Create
cancel
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Deleted user
0 / 0 points
Next:
badges earned

Your Points Tracker
Challenges
Leaderboard
  • Global
  • Feed

Badge for your thoughts?

You're enrolled in our new beta rewards program. Join our group to get the inside scoop and share your feedback.

Join group
Recognition
Give the gift of kudos
You have 0 kudos available to give
Who do you want to recognize?
Why do you want to recognize them?
Kudos
Great job appreciating your peers!
Check back soon to give more kudos.

Past Kudos Given
No kudos given
You haven't given any kudos yet. Share the love above and you'll see it here.

It's not the same without you

Join the community to find out what other Atlassian users are discussing, debating and creating.

Atlassian Community Hero Image Collage

Cannot get Jira to load in browser

Hello, I recently setup Jira Core and Confluence on the same server.  Using SSL reverse proxy, Apache 2.4.  Shibboleth authentication with a SSO SAML plugin by Re:solution. Everything was working fine a few weeks ago, and I put the project on hold while fiscal bought the licenses.  Licenses show up today so I go to install them, but I cannot get Jira to load in a browser.  Confluence works fine though.  I've tried several browsers on different machines, and nothing.  No browser error, just blank.

atlassian-jira.log  says

2018-12-13 15:15:28,946 JIRA-Bootstrap INFO [c.a.jira.startup.JiraStartupLogger]

************************************************************************************
JIRA 7.10.1 build: 710002 started. You can now access JIRA through your web browser.
***********************************************************************

*************

Bypassing the SSO redirect by going to https://my site blah/jira/login.action?nosso should allow for local login but that page does not load either.

And this: wget https://####/jira/login.action?nosso
--2018-12-13 15:59:18-- https://####jira/login.action?nosso
Resolving
Connecting to |:443... connected.
HTTP request sent, awaiting response... 404 Not Found
2018-12-13 15:59:18 ERROR 404: Not Found.

But yet: wget https://######/login.action?nosso
--2018-12-13 16:57:25-- https://#######/confluence/login.action?nosso
Resolving
Connecting to p|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: unspecified [text/html]
Saving to: ‘login.action?nosso’

 

So I'm stuck and not sure where to look cause this all work, and the only changes since then have been some RHEL updates.

thank you for the help - BW

 

1 answer

Hi!

thanks for using our plugin - by what you describe, especially also using the ?nosso URL t doesn't sound like the SSO Plugin should be the Issue here.

Here is a KB Article, how you can start Jira without our Plugin enabled: https://wiki.resolution.de/doc/saml-sso/latest/all/knowledgebase-articles/technical/application-startup-issue-disable-sso-plugin

Instead of using the parameter "--disable-addons" you can also use " -disable-all-addons" which will disable all non-system Addon's. Which is a good troubleshooting step too (https://confluence.atlassian.com/jirakb/add-on-tips-and-tricks-779168621.html)

I can also see that in your test, you are getting a 404 Page Not Found error on the https connection.

This sound like you have a reverse Proxy in front of the Jira/Confluence Server? Do you want to give us a bit more detail on your setup there?

Cheers,
   Christian

Hi Christian

Starting with the plugins disabled has the same effect and yes a reverse proxy is setup.  Here's the relevant bits. 

ProxyRequests Off
ProxyPreserveHost Off
ProxyTimeout 120
ProxyPassInterpolateEnv On

ProxyPass /confluence http://127.0.0.1:8090/confluence
ProxyPassReverse /confluence http://127.0.0.1:8090/confluence

ProxyPass /jira http://127.0.0.1:8080/jira
ProxyPassReverse /jira http://127.0.0.1:8080/jira


<Location />
Require all granted
#AllowOverride All
</Location>

<Location />
AuthType shibboleth
ShibRequireSession On #
ShibUseHeaders On
Require shib-attr #here is our Active Directory group used to access
</Location>

<Location "/Shibboleth.sso">
Order deny,allow
Allow from all
# Ensure shibboleth responds to this path
SetHandler shib
</Location>


# Shib protect /jira location
<Location /jira/plugins/servlet/samlsso>
AuthType shibboleth
#ShibRequireSession On
require shibboleth
 </Location>


# Shib protext /confluence location
<Location /confluence/plugins/servlet/samlsso>
AuthType shibboleth
require shibboleth
</Location>


____________

And here's server.xml

<Connector address="127.0.0.1" port="8080"
maxThreads="150"
minSpareThreads="25"
connectionTimeout="20000"
enableLookups="false"
maxHttpHeaderSize="8192"
protocol="HTTP/1.1"
useBodyEncodingForURI="true"
redirectPort="8443"
acceptCount="100"
disableUploadTimeout="true"
scheme="https"
proxyName="###
proxyPort="443"
bindOnInit="false"/>

<Context path="/jira" docBase="${catalina.home}/atlassian-jira" reloadable="false" useHttpOnly="true">


 thank you - Boyd

Hi Boyd,

ok - if it still happens with Plugins disabled, then it has got nothing to do with our SSO Plugin or any of the other one's.

