Come for the products,
stay for the community

The Atlassian Community can help you and your team get more value out of Atlassian products and practices.

Atlassian Community about banner
4,293,780
Community Members
 
Community Events
165
Community Groups

Jira - Crowd not authentcating due to HTTP-403 error

I have migrated one Jira instance to another test instance , the migrated data is from Jira instance which is connected with Crowd.

 

I am trying to connect new migrated Jira instance with Crowd but i am facing problem due to following error.

 

Connection test failed. Response from the server:
com.atlassian.crowd.exception.ApplicationPermissionException: HTTP Status 403 – ForbiddenType Status ReportMessage Client with address "10.100.4.219" is forbidden from making requests to the application, jirastg.Description The server understood the request but refuses to authorize it.Apache Tomcat/8.5.34

I have done following work around

Note: if you are migrating/upgrading a Jira instance that already uses Crowd, you will need to merge these files (not overwrite them).

  1. If Jira is running, shut it down first.
  2. Edit the JIRA/atlassian-jira/WEB-INF/classes/seraph-config.xml file. Comment out the authenticator node:

    <!--<authenticator class="com.atlassian.jira.security.login.JiraSeraphAuthenticator"/>-->


    Uncomment the line that contains the new authenticator:

    <authenticator class="com.atlassian.jira.security.login.SSOSeraphAuthenticator"/>
  3. Copy the crowd.properties file from CROWD/client/conf/ to JIRA/atlassian-jira/WEB-INF/classes.
  4. Edit JIRA/atlassian-jira/WEB-INF/classes/crowd.properties. Change the following properties:

  5. KeyValue

    application.name

    jira 
    The application name must match the name that you specified when you defined the application in Crowd (see Step 1 above).

    application.password

    The password must match the one that you specified when you defined the application in Crowd (see Step 1 above).

    crowd.base.url

    eg. (http://localhost:8095/crowd/)
    If your Crowd server's port is configured differently from the default (i.e. 8095), set it accordingly.

    crowd.base.url must be the same URL used to access Crowd in your Browser.

    session.validationinterval

    Set to 0, if you want authentication checks to occur on each request. Otherwise set to the number of minutes between request to validate if the user is logged in or out of the Crowd SSO server. Setting this value to 1 or higher will increase the performance of Crowd's integration.

 

 

2 answers

1 accepted

0 votes
Answer accepted

The problem was the migrated jira instance had a old crowd credentials in crowd.properties file and new server and crowd server subnet ip address were different. 

Solution: Edited crowd.properties file with latest crowd credentials and added both servers in same subnet group.

Hi, 

did you add IP or hostname of new Jira instance into Crowd configuration in Applications -> app -> Remote Addresses ?

Yes i have added new jira instance ip address in remote addresses.

Suggest an answer

Log in or Sign up to answer
TAGS
Community showcase
Posted in Jira Service Management

Jira Service Management Documentation Opportunities

Hello everyone, Hope everyone is safe! A few months ago we posted an article sharing all the new articles and documentation that we, the AMER Jira Service Management team created. As mentioned ...

219 views 0 6
Join discussion

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you