I can reach Confluence initial setup by navigating to localhost:8090 (default port suggested by confluence
3) Stop Confluence
4) Replace fresh home directory with home directory from server I am migrating
5) Replace server.xml with server.xml from migration server
6) edit server.xml to have appropriate host URLs
7) Start Confluence

Now, I want to note here that while I am aware that the instructions for migration say to STOP confluence on BOTH servers, but I have left Confluence running on the other server for now, as taking it down during business hours could impact my team's productivity severely.

Moving on, what do I see after following those steps?

- I am able to navigate to localhost:8090/confluence and I am presented with the Confluence page
- Every attempt to login redirects me to the same page

Attempted solutions:
- Delete Confluence directories and try again
- Reset an admin password back to "admin" and attempt to login (still redirects)

Below you will find the contents of my `atlassian-confluence.log` and `catalina.out`


2017-12-19 18:43:04,661 WARN [http-nio-8090-exec-1] [common.security.jersey.XsrfResourceFilter] passesAdditionalBrowserChecks Additional XSRF checks failed for request: http://sensitive.domain.com:443/confluence/rest/analytics/1.0/publish/bulk , origin: http://sensitive.domain.com:8090 , referrer: http://sensitive.domain.com:8090/confluence/login.action , credentials in request: false , allowed via CORS: false
-- referer: http://sensitive.domain.com:8090/confluence/login.action?os_destination=%2Findex.action&permissionViolation=true | url: /confluence/rest/analytics/1.0/publish/bulk | traceId: 2e2049c5d636bd34 | userName: anonymous
2017-12-19 18:43:08,946 WARN [http-nio-8090-exec-7] [common.security.jersey.XsrfResourceFilter] passesAdditionalBrowserChecks Additional XSRF checks failed for request: http://sensitive.domain.com:443/confluence/rest/analytics/1.0/publish/bulk , origin: http://sensitive.domain.com:8090 , referrer: http://sensitive.domain.com:8090/confluence/login.action , credentials in request: false , allowed via CORS: false
-- referer: http://sensitive.domain.com:8090/confluence/login.action?os_destination=%2Findex.action&permissionViolation=true | url: /confluence/rest/analytics/1.0/publish/bulk | traceId: 9ac01747cea4e262 | userName: anonymous
2017-12-19 18:50:14,871 WARN [http-nio-8090-exec-3] [common.security.jersey.XsrfResourceFilter] passesAdditionalBrowserChecks Additional XSRF checks failed for request: http://sensitive.domain.com:443/confluence/rest/analytics/1.0/publish/bulk , origin: http://sensitive.domain.com:8090 , referrer: http://sensitive.domain.com:8090/confluence/login.action , credentials in request: false , allowed via CORS: false
-- referer: http://sensitive.domain.com:8090/confluence/login.action?os_destination=%2Findex.action&permissionViolation=true | url: /confluence/rest/analytics/1.0/publish/bulk | traceId: 73d8f93e2b1b752f | userName: anonymous
2017-12-19 18:50:20,412 WARN [http-nio-8090-exec-8] [common.security.jersey.XsrfResourceFilter] passesAdditionalBrowserChecks Additional XSRF checks failed for request: http://sensitive.domain.com:443/confluence/rest/analytics/1.0/publish/bulk , origin: http://sensitive.domain.com:8090 , referrer: http://sensitive.domain.com:8090/confluence/login.action , credentials in request: false , allowed via CORS: false
-- referer: http://sensitive.domain.com:8090/confluence/login.action?os_destination=%2Findex.action&permissionViolation=true | url: /confluence/rest/analytics/1.0/publish/bulk | traceId: 80b5eaa20c0c730f | userName: anonymous
2017-12-19 19:00:00,041 WARN [scheduler_Worker-5] [hql.internal.ast.HqlSqlWalker] generatePositionalParameter [DEPRECATION] Encountered positional parameter near line 1, column 110 in HQL: [SELECT usr.name, usr.lowerName FROM com.atlassian.crowd.model.user.InternalUser usr WHERE usr.directory.id = ? ORDER BY usr.lowerName]. Positional parameter are considered deprecated; use named parameters or JPA-style positional parameters instead.
2017-12-19 19:05:44,550 WARN [http-nio-8090-exec-1] [common.security.jersey.XsrfResourceFilter] passesAdditionalBrowserChecks Additional XSRF checks failed for request: http://sensitive.domain.com:443/confluence/rest/analytics/1.0/publish/bulk , origin: http://sensitive.domain.com:8090 , referrer: http://sensitive.domain.com:8090/confluence/login.action , credentials in request: false , allowed via CORS: false
-- referer: http://sensitive.domain.com:8090/confluence/login.action?os_destination=%2Findex.action&permissionViolation=true | url: /confluence/rest/analytics/1.0/publish/bulk | traceId: 50297206dc1ae4a7 | userName: anonymous