Not sure what you try to achieve with AuthType Shibboleth in front of our Plugin Path? It looks a bit like you are forcing a Shibboleth Authentication before our Plugin can actually do the Single Sign On for the first time. 
This should not be necessary as if there isn't an established shibboleth session before we do the redirect for the first time, then Shibboleth will just do the Authentication then & there. But this shouldn't be the reason your Jira doesn't load.

What happens when you do a  

wget -v http://127.0.0.1:8080/jira 

locally on the machine where you are running this i.e. not going via the Proxy?


Cheers,
    Christian

Hello, finally getting back around to this...

I put the same proxy config above in a non-ssl vhost, commented out all the Shibboleth locations, and Jira works just fine over HTTP.  HTTPS gives a "service unavailable screen".

wget:

Connecting to 127.0.0.1:8080... connected.
HTTP request sent, awaiting response... 302
Location: /jira/ [following]
--2019-02-14 16:19:16-- http://127.0.0.1:8080/jira/
Reusing existing connection to 127.0.0.1:8080.
HTTP request sent, awaiting response... 200
Length: unspecified [text/html]
Saving to: ‘jira’

[ <=> ] 45,672 --.-K/s in 0.02s

 

Like I said this was working fine, nothing with the Jira/Apache configs changed.  I looked back through the yum logs and noticed that the cacerts got updated.  Would that have an effect since I'm using Apache for SSL?  Not really sure where to look. 

Here's some debug log from an attempt to connect via HTTPS.

