Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

AuthenticationFailedException: AUTHENTICATE failed during test of OAuth2.0 Exchange connection

Xavier Tang
Xavier Tang
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
November 23, 2020

Dear Jira doers,

I'm trying to use the new OAuth 2.0 authentification feature from the last Jira 8.13.0 release. I followed the process (configured OAuth 2.0 link, registered and configured application in Azure AD). When I would test Jira mail server, "Authorze" step is Ok. But, at the last step, "Test Connection", I got "AuthenticationFailedException: AUTHENTICATE failed".

Has someone an idea to overcome this faillure ?

Thanks,

Xavier

Answer
Watch
Like blake.woodington likes this
6910 views

4 answers

1 accepted

1 vote
Answer accepted
Xavier Tang
Xavier Tang
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
December 7, 2020

Hi,

After help from Atlassian, my concern had been solved. Two important points:

- Scopes used within Jira OAuth2.0 should match with permisisons setting in Azure application registration. ("https://outlook.office.com/IMAP.AccessAsUser.All", "https://outlook.office.com/POP.AccessAsUser.All" and "offline_access");

- Jira admin who configures mail servers should have access permission to the authorized mailboxes in Azure application.

 

Regards,

Xavier

View More Comments
Damein Turner
Damein Turner January 30, 2021

Thanks for posting your solution.

When I look for those scope options they aren't available to be chosen in the app registration. 

When selecting the user account to test with is it just testing connecting or trying to access a mailbox ?

Like
Xavier Tang
Xavier Tang
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
April 15, 2021

Sorry I had not seen the notification mail before. If it's always relevant, I'm not sure that there would be an attempt to access the mailbox, but it should check the complete connection to the mailbox.

Xavier

Like
Reply
0 votes
Shanelle Boluyt
Shanelle Boluyt January 18, 2022

We had the same issue.  We could sometimes get the mail server to save, but the handlers would fail.  The mailbox accounts needed the IMAP role, OAUTH needed the scopes listed above, AND we had to be logged on as the mailbox account when configuring the mail server.

However, we had a few systems where logging on as the mailbox account wasn't possible (and I really didn't like giving the mailbox account admin access in Jira)... so I found a workaround that doesn't require you to make the mailbox account an admin in Jira (it doesn't even need to be a Jira account):

1. Open a fresh browser with no cache (I used an incognito window)

2. Go to office.com and logon with the email account

3. Once authenticated, open Jira in a new tab and logon as yourself

4. Configure the mail server.  After clicking authorize, you should have the option to use the mailbox account that you used in Step 2.

5. Test and save.

6. Test your mail handler.

Reply
0 votes
Cory Beaudoin
Cory Beaudoin October 4, 2021

@Xavier Tang Thank you thank you! You're a lifesaver. I wouldn't have thought in a million years to give the mailbox owner admin rights and configure the mail server as the mailbox owner. Worked perfectly for me!

Reply
0 votes
Omprakash Thamsetty
Omprakash Thamsetty
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
April 15, 2021

@Xavier TangI am facing the same issue. Even I saw your other post about enabling Oauth 2.0 . 

My scope is the same in both azure and Jira. So the first point may not be valid to me.

About the second point. I have access to the mailbox with my jira admin account. So what and where exactly should we have access to mailbox in azure ?

 

Jira admin account can be accessible with https://outloo.office365.com/owa/<MailBox> . Anything else I can validate for the second point to make sure I have access to mailbox in azure?
Any help much appreciated.

 

Thanks,

Om

View More Comments
Xavier Tang
Xavier Tang
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
April 15, 2021

Hi,

I found that I should be logged in Jira as the owner of the mailbox and configure the mail server. Once connection test is Ok and configuration saved, I remove the admin permission of the mailbox owner if he (or it) is not a real Jira admin, and I configure then the mail handler in my own name.

Regards,

Xavier

Like
Omprakash Thamsetty
Omprakash Thamsetty
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
April 15, 2021

Hi @Xavier Tang Yes, I even tested with the same mailbox owner. I added mail box owner to jira admin and then tested the connection. Still the same error. I have asked my outlook exchange admin to check but he was seeing the request is with my name. But in jira logs says

 

2021-04-14 15:07:35,694-0400 https-openssl-nio-8443-exec-7 url: /jira/secure/admin/VerifyPopServerConnection!update.jspa; user: Rational.Support ERROR Rational.Support 907x739x1 1hnw9gr 10.xx.xx.xx /secure/admin/VerifyPopServerConnection!update.jspa [c.a.j.p.mail.webwork.VerifyMailServer] Unable to connect to the server at outlook.office365.com due to the following exception: javax.mail.AuthenticationFailedException: AUTHENTICATE failed.

 

Here is my scope

 

https://graph.microsoft.com/offline_access

https://graph.microsoft.com/IMAP.AccessAsUser.All

https://graph.microsoft.com/POP.AccessAsUser.All

 

It is same configuration in both Azure and Jira. Do you think anything wrong in scope ?

 

Do we need to have mailbox owner to be Azure app owner ?

 

Thanks,

Om

Like
Omprakash Thamsetty
Omprakash Thamsetty
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
April 15, 2021

Hi @Xavier Tang Is your scope same as me? I have it graphs instead of atlassian recommendation .

Did you have scope as below ?

 https://outlook.office.com/IMAP.AccessAsUser.All 

https://outlook.office.com/POP.AccessAsUser.All

offline_acc

Like
Omprakash Thamsetty
Omprakash Thamsetty
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
April 15, 2021

@Xavier Tang 

I am able to connect it now. It may be help for others.

 

1)

I just entered the scope AS IS in JIra but in my Azure it is graph scope. That URL is different.

https://outlook.office.com/IMAP.AccessAsUser.All 

https://outlook.office.com/POP.AccessAsUser.All

offline_access

2) I logged into jira with mail box ID itself. This mail box ID added to Jira-administrator group.

Then it is success the authorization and test connection.

Like Xavier Tang likes this
Reply

Suggest an answer

Log in or Sign up to answer
Jira
Jira Software
DEPLOYMENT TYPE
SERVER
VERSION
8.13.0
TAGS
AUG Leaders

Atlassian Community Events

    See all events