Showing results for 
Search instead for 
Did you mean: 
Sign up Log in

Earn badges and make progress

You're on your way to the next level! Join the Kudos program to earn points and save your progress.

Deleted user Avatar
Deleted user

Level 1: Seed

25 / 150 points

Next: Root


1 badge earned


Participate in fun challenges

Challenges come and go, but your rewards stay with you. Do more to earn more!


Gift kudos to your peers

What goes around comes around! Share the love by gifting kudos to your peers.


Rise up in the ranks

Keep earning points to reach the top of the leaderboard. It resets every quarter so you always have a chance!


Come for the products,
stay for the community

The Atlassian Community can help you and your team get more value out of Atlassian products and practices.

Atlassian Community about banner
Community Members
Community Events
Community Groups

Jira - Crowd not authentcating due to HTTP-403 error

I have migrated one Jira instance to another test instance , the migrated data is from Jira instance which is connected with Crowd.


I am trying to connect new migrated Jira instance with Crowd but i am facing problem due to following error.


Connection test failed. Response from the server:
com.atlassian.crowd.exception.ApplicationPermissionException: HTTP Status 403 – ForbiddenType Status ReportMessage Client with address "" is forbidden from making requests to the application, jirastg.Description The server understood the request but refuses to authorize it.Apache Tomcat/8.5.34

I have done following work around

Note: if you are migrating/upgrading a Jira instance that already uses Crowd, you will need to merge these files (not overwrite them).

  1. If Jira is running, shut it down first.
  2. Edit the JIRA/atlassian-jira/WEB-INF/classes/seraph-config.xml file. Comment out the authenticator node:

    <!--<authenticator class=""/>-->

    Uncomment the line that contains the new authenticator:

    <authenticator class=""/>
  3. Copy the file from CROWD/client/conf/ to JIRA/atlassian-jira/WEB-INF/classes.
  4. Edit JIRA/atlassian-jira/WEB-INF/classes/ Change the following properties:

  5. KeyValue

    The application name must match the name that you specified when you defined the application in Crowd (see Step 1 above).


    The password must match the one that you specified when you defined the application in Crowd (see Step 1 above).


    eg. (http://localhost:8095/crowd/)
    If your Crowd server's port is configured differently from the default (i.e. 8095), set it accordingly.

    crowd.base.url must be the same URL used to access Crowd in your Browser.


    Set to 0, if you want authentication checks to occur on each request. Otherwise set to the number of minutes between request to validate if the user is logged in or out of the Crowd SSO server. Setting this value to 1 or higher will increase the performance of Crowd's integration.



2 answers

1 accepted

0 votes
Answer accepted

The problem was the migrated jira instance had a old crowd credentials in file and new server and crowd server subnet ip address were different. 

Solution: Edited file with latest crowd credentials and added both servers in same subnet group.

0 votes


did you add IP or hostname of new Jira instance into Crowd configuration in Applications -> app -> Remote Addresses ?

Yes i have added new jira instance ip address in remote addresses.

Suggest an answer

Log in or Sign up to answer

Atlassian Community Events