2017-12-19 19:20:29,564 WARN [http-nio-8090-exec-3] [common.security.jersey.XsrfResourceFilter] passesAdditionalBrowserChecks Additional XSRF checks failed for request: http://sensitive.domain.com:443/confluence/rest/analytics/1.0/publish/bulk , origin: http://sensitive.domain.com:8090 , referrer: http://sensitive.domain.com:8090/confluence/login.action , credentials in request: false , allowed via CORS: false
-- referer: http://sensitive.domain.com:8090/confluence/login.action?os_destination=%2Findex.action&permissionViolation=true | url: /confluence/rest/analytics/1.0/publish/bulk | traceId: 6e36036a9a9909c9 | userName: anonymous
2017-12-19 19:21:01,344 WARN [http-nio-8090-exec-4] [common.security.jersey.XsrfResourceFilter] passesAdditionalBrowserChecks Additional XSRF checks failed for request: http://sensitive.domain.com:443/confluence/rest/analytics/1.0/publish/bulk , origin: http://sensitive.domain.com:8090 , referrer: http://sensitive.domain.com:8090/confluence/login.action , credentials in request: false , allowed via CORS: false
-- referer: http://sensitive.domain.com:8090/confluence/login.action?os_destination=%2Findex.action&permissionViolation=true | url: /confluence/rest/analytics/1.0/publish/bulk | traceId: cad8fc32d74d5370 | userName: anonymous
2017-12-19 19:21:06,279 WARN [http-nio-8090-exec-7] [common.security.jersey.XsrfResourceFilter] passesAdditionalBrowserChecks Additional XSRF checks failed for request: http://sensitive.domain.com:443/confluence/rest/analytics/1.0/publish/bulk , origin: http://sensitive.domain.com:8090 , referrer: http://sensitive.domain.com:8090/confluence/login.action , credentials in request: false , allowed via CORS: false
-- referer: http://sensitive.domain.com:8090/confluence/login.action?os_destination=%2Findex.action&permissionViolation=true | url: /confluence/rest/analytics/1.0/publish/bulk | traceId: 4cfda27168d59ca7 | userName: anonymous
2017-12-19 19:46:45,591 WARN [http-nio-8090-exec-10] [common.security.jersey.XsrfResourceFilter] passesAdditionalBrowserChecks Additional XSRF checks failed for request: http://sensitive.domain.com:443/confluence/rest/analytics/1.0/publish/bulk , origin: http://sensitive.domain.com:8090 , referrer: http://sensitive.domain.com:8090/confluence/login.action , credentials in request: false , allowed via CORS: false
-- referer: http://sensitive.domain.com:8090/confluence/login.action?os_destination=%2Findex.action&permissionViolation=true | url: /confluence/rest/analytics/1.0/publish/bulk | traceId: c082672e501a5c0e | userName: anonymous
2017-12-19 19:49:06,276 WARN [http-nio-8090-exec-4] [common.security.jersey.XsrfResourceFilter] passesAdditionalBrowserChecks Additional XSRF checks failed for request: http://sensitive.domain.com:443/confluence/rest/analytics/1.0/publish/bulk , origin: http://sensitive.domain.com:8090 , referrer: http://sensitive.domain.com:8090/confluence/login.action , credentials in request: false , allowed via CORS: false
-- referer: http://sensitive.domain.com:8090/confluence/login.action?os_destination=%2Findex.action&permissionViolation=true | url: /confluence/rest/analytics/1.0/publish/bulk | traceId: 0ac45407167696bf | userName: anonymous
 19-Dec-2017 18:40:57.208 INFO [main] org.apache.coyote.AbstractProtocol.init Initializing ProtocolHandler ["http-nio-8090"]
19-Dec-2017 18:40:57.224 INFO [main] org.apache.tomcat.util.net.NioSelectorPool.getSharedSelector Using a shared selector for servlet write/read
19-Dec-2017 18:40:57.227 INFO [main] org.apache.catalina.startup.Catalina.load Initialization processed in 665 ms
19-Dec-2017 18:40:57.236 INFO [main] org.apache.catalina.core.StandardService.startInternal Starting service Tomcat-Standalone
19-Dec-2017 18:40:57.236 INFO [main] org.apache.catalina.core.StandardEngine.startInternal Starting Servlet Engine: Apache Tomcat/8.0.41
2017-12-19 18:40:59,604 INFO [sensitive.domain.com-startStop-1] [com.atlassian.confluence.lifecycle] contextInitialized Starting Confluence 6.0.7 [build 7104 based on commit hash 0e21dd459285e7b3b5e0deaa2193b2af8bbb7c8b]
19-Dec-2017 18:42:42.614 INFO [main] org.apache.coyote.AbstractProtocol.start Starting ProtocolHandler ["http-nio-8090"]
19-Dec-2017 18:42:42.631 INFO [main] org.apache.catalina.startup.Catalina.start Server startup in 105403 ms
19-Dec-2017 18:42:42.700 INFO [http-nio-8090-exec-1] org.apache.coyote.http11.AbstractHttp11Processor.process Error parsing HTTP request header
Note: further occurrences of HTTP header parsing errors will be logged at DEBUG level.
java.lang.IllegalArgumentException: Invalid character found in method name. HTTP method names must be tokens
at org.apache.coyote.http11.AbstractNioInputBuffer.parseRequestLine(AbstractNioInputBuffer.java:233)
at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1017)
at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:684)
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1524)
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(NioEndpoint.java:1480)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
at java.lang.Thread.run(Thread.java:745)