[Thu Feb 14 16:21:45.291261 2019] [socache_shmcb:debug] [pid 6689] mod_socache_shmcb.c(522): AH00835: socache_shmcb_retrieve (0x29 -> subcache 9)
[Thu Feb 14 16:21:45.291286 2019] [socache_shmcb:debug] [pid 6689] mod_socache_shmcb.c(877): AH00851: shmcb_subcache_retrieve found no match
[Thu Feb 14 16:21:45.291292 2019] [socache_shmcb:debug] [pid 6689] mod_socache_shmcb.c(532): AH00836: leaving socache_shmcb_retrieve successfully
[Thu Feb 14 16:21:45.291322 2019] [ssl:debug] [pid 6689] ssl_engine_kernel.c(1891): [client 10.15.200.30:41474] AH02043: SSL virtual host for servername ***jira*** found
[Thu Feb 14 16:21:45.301920 2019] [ssl:debug] [pid 6689] ssl_engine_kernel.c(1824): [client 10.15.200.30:41474] AH02041: Protocol: TLSv1.2, Cipher: ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)
[Thu Feb 14 16:21:45.301997 2019] [ssl:debug] [pid 6689] ssl_engine_kernel.c(225): [client 10.15.200.30:41474] AH02034: Initial (No.1) HTTPS request received for child 19 (server **jira***:443)
[Thu Feb 14 16:21:45.302010 2019] [mod_shib:debug] [pid 6689] mod_shib.cpp(369): [client 10.15.200.30:41474] get_request_config created per-request structure
[Thu Feb 14 16:21:45.302153 2019] [authz_core:debug] [pid 6689] mod_authz_core.c(809): [client 10.15.200.30:41474] AH01626: authorization result of Require all granted: granted
[Thu Feb 14 16:21:45.302169 2019] [authz_core:debug] [pid 6689] mod_authz_core.c(809): [client 10.15.200.30:41474] AH01626: authorization result of <RequireAny>: granted
[Thu Feb 14 16:21:45.302225 2019] [mod_shib:debug] [pid 6689] mod_shib.cpp(984): [client 10.15.200.30:41474] shib_fixups entered in pid (6689)
[Thu Feb 14 16:21:45.302288 2019] [proxy:debug] [pid 6689] mod_proxy.c(1123): [client 10.15.200.30:41474] AH01143: Running scheme http handler (attempt 0)
[Thu Feb 14 16:21:45.302305 2019] [proxy:debug] [pid 6689] proxy_util.c(2203): AH00942: HTTP: has acquired connection for (*)
[Thu Feb 14 16:21:45.302312 2019] [proxy:debug] [pid 6689] proxy_util.c(2256): [client 10.15.200.30:41474] AH00944: connecting http://localhost:8090/jira/secure/Dashboard.jspa to localhost:8090
[Thu Feb 14 16:21:45.303011 2019] [proxy:debug] [pid 6689] proxy_util.c(2426): [client 10.15.200.30:41474] AH00947: connected /jira/secure/Dashboard.jspa to localhost:8090
[Thu Feb 14 16:21:45.303138 2019] [proxy:debug] [pid 6689] proxy_util.c(2793): (111)Connection refused: AH00957: HTTP: attempt to connect to [::1]:8090 (*) failed
[Thu Feb 14 16:21:45.303211 2019] [proxy:error] [pid 6689] (111)Connection refused: AH00957: HTTP: attempt to connect to 127.0.0.1:8090 (*) failed
[Thu Feb 14 16:21:45.303233 2019] [proxy_http:error] [pid 6689] [client 10.15.200.30:41474] AH01114: HTTP: failed to make connection to backend: localhost
[Thu Feb 14 16:21:45.303238 2019] [proxy:debug] [pid 6689] proxy_util.c(2218): AH00943: HTTP: has released connection for (*)
[Thu Feb 14 16:21:45.303382 2019] [ssl:debug] [pid 6689] ssl_engine_io.c(993): [client 10.15.200.30:41474] AH02001: Connection closed to child 19 with standard shutdown (server **jira**:443)
[Thu Feb 14 16:21:45.354777 2019] [ssl:info] [pid 6676] [client 10.15.200.30:41476] AH01964: Connection to child 15 established (server ***jira***:443)
[Thu Feb 14 16:21:45.354933 2019] [ssl:debug] [pid 6676] ssl_engine_kernel.c(1891): [client 10.15.200.30:41476] AH02043: SSL virtual host for servername ***jira*** found
[Thu Feb 14 16:21:45.355502 2019] [ssl:debug] [pid 6676] ssl_engine_kernel.c(1824): [client 10.15.200.30:41476] AH02041: Protocol: TLSv1.2, Cipher: ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)
[Thu Feb 14 16:21:45.357531 2019] [ssl:debug] [pid 6676] ssl_engine_kernel.c(225): [client 10.15.200.30:41476] AH02034: Initial (No.1) HTTPS request received for child 15 (server ***jira***:443)
[Thu Feb 14 16:21:45.357547 2019] [mod_shib:debug] [pid 6676] mod_shib.cpp(369): [client 10.15.200.30:41476] get_request_config created per-request structure
[Thu Feb 14 16:21:45.357619 2019] [authz_core:debug] [pid 6676] mod_authz_core.c(809): [client 10.15.200.30:41476] AH01626: authorization result of Require all granted: granted
[Thu Feb 14 16:21:45.357627 2019] [authz_core:debug] [pid 6676] mod_authz_core.c(809): [client 10.15.200.30:41476] AH01626: authorization result of <RequireAny>: granted
[Thu Feb 14 16:21:45.357647 2019] [mod_shib:debug] [pid 6676] mod_shib.cpp(984): [client 10.15.200.30:41476] shib_fixups entered in pid (6676)
[Thu Feb 14 16:21:45.357669 2019] [proxy:debug] [pid 6676] mod_proxy.c(1123): [client 10.15.200.30:41476] AH01143: Running scheme http handler (attempt 0)
[Thu Feb 14 16:21:45.357675 2019] [proxy:debug] [pid 6676] proxy_util.c(2203): AH00942: HTTP: has acquired connection for (*)
[Thu Feb 14 16:21:45.357680 2019] [proxy:debug] [pid 6676] proxy_util.c(2256): [client 10.15.200.30:41476] AH00944: connecting http://localhost:8090/favicon.ico to localhost:8090
[Thu Feb 14 16:21:45.357821 2019] [proxy:debug] [pid 6676] proxy_util.c(2426): [client 10.15.200.30:41476] AH00947: connected /favicon.ico to localhost:8090
[Thu Feb 14 16:21:45.357879 2019] [proxy:debug] [pid 6676] proxy_util.c(2793): (111)Connection refused: AH00957: HTTP: attempt to connect to [::1]:8090 (*) failed
[Thu Feb 14 16:21:45.357935 2019] [proxy:error] [pid 6676] (111)Connection refused: AH00957: HTTP: attempt to connect to 127.0.0.1:8090 (*) failed
[Thu Feb 14 16:21:45.357944 2019] [proxy_http:error] [pid 6676] [client 10.15.200.30:41476] AH01114: HTTP: failed to make connection to backend: localhost
[Thu Feb 14 16:21:45.357948 2019] [proxy:debug] [pid 6676] proxy_util.c(2218): AH00943: HTTP: has released connection for (*)
[Thu Feb 14 16:21:45.358027 2019] [ssl:debug] [pid 6676] ssl_engine_io.c(993): [client 10.15.200.30:41476] AH02001: Connection closed to child 15 with standard shutdown (server ***jira***:443)

 

Thank you - Boyd

Suggest an answer

Log in or Sign up to answer
TAGS
Community showcase
Published in Jira Service Management

JSM June ask me anything (AMA)

Hello Community members! We’re wrapping up the end of JSM June with an Ask Me Anything (AMA) with the Jira Service Management product team. This is your chance to ask all your ITSM questions to o...

161 views 9 10
Read article

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you