Remote Crowd directory test successful, yet user fails to authenticate

I have implemented a custom directory in Crowd by implementing RemoteDirectory interface; and configured Jira to use this custom directory for authentication.  I am able to test this custom directory from Jira by using a sample user from the custom directory.  However, when I try to login to Jira using this user, it fails to authenticate.  

I ran this RemoteDirectory implementation in debug mode to make sure that the authenticate method returns the User object as desired.  Can anyone please help understand why it fails to authenticate from Jira. 

Thanks

Rizwan

1 answer

0 vote
Ann Worley Atlassian Team May 19, 2017

Is there an error in the browser when it doesn't work? Or are there any related errors in the <JIRA_home>/log/atlassian-jira.log? These will help us take a closer look.

Thanks for the direction Ann.  The error message displayed in the browser is "You do not have a permission to log in. If you think this is incorrect, please contact your JIRA administrators."  I don't see any errors in atlassian-jira.log, However, I find them in the file atlassian-jira-security.log.  The error messages I see are:

The user 'jseymour' is NOT AUTHORIZED to perform to login for this request.
login : 'jseymour' tried to login but they do not have USE permission or weren't found. Deleting remember me cookie.
The user 'jseymour' is NOT AUTHORIZED to perform this request.
The user 'jseymour' is NOT AUTHORIZED to perform to login for this request (16 times)

The message that reads "... do not have USE permission ..." is soemwhat specific.  I logged on to Crowd and made sure that this user is add to Jira application in Crowd.  It sounds like this is some kind of configuration related issue that I have not figured out yet.  

Any help is greatly appreciated please.

Thanks,

Rizwan

Ann Worley Atlassian Team May 22, 2017

It sounds like the user is not in a group that has Global Permission for JIRA. (Cog wheel>system>Global permissions) The default is jira-users. The Crowd setup instructions recommend creating permission groups in Crowd:

"JIRA also requires particular groups to exist in the directory in order to authenticate users. You need to ensure that these three groups exist in the JIRA Directory in Crowd:
jira-users
jira-developers
jira-administrators"

Thanks Ann, This helped me move in the right direction, and my issue is resolved (almost). I also found this link searching for this solution: https://confluence.atlassian.com/jirakb/unable-to-login-to-jira-applications-596770904.html.

I already had the three groups in Jira Directory in Crowd - but those are in the internal directory, not Custom directory. Custom directory comes with its own groups. I just had to assign permissions for the groups in Custom Directory in Jira (Cog wheel>system>Global permissions). The reason why I said "almost" resolved is...

In my Global Permissions, I do not see "JIRA users" permissions, only "Browse Users". I assigned the custom group to "Browse Users" set of permissions but it did not work. Then I assigned the custom group to "JIRA administrators" and it worked. I need to figure out why I don't have "JIRA Users" permissions in my Global permissions. This is in JIRA, not in Crowd. If you happen to know the resolution to this, it would be great.

And again, thanks a lot for the help.

Ann Worley Atlassian Team May 23, 2017

In JIRA go to Applications and then application Access. To log in, the user must belong to a group on that page: <Base_URL/secure/admin/ApplicationAccess.jspa. You can add your custom group at the bottom of the page:

Screen Shot 2017-05-23 at 9.42.16 AM.png

Ann, Please ignore my question in the previous comment.  I think I resolved the issue I had.  I also had to assign Application Access to the Custom Directory groups in JIRA.  For instance, right now, I did the following in JIRA.  

Cog Wheel -> System -> Applications -> Application Access.  And here I added the custom directory groups to the application access.  And now the Custom directory users from the added groups are able to login to JIRA without having to add them to JIRA administrators.

From this point on, I think, any issues I may have may be related to the complex permission schemes I need to configure.  My primary issue with making the custom directory interface (RemoteDirectory) work is resolved.

Thanks a lot again!

Sorry, I posted my comment before reading your reply.  Thanks!  This Application Access page resolved my issue.

Suggest an answer

Log in or Join to answer
Community showcase
Emilee Spencer
Published Friday in Marketplace Apps

Marketplace Spotlight: DeepAffects

Hello Atlassian Community! My name is Emilee, and I’m a Product Marketing Manager for the Marketplace team. Starting with this post, I'm kicking off a monthly series of Spotlights to highlight Ma...

56 views 0 3
Read article

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you
Atlassian Team Tour

Join us on the Team Tour

We're bringing product updates and pro tips on teamwork to ten cities around the world.

Save your spot