19-Dec-2017 18:42:42.708 INFO [http-nio-8090-exec-2] org.apache.coyote.http11.AbstractHttp11Processor.process Error parsing HTTP request header
Note: further occurrences of HTTP header parsing errors will be logged at DEBUG level.
java.lang.IllegalArgumentException: Invalid character found in method name. HTTP method names must be tokens
at org.apache.coyote.http11.AbstractNioInputBuffer.parseRequestLine(AbstractNioInputBuffer.java:233)
at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1017)
at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:684)
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1524)
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(NioEndpoint.java:1480)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
at java.lang.Thread.run(Thread.java:745)

19-Dec-2017 18:43:03.394 INFO [http-nio-8090-exec-10] com.sun.jersey.server.impl.application.WebApplicationImpl._initiate Initiating Jersey application, version 'Jersey: 1.8-atlassian-16 03/23/2015 10:20 PM'
19-Dec-2017 18:43:04.247 INFO [http-nio-8090-exec-1] com.sun.jersey.server.impl.application.WebApplicationImpl._initiate Initiating Jersey application, version 'Jersey: 1.8-atlassian-16 03/23/2015 10:20 PM'

and here is my server.xml

<Server port="8000" shutdown="SHUTDOWN" debug="0">
<Service name="Tomcat-Standalone">
<Connector port="8090"
connectionTimeout="20000"
redirectPort="8443"
maxThreads="48"
minSpareThreads="10"
enableLookups="false"
acceptCount="10"
debug="0"
URIEncoding="UTF-8"
protocol="org.apache.coyote.http11.Http11NioProtocol"
secure="true"
scheme="http"
proxyName="sensitive.domain.com"
proxyPort="443"/>

<Engine name="Standalone" defaultHost="sensitive.domain.com" debug="0">

<Host name="sensitive.domain.com" debug="0" appBase="webapps" unpackWARs="true" autoDeploy="false">

<Context path="/confluence" docBase="../confluence" debug="0" reloadable="false" useHttpOnly="true">
<!-- Logger is deprecated in Tomcat 5.5. Logging configuration for Confluence is specified in confluence/WEB-INF/classes/log4j.properties -->
<Manager pathname="" />
<Valve className="org.apache.catalina.valves.StuckThreadDetectionValve" threshold="60" />
</Context>
</Host>

</Engine>

<!--
To run Confluence via HTTPS:
* Uncomment the Connector below
* Execute:
%JAVA_HOME%\bin\keytool -genkey -alias tomcat -keyalg RSA (Windows)
$JAVA_HOME/bin/keytool -genkey -alias tomcat -keyalg RSA (Unix)
with a password value of "changeit" for both the certificate and the keystore itself.
* Restart and visit https://localhost:8443/

For more info, see https://confluence.atlassian.com/display/DOC/Running+Confluence+Over+SSL+or+HTTPS
-->
<!--
<Connector port="8443" maxHttpHeaderSize="8192"
maxThreads="150" minSpareThreads="25"
protocol="org.apache.coyote.http11.Http11NioProtocol"
enableLookups="false" disableUploadTimeout="true"
acceptCount="100" scheme="https" secure="true"
clientAuth="false" sslProtocols="TLSv1,TLSv1.1,TLSv1.2" sslEnabledProtocols="TLSv1,TLSv1.1,TLSv1.2" SSLEnabled="true"
URIEncoding="UTF-8" keystorePass="<MY_CERTIFICATE_PASSWORD>"/>
-->
</Service>
</Server>



 My current attempt is using 6.0.7 while migrating from 6.0.1. After writing this I am going to wipe and try again on 6.0.1.

Any help is greatly appreciated

2 answers

1 accepted

1 vote
Answer accepted
Nick Zolnoor December 19, 2017

My problem was solved: If anyone encounters this, it is complaining because you have specified in your configuration that Confluence should be accessed over SSL, and you're trying to login through http. 

To solve this I installed NGINX as an internal proxy and set up a server over SSL that routed internally to confluence!

Ted Cabeen August 12, 2019

Thank you, thank you, thank you!  I was installing Confluence from a chef recipe that set the secure settings to on.  While I do intend to secure confluence before going into production, this was preventing us from performing an initial installation and testing setup, as I couldn't login as admin.  Turning off secure fixed it.

0 votes
rue gambeta March 11, 2022

Hi,

I installed Confluence an Jira after that I configured apache as rever-proxy.

When I type the url of confluence in the address bar of my browser and hit "Enter", the url shows :

mydomain.com/login.action?os_destination=%2Findex.action&permissionViolation=true

I don't have any problem accessing Confluence neither Jira except that message.

What could be the issue?

Thanks.

Suggest an answer

Log in or Sign up to answer
TAGS
AUG Leaders

Atlassian Community Events