Crowd 2.7.0 crashes when running behind Apache mod_proxy with SSL

Hi,

I just upgraded to crowd 2.7.0 and encounter a strange problem since that.

When I start crowd everything looks fine. When I access the crowd web interface I can log in and browse the different sections (applications, directories, etc.). When I enter the details of a certain section (e.g. the crowd-application in the applications section) the browser requests hangs and ends up in a "502 Proxy Error".

The logs are quite noiseless about this:

*********************************************************************************************
*
*  You can now use the Crowd server by visiting https://atlasapps.myhost.net/crowd
*
*********************************************************************************************

2013-09-26 17:11:15,105 localhost-startStop-1 INFO [ContainerBase.[Catalina].[localhost].[/crowd]] org.tuckey.web.filters.urlrewrite.UrlRewriteFilter INFO: loaded (conf ok)

==> /opt/atlassian/data/crowd/logs/atlassian-crowd.log <==
2013-09-26 17:11:15,105 localhost-startStop-1 INFO [ContainerBase.[Catalina].[localhost].[/crowd]] org.tuckey.web.filters.urlrewrite.UrlRewriteFilter INFO: loaded (conf ok)

==> /opt/atlassian/inst/crowd/apache-tomcat/logs/catalina.2013-09-26.log <==
Sep 26, 2013 5:11:15 PM org.apache.catalina.startup.HostConfig deployDirectory
INFO: Deploying web application directory /opt/atlassian/inst/crowd-2.7.0/apache-tomcat/webapps/ROOT

==> /opt/atlassian/inst/crowd/apache-tomcat/logs/catalina.out <==
Sep 26, 2013 5:11:15 PM org.apache.catalina.startup.HostConfig deployDirectory
INFO: Deploying web application directory /opt/atlassian/inst/crowd-2.7.0/apache-tomcat/webapps/ROOT

==> /opt/atlassian/inst/crowd/apache-tomcat/logs/catalina.2013-09-26.log <==
Sep 26, 2013 5:11:15 PM org.apache.coyote.AbstractProtocol start
INFO: Starting ProtocolHandler ["http-bio-8095"]

==> /opt/atlassian/inst/crowd/apache-tomcat/logs/catalina.out <==
Sep 26, 2013 5:11:15 PM org.apache.coyote.AbstractProtocol start
INFO: Starting ProtocolHandler ["http-bio-8095"]

==> /opt/atlassian/inst/crowd/apache-tomcat/logs/catalina.2013-09-26.log <==
Sep 26, 2013 5:11:15 PM org.apache.catalina.startup.Catalina start
INFO: Server startup in 45471 ms

==> /opt/atlassian/inst/crowd/apache-tomcat/logs/catalina.out <==
Sep 26, 2013 5:11:15 PM org.apache.catalina.startup.Catalina start
INFO: Server startup in 45471 ms
2013-09-26 17:12:01,242 http-bio-8095-exec-2 INFO [service.soap.client.SecurityServerClientImpl] Existing application token is null, authenticating ...

==> /opt/atlassian/data/crowd/logs/atlassian-crowd.log <==
2013-09-26 17:12:01,242 http-bio-8095-exec-2 INFO [service.soap.client.SecurityServerClientImpl] Existing application token is null, authenticating ...

==> /opt/atlassian/inst/crowd/apache-tomcat/logs/catalina.out <==
2013-09-26 17:12:01,414 http-bio-8095-exec-5 INFO [ContainerBase.[Catalina].[localhost].[/crowd]] Initializing Spring FrameworkServlet 'xfire'

==> /opt/atlassian/data/crowd/logs/atlassian-crowd.log <==
2013-09-26 17:12:01,414 http-bio-8095-exec-5 INFO [ContainerBase.[Catalina].[localhost].[/crowd]] Initializing Spring FrameworkServlet 'xfire'

==> /opt/atlassian/inst/crowd/apache-tomcat/logs/catalina.out <==
2013-09-26 17:12:01,482 http-bio-8095-exec-5 WARN [beans.factory.config.CustomEditorConfigurer] Passing PropertyEditor instances into CustomEditorConfigurer is deprecated: use PropertyEditorRegistrars or PropertyEditor class names instead. Offending key [org.codehaus.xfire.service.ServiceFactory; offending editor instance: org.codehaus.xfire.spring.editors.ServiceFactoryEditor@33279683

