Crucible user management through Jira not working through reverse-proxy

Snorre Selmer March 6, 2020

We're trying to set up Jira user management through a reverse-proxy.

In Jira we've set up a User Server that listens to the IP of the reverse proxy, and Crucible is set to use the Jira URL (the reverse-proxy then forwards it to the Jira application).

We really don't want to enable direct communication between applications, but route everything via reverse-proxy for firewalling reasons.

When I test the connection I get a "com.atlassian.crowd.exception.ApplicationPermissionException: Forbidden (403) Encountered a "403 - Forbidden" error while loading this page. client.forbidden.exception" error.

We've already tried adding the IP of the Crucible server in the Jira User Server entry in case that was somehow sent along as the origin IP, but no luck there. The username/password combo is 100% identical.

A bit more from the log:

2020-03-06 12:33:07,614 INFO [qtp333392524-390 ] com.atlassian.crowd.service.client.ClientPropertiesImpl ClientPropertiesImpl-loadAndLogPropertyString - Loading property: 'application.name' : 'InsertUsernameHere'
2020-03-06 12:33:07,615 INFO [qtp333392524-390 ] com.atlassian.crowd.service.client.ClientPropertiesImpl ClientPropertiesImpl-loadAndLogPropertyString - Failed to find value for property: application.login.url
2020-03-06 12:33:07,615 INFO [qtp333392524-390 ] com.atlassian.crowd.service.client.ClientPropertiesImpl ClientPropertiesImpl-loadAndLogPropertyString - Failed to find value for property: session.tokenkey
2020-03-06 12:33:07,616 INFO [qtp333392524-390 ] com.atlassian.crowd.service.client.ClientPropertiesImpl ClientPropertiesImpl-loadAndLogPropertyString - Failed to find value for property: session.lastvalidation
2020-03-06 12:33:07,616 INFO [qtp333392524-390 ] com.atlassian.crowd.service.client.ClientPropertiesImpl ClientPropertiesImpl-loadAndLogPropertyString - Failed to find value for property: session.validationinterval
2020-03-06 12:33:07,616 INFO [qtp333392524-390 ] com.atlassian.crowd.service.client.ClientPropertiesImpl ClientPropertiesImpl-loadAndLogPropertyString - Failed to find value for property: cookie.domain
2020-03-06 12:33:07,616 INFO [qtp333392524-390 ] com.atlassian.crowd.service.client.ClientPropertiesImpl ClientPropertiesImpl-loadAndLogPropertyString - Failed to find value for property: authentication.method
2020-03-06 12:33:07,616 INFO [qtp333392524-390 ] com.atlassian.crowd.service.client.ClientPropertiesImpl ClientPropertiesImpl-loadAndLogPropertyString - Failed to find value for property: asap.issuer
2020-03-06 12:33:07,616 INFO [qtp333392524-390 ] com.atlassian.crowd.service.client.ClientPropertiesImpl ClientPropertiesImpl-loadAndLogPropertyString - Failed to find value for property: asap.key.id
2020-03-06 12:33:07,617 INFO [qtp333392524-390 ] com.atlassian.crowd.service.client.ClientPropertiesImpl ClientPropertiesImpl-loadAndLogPropertyString - Failed to find value for property: asap.subject.required
2020-03-06 12:33:07,671 ERROR [qtp333392524-390 ] com.atlassian.crowd.embedded.admin.ConfigurationController ConfigurationController-handleSubmit - Configuration test failed for user directory: [ Crowd Directory], type: [ CROWD ]
com.atlassian.crowd.exception.runtime.OperationFailedException: com.atlassian.crowd.exception.ApplicationPermissionException: Forbidden (403) Encountered a "403 - Forbidden" error while loading this page. client.forbidden.exception Go to Jira home
at com.atlassian.crowd.embedded.core.CrowdDirectoryServiceImpl.testConnection(CrowdDirectoryServiceImpl.java:78) [embedded-crowd-core-2.9.5-7fb674b.jar:?]
at com.atlassian.fecru.user.crowd.DelegatingCrowdDirectoryService.testConnection(DelegatingCrowdDirectoryService.java:29) [fisheye.jar:?]
at sun.reflect.GeneratedMethodAccessor1151.invoke(Unknown Source) [?:?]
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) [?:1.8.0_241]
at java.lang.reflect.Method.invoke(Method.java:498) [?:1.8.0_241]

These "failed to find value for property" worry me a bit, but I don't know if they are important here.

1 answer

1 accepted

0 votes
Answer accepted
Snorre Selmer March 11, 2020

I managed to solve this in a way that isn't really viable long-term, but it allows me to move on.

Originally, I had the following setup in my Jira User Server:

127.0.0.1
::1
[IP of Jira reverse-proxy]
[IP of Crucible server]

I replaced the two server IPs with an IP wildcard that fits our allotted IP-range, and now things work. Long-term I need to figure out which route I'm missing in my original setup, but for now I can call this "solved".

Suggest an answer

Log in or Sign up to answer
TAGS
AUG Leaders

Atlassian Community Events