Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Jira - Crowd not authentcating due to HTTP-403 error

Shivaprasad Hattaraki
Shivaprasad Hattaraki July 15, 2019

I have migrated one Jira instance to another test instance , the migrated data is from Jira instance which is connected with Crowd.

 

I am trying to connect new migrated Jira instance with Crowd but i am facing problem due to following error.

 

Connection test failed. Response from the server:
com.atlassian.crowd.exception.ApplicationPermissionException: HTTP Status 403 – ForbiddenType Status ReportMessage Client with address "10.100.4.219" is forbidden from making requests to the application, jirastg.Description The server understood the request but refuses to authorize it.Apache Tomcat/8.5.34

I have done following work around

Note: if you are migrating/upgrading a Jira instance that already uses Crowd, you will need to merge these files (not overwrite them).

  1. If Jira is running, shut it down first.

  2. Edit the JIRA/atlassian-jira/WEB-INF/classes/seraph-config.xml file. Comment out the authenticator node:

    <!--<authenticator class="com.atlassian.jira.security.login.JiraSeraphAuthenticator"/>-->


    Uncomment the line that contains the new authenticator:

    <authenticator class="com.atlassian.jira.security.login.SSOSeraphAuthenticator"/>
  3. Copy the crowd.properties file from CROWD/client/conf/ to JIRA/atlassian-jira/WEB-INF/classes.

  4. Edit JIRA/atlassian-jira/WEB-INF/classes/crowd.properties. Change the following properties:

  5. KeyValue

    application.name

    jira 
    The application name must match the name that you specified when you defined the application in Crowd (see Step 1 above).

    application.password

    The password must match the one that you specified when you defined the application in Crowd (see Step 1 above).

    crowd.base.url

    eg. (http://localhost:8095/crowd/)
    If your Crowd server's port is configured differently from the default (i.e. 8095), set it accordingly.

    crowd.base.url must be the same URL used to access Crowd in your Browser.

    session.validationinterval

    Set to 0, if you want authentication checks to occur on each request. Otherwise set to the number of minutes between request to validate if the user is logged in or out of the Crowd SSO server. Setting this value to 1 or higher will increase the performance of Crowd's integration.

 

 

Answer
Watch
Like Be the first to like this
2760 views

2 answers

1 accepted

0 votes
Answer accepted
Shivaprasad Hattaraki
Shivaprasad Hattaraki September 10, 2020

The problem was the migrated jira instance had a old crowd credentials in crowd.properties file and new server and crowd server subnet ip address were different. 

Solution: Edited crowd.properties file with latest crowd credentials and added both servers in same subnet group.

Reply
0 votes
Petr Vaníček
Petr Vaníček
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
July 15, 2019

Hi, 

did you add IP or hostname of new Jira instance into Crowd configuration in Applications -> app -> Remote Addresses ?

View More Comments
Shivaprasad Hattaraki
Shivaprasad Hattaraki July 15, 2019

Yes i have added new jira instance ip address in remote addresses.

Like
Reply

Suggest an answer

Log in or Sign up to answer
Crowd
Crowd
TAGS
AUG Leaders

Atlassian Community Events

    See all events