Come for the products,
stay for the community

The Atlassian Community can help you and your team get more value out of Atlassian products and practices.

Atlassian Community about banner
4,360,701
Community Members
 
Community Events
168
Community Groups

Crucible user management through Jira not working through reverse-proxy

Edited

We're trying to set up Jira user management through a reverse-proxy.

In Jira we've set up a User Server that listens to the IP of the reverse proxy, and Crucible is set to use the Jira URL (the reverse-proxy then forwards it to the Jira application).

We really don't want to enable direct communication between applications, but route everything via reverse-proxy for firewalling reasons.

When I test the connection I get a "com.atlassian.crowd.exception.ApplicationPermissionException: Forbidden (403) Encountered a "403 - Forbidden" error while loading this page. client.forbidden.exception" error.

We've already tried adding the IP of the Crucible server in the Jira User Server entry in case that was somehow sent along as the origin IP, but no luck there. The username/password combo is 100% identical.

A bit more from the log:

2020-03-06 12:33:07,614 INFO [qtp333392524-390 ] com.atlassian.crowd.service.client.ClientPropertiesImpl ClientPropertiesImpl-loadAndLogPropertyString - Loading property: 'application.name' : 'InsertUsernameHere'
2020-03-06 12:33:07,615 INFO [qtp333392524-390 ] com.atlassian.crowd.service.client.ClientPropertiesImpl ClientPropertiesImpl-loadAndLogPropertyString - Failed to find value for property: application.login.url
2020-03-06 12:33:07,615 INFO [qtp333392524-390 ] com.atlassian.crowd.service.client.ClientPropertiesImpl ClientPropertiesImpl-loadAndLogPropertyString - Failed to find value for property: session.tokenkey
2020-03-06 12:33:07,616 INFO [qtp333392524-390 ] com.atlassian.crowd.service.client.ClientPropertiesImpl ClientPropertiesImpl-loadAndLogPropertyString - Failed to find value for property: session.lastvalidation
2020-03-06 12:33:07,616 INFO [qtp333392524-390 ] com.atlassian.crowd.service.client.ClientPropertiesImpl ClientPropertiesImpl-loadAndLogPropertyString - Failed to find value for property: session.validationinterval
2020-03-06 12:33:07,616 INFO [qtp333392524-390 ] com.atlassian.crowd.service.client.ClientPropertiesImpl ClientPropertiesImpl-loadAndLogPropertyString - Failed to find value for property: cookie.domain
2020-03-06 12:33:07,616 INFO [qtp333392524-390 ] com.atlassian.crowd.service.client.ClientPropertiesImpl ClientPropertiesImpl-loadAndLogPropertyString - Failed to find value for property: authentication.method
2020-03-06 12:33:07,616 INFO [qtp333392524-390 ] com.atlassian.crowd.service.client.ClientPropertiesImpl ClientPropertiesImpl-loadAndLogPropertyString - Failed to find value for property: asap.issuer
2020-03-06 12:33:07,616 INFO [qtp333392524-390 ] com.atlassian.crowd.service.client.ClientPropertiesImpl ClientPropertiesImpl-loadAndLogPropertyString - Failed to find value for property: asap.key.id
2020-03-06 12:33:07,617 INFO [qtp333392524-390 ] com.atlassian.crowd.service.client.ClientPropertiesImpl ClientPropertiesImpl-loadAndLogPropertyString - Failed to find value for property: asap.subject.required
2020-03-06 12:33:07,671 ERROR [qtp333392524-390 ] com.atlassian.crowd.embedded.admin.ConfigurationController ConfigurationController-handleSubmit - Configuration test failed for user directory: [ Crowd Directory], type: [ CROWD ]
com.atlassian.crowd.exception.runtime.OperationFailedException: com.atlassian.crowd.exception.ApplicationPermissionException: Forbidden (403) Encountered a "403 - Forbidden" error while loading this page. client.forbidden.exception Go to Jira home
at com.atlassian.crowd.embedded.core.CrowdDirectoryServiceImpl.testConnection(CrowdDirectoryServiceImpl.java:78) [embedded-crowd-core-2.9.5-7fb674b.jar:?]
at com.atlassian.fecru.user.crowd.DelegatingCrowdDirectoryService.testConnection(DelegatingCrowdDirectoryService.java:29) [fisheye.jar:?]
at sun.reflect.GeneratedMethodAccessor1151.invoke(Unknown Source) [?:?]
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) [?:1.8.0_241]
at java.lang.reflect.Method.invoke(Method.java:498) [?:1.8.0_241]

These "failed to find value for property" worry me a bit, but I don't know if they are important here.

1 answer

1 accepted

0 votes
Answer accepted

I managed to solve this in a way that isn't really viable long-term, but it allows me to move on.

Originally, I had the following setup in my Jira User Server:

127.0.0.1
::1
[IP of Jira reverse-proxy]
[IP of Crucible server]

I replaced the two server IPs with an IP wildcard that fits our allotted IP-range, and now things work. Long-term I need to figure out which route I'm missing in my original setup, but for now I can call this "solved".

Suggest an answer

Log in or Sign up to answer
TAGS
Community showcase
Published in Jira

Online AMA this week: Your project management questions answered by Jira Design Lead James Rotanson

We know that great teams require amazing project management chops. It's no surprise that great teams who use Jira have strong project managers, effective workflows, and secrets that bring planning ...

197 views 1 6
Read article

Atlassian Community Events