Failed to login trusted application: jira:xxxx due to bad URL signature.

I am not able to link between two Jira instances, even if the application links are well established:

SRC Jira: In/Out Authentication setup to Trustes App (OAuth and Basic are disabled)

DST Jira: In/Out Authentication setup to Trustes App (OAuth and Basic are disabled)

Source JIRA:
2012-10-04 14:55:23,293 http-8080-2 WARN sorins 895x23715x1 f7ng5e 62.200.22.2,127.0.0.1 /secure/SelectTargetProjectAction.jspa [apache.commons.httpclient.HttpMethodBase] Going to buffer response body of large or unknown size. Using getResponseBodyAsStream instead is recommended.
2012-10-04 14:55:24,160 http-8080-2 WARN sorins 895x23716x1 f7ng5e 62.200.22.2,127.0.0.1 /secure/CopyDetailsAction.jspa [apache.commons.httpclient.HttpMethodDirector] Unable to respond to any of these challenges: {oauth=OAuth realm="http%3A%2F%2Fjira-test.uk.xensource.com"}
2012-10-04 14:55:24,160 http-8080-2 ERROR sorins 895x23716x1 f7ng5e 62.200.22.2,127.0.0.1 /secure/CopyDetailsAction.jspa [atlassian.cpji.action.CopyDetailsAction] Authentication failed.
com.atlassian.cpji.rest.UnauthorizedResponseException
	at com.atlassian.cpji.action.CopyDetailsAction$1.handle(CopyDetailsAction.java:128)
	at com.atlassian.cpji.action.CopyDetailsAction$1.handle(CopyDetailsAction.java:118)
	at com.atlassian.applinks.core.auth.ApplicationLinkRequestAdaptor$1.handle(ApplicationLinkRequestAdaptor.java:88)
	at com.atlassian.plugins.rest.module.jersey.JerseyRequest$2.handle(JerseyRequest.java:166)
	at com.atlassian.sal.core.net.HttpClientRequest.executeAndReturn(HttpClientRequest.java:307)
	at com.atlassian.plugins.rest.module.jersey.JerseyRequest.executeAndReturn(JerseyRequest.java:161)
	at com.atlassian.applinks.core.auth.ApplicationLinkRequestAdaptor.execute(ApplicationLinkRequestAdaptor.java:85)
	....
Destination JIRA:
2012-10-04 15:48:06,281 http-8080-3 WARN anonymous 948x453x1 - 172.16.24.143,10.80.225.83,127.0.0.1 /rest/copyissue/latest/plugininfo [auth.trustedapps.filter.TrustedApplicationFilterAuthenticator] Failed to login trusted application: jira:8750805 due to bad URL signature.
2012-10-04 15:48:07,156 http-8080-3 WARN anonymous 948x454x1 - 172.16.24.143,10.80.225.83,127.0.0.1 /rest/copyissue/latest/copyissue/issueTypeInformation/ZZ [auth.trustedapps.filter.TrustedApplicationFilterAuthenticator] Failed to login trusted application: jira:8750805 due to bad URL signature.

Both jira instances are using HTTPS and are behind nginx, nginx providing the HTTPS layer.

How to solve the problem?

3 answers

1 accepted

This widget could not be displayed.

I solved this by adding these to both server.xml files:

<Connector port="8080"
    ...
    scheme="https"
    proxyName="jira.example.com"
    proxyPort="443"
/>

It was present on only one, enough to fail later.

Ah, so it was the proxying, but I was guessing that it was Jira not recognising the proxies, rather than the Tomcat! So close...

Nice work finding it!

This widget could not be displayed.

Obscure thought - is one of the nginx servers running on a separate server from the Jira it is proxying?

If it is, can you try adding that server as a trusted host/application as well as the remote Jira server?

I've seen this when running Jira/Apache on Server 1, Confluence on Server 2, but proxied through Apache on Server 3 - we needed to add Server 3 to the Jira on server 1 as a trusted application as well as the Confluence.

Both nginx servers are running on the same machines as the jira instances.

Note: if you take a look at the logs you will see two strange things:

Unable to respond to any of these challenges: {oauth=OAuth realm="http%3A%2F%2Fjira-test.uk.xensource.com"}

#1 why oauth? it was not configured

#2 why http and not HTTPS, the server cannot work onver HTTP, both of them are configured with base url https://...

I even tries to remove the two links and recreate them, still the realm is using http and not https, which seems like a good reason to fail.

This widget could not be displayed.

We solved this issue by replacing connector in jetty.xml to ajp and by changing settings of apache proxy

#ProxyPass / http://127.0.0.1:8085/
     ProxyPass / ajp://127.0.0.1:8009/

More information about enabling AJP in bamboo:

https://confluence.atlassian.com/pages/viewpage.action?pageId=179447039

Regards,

Stanislav Filippov

NATIVE INSTRUMENTS GmbH

Suggest an answer

Log in or Sign up to answer
Atlassian Summit 2018

Meet the community IRL

Atlassian Summit is an excellent opportunity for in-person support, training, and networking.

Learn more
Community showcase
Posted Aug 06, 2018 in Jira Service Desk

A is for Activate: Share your top Jira Service Desk onboarding tips for new users!

Hi, everyone! Molly here from the Jira Service Desk Product Marketing Team :).  In the spirit of this month's  august-challenge, we're sourcing stories of Jira Service Desk activation fro...

601 views 26 15
Join discussion

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you