==> /opt/atlassian/data/crowd/logs/atlassian-crowd.log <==
2013-09-26 17:12:01,482 http-bio-8095-exec-5 WARN [beans.factory.config.CustomEditorConfigurer] Passing PropertyEditor instances into CustomEditorConfigurer is deprecated: use PropertyEditorRegistrars or PropertyEditor class names instead. Offending key [org.codehaus.xfire.service.ServiceFactory; offending editor instance: org.codehaus.xfire.spring.editors.ServiceFactoryEditor@33279683

==> /opt/atlassian/inst/crowd/apache-tomcat/logs/catalina.out <==
2013-09-26 17:12:02,996 http-bio-8095-exec-2 INFO [service.soap.client.SecurityServerClientImpl] Created new application token: nSk4ZyZKM0uQN2dMQr7NCg00

==> /opt/atlassian/data/crowd/logs/atlassian-crowd.log <==
2013-09-26 17:12:02,996 http-bio-8095-exec-2 INFO [service.soap.client.SecurityServerClientImpl] Created new application token: nSk4ZyZKM0uQN2dMQr7NCg00

==> /opt/atlassian/inst/crowd/apache-tomcat/logs/catalina.out <==
2013-09-26 17:13:36,950 http-bio-8095-exec-22 ERROR [xfire.transport.http.HttpChannel] Server returned error code = 502 for URI : https://atlasapps.myhost.net/crowd/services/SecurityServer. Check server logs for details

==> /opt/atlassian/data/crowd/logs/atlassian-crowd.log <==
2013-09-26 17:13:36,950 http-bio-8095-exec-22 ERROR [xfire.transport.http.HttpChannel] Server returned error code = 502 for URI : https://atlasapps.myhost.net/crowd/services/SecurityServer. Check server logs for details

==> /opt/atlassian/inst/crowd/apache-tomcat/logs/catalina.out <==
2013-09-26 17:13:36,953 http-bio-8095-exec-10 ERROR [xfire.transport.http.HttpChannel] Server returned error code = 502 for URI : https://atlasapps.myhost.net/crowd/services/SecurityServer. Check server logs for details

==> /opt/atlassian/data/crowd/logs/atlassian-crowd.log <==
2013-09-26 17:13:36,953 http-bio-8095-exec-10 ERROR [xfire.transport.http.HttpChannel] Server returned error code = 502 for URI : https://atlasapps.myhost.net/crowd/services/SecurityServer. Check server logs for details

==> /opt/atlassian/inst/crowd/apache-tomcat/logs/catalina.out <==
2013-09-26 17:13:38,921 http-bio-8095-exec-16 ERROR [xfire.transport.http.HttpChannel] Server returned error code = 502 for URI : https://atlasapps.myhost.net/crowd/services/SecurityServer. Check server logs for details

==> /opt/atlassian/data/crowd/logs/atlassian-crowd.log <==
2013-09-26 17:13:38,921 http-bio-8095-exec-16 ERROR [xfire.transport.http.HttpChannel] Server returned error code = 502 for URI : https://atlasapps.myhost.net/crowd/services/SecurityServer. Check server logs for details

I already searched at the available Atlassian resources and google indeed - unfortunately without success :-(

Any help would be very appreciated!

Regards,

Christian

1 answer

1 accepted

3 votes

There are some known issues with Crowd 2.7 when tokens are stored in database. See https://jira.atlassian.com/browse/CWD-3697 and related tickets.

The workaround is to store them in memory. See https://confluence.atlassian.com/display/CROWD/Session+Configuration#SessionConfiguration-token

Suggest an answer

Log in or Sign up to answer
Atlassian Community Anniversary

Happy Anniversary, Atlassian Community!

This community is celebrating its one-year anniversary and Atlassian co-founder Mike Cannon-Brookes has all the feels.

Read more
Community showcase
Maggie Roney
Published Feb 27, 2018 in Crowd

The Crowd team is looking for feedback on Server & Data Center customers' identity strategies!

Do you own more than one Server or Data Center product? Do you have challenges provisioning users across your Atlassian products? Are you spending a lot of time integrating each Atlassian product wit...

573 views 6 13
Read article

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you