Failed to login trusted application: jira:xxxx due to bad URL signature.

I am not able to link between two Jira instances, even if the application links are well established:

SRC Jira: In/Out Authentication setup to Trustes App (OAuth and Basic are disabled)

DST Jira: In/Out Authentication setup to Trustes App (OAuth and Basic are disabled)

Source JIRA:
2012-10-04 14:55:23,293 http-8080-2 WARN sorins 895x23715x1 f7ng5e 62.200.22.2,127.0.0.1 /secure/SelectTargetProjectAction.jspa [apache.commons.httpclient.HttpMethodBase] Going to buffer response body of large or unknown size. Using getResponseBodyAsStream instead is recommended.
2012-10-04 14:55:24,160 http-8080-2 WARN sorins 895x23716x1 f7ng5e 62.200.22.2,127.0.0.1 /secure/CopyDetailsAction.jspa [apache.commons.httpclient.HttpMethodDirector] Unable to respond to any of these challenges: {oauth=OAuth realm="http%3A%2F%2Fjira-test.uk.xensource.com"}
2012-10-04 14:55:24,160 http-8080-2 ERROR sorins 895x23716x1 f7ng5e 62.200.22.2,127.0.0.1 /secure/CopyDetailsAction.jspa [atlassian.cpji.action.CopyDetailsAction] Authentication failed.
com.atlassian.cpji.rest.UnauthorizedResponseException
	at com.atlassian.cpji.action.CopyDetailsAction$1.handle(CopyDetailsAction.java:128)
	at com.atlassian.cpji.action.CopyDetailsAction$1.handle(CopyDetailsAction.java:118)
	at com.atlassian.applinks.core.auth.ApplicationLinkRequestAdaptor$1.handle(ApplicationLinkRequestAdaptor.java:88)
	at com.atlassian.plugins.rest.module.jersey.JerseyRequest$2.handle(JerseyRequest.java:166)
	at com.atlassian.sal.core.net.HttpClientRequest.executeAndReturn(HttpClientRequest.java:307)
	at com.atlassian.plugins.rest.module.jersey.JerseyRequest.executeAndReturn(JerseyRequest.java:161)
	at com.atlassian.applinks.core.auth.ApplicationLinkRequestAdaptor.execute(ApplicationLinkRequestAdaptor.java:85)
	....
Destination JIRA:
2012-10-04 15:48:06,281 http-8080-3 WARN anonymous 948x453x1 - 172.16.24.143,10.80.225.83,127.0.0.1 /rest/copyissue/latest/plugininfo [auth.trustedapps.filter.TrustedApplicationFilterAuthenticator] Failed to login trusted application: jira:8750805 due to bad URL signature.
2012-10-04 15:48:07,156 http-8080-3 WARN anonymous 948x454x1 - 172.16.24.143,10.80.225.83,127.0.0.1 /rest/copyissue/latest/copyissue/issueTypeInformation/ZZ [auth.trustedapps.filter.TrustedApplicationFilterAuthenticator] Failed to login trusted application: jira:8750805 due to bad URL signature.

Both jira instances are using HTTPS and are behind nginx, nginx providing the HTTPS layer.

How to solve the problem?

3 answers

1 accepted

I solved this by adding these to both server.xml files:

<Connector port="8080"
    ...
    scheme="https"
    proxyName="jira.example.com"
    proxyPort="443"
/>

It was present on only one, enough to fail later.

Ah, so it was the proxying, but I was guessing that it was Jira not recognising the proxies, rather than the Tomcat! So close...

Nice work finding it!

2 votes

Obscure thought - is one of the nginx servers running on a separate server from the Jira it is proxying?

If it is, can you try adding that server as a trusted host/application as well as the remote Jira server?

I've seen this when running Jira/Apache on Server 1, Confluence on Server 2, but proxied through Apache on Server 3 - we needed to add Server 3 to the Jira on server 1 as a trusted application as well as the Confluence.

Both nginx servers are running on the same machines as the jira instances.

Note: if you take a look at the logs you will see two strange things:

Unable to respond to any of these challenges: {oauth=OAuth realm="http%3A%2F%2Fjira-test.uk.xensource.com"}

#1 why oauth? it was not configured

#2 why http and not HTTPS, the server cannot work onver HTTP, both of them are configured with base url https://...

I even tries to remove the two links and recreate them, still the realm is using http and not https, which seems like a good reason to fail.

We solved this issue by replacing connector in jetty.xml to ajp and by changing settings of apache proxy

#ProxyPass / http://127.0.0.1:8085/
     ProxyPass / ajp://127.0.0.1:8009/

More information about enabling AJP in bamboo:

https://confluence.atlassian.com/pages/viewpage.action?pageId=179447039

Regards,

Stanislav Filippov

NATIVE INSTRUMENTS GmbH

Suggest an answer

Log in or Join to answer
Community showcase
Sarah Schuster
Posted Jan 29, 2018 in Jira

What are common themes you've seen across successful & failed Jira Software implementations?

Hey everyone! My name is Sarah Schuster, and I'm a Customer Success Manager in Atlassian specializing in Jira Software Cloud. Over the next few weeks I will be posting discussion topics (8 total) to ...

3,316 views 14 20
Join discussion

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you
Atlassian Team Tour

Join us on the Team Tour

We're bringing product updates and pro tips on teamwork to ten cities around the world.

Save your spot