I am not able to link between two Jira instances, even if the application links are well established:
SRC Jira: In/Out Authentication setup to Trustes App (OAuth and Basic are disabled)
DST Jira: In/Out Authentication setup to Trustes App (OAuth and Basic are disabled)
Source JIRA:
2012-10-04 14:55:23,293 http-8080-2 WARN sorins 895x23715x1 f7ng5e 62.200.22.2,127.0.0.1 /secure/SelectTargetProjectAction.jspa [apache.commons.httpclient.HttpMethodBase] Going to buffer response body of large or unknown size. Using getResponseBodyAsStream instead is recommended. 2012-10-04 14:55:24,160 http-8080-2 WARN sorins 895x23716x1 f7ng5e 62.200.22.2,127.0.0.1 /secure/CopyDetailsAction.jspa [apache.commons.httpclient.HttpMethodDirector] Unable to respond to any of these challenges: {oauth=OAuth realm="http%3A%2F%2Fjira-test.uk.xensource.com"} 2012-10-04 14:55:24,160 http-8080-2 ERROR sorins 895x23716x1 f7ng5e 62.200.22.2,127.0.0.1 /secure/CopyDetailsAction.jspa [atlassian.cpji.action.CopyDetailsAction] Authentication failed. com.atlassian.cpji.rest.UnauthorizedResponseException at com.atlassian.cpji.action.CopyDetailsAction$1.handle(CopyDetailsAction.java:128) at com.atlassian.cpji.action.CopyDetailsAction$1.handle(CopyDetailsAction.java:118) at com.atlassian.applinks.core.auth.ApplicationLinkRequestAdaptor$1.handle(ApplicationLinkRequestAdaptor.java:88) at com.atlassian.plugins.rest.module.jersey.JerseyRequest$2.handle(JerseyRequest.java:166) at com.atlassian.sal.core.net.HttpClientRequest.executeAndReturn(HttpClientRequest.java:307) at com.atlassian.plugins.rest.module.jersey.JerseyRequest.executeAndReturn(JerseyRequest.java:161) at com.atlassian.applinks.core.auth.ApplicationLinkRequestAdaptor.execute(ApplicationLinkRequestAdaptor.java:85) ....
Destination JIRA:
2012-10-04 15:48:06,281 http-8080-3 WARN anonymous 948x453x1 - 172.16.24.143,10.80.225.83,127.0.0.1 /rest/copyissue/latest/plugininfo [auth.trustedapps.filter.TrustedApplicationFilterAuthenticator] Failed to login trusted application: jira:8750805 due to bad URL signature. 2012-10-04 15:48:07,156 http-8080-3 WARN anonymous 948x454x1 - 172.16.24.143,10.80.225.83,127.0.0.1 /rest/copyissue/latest/copyissue/issueTypeInformation/ZZ [auth.trustedapps.filter.TrustedApplicationFilterAuthenticator] Failed to login trusted application: jira:8750805 due to bad URL signature.
Both jira instances are using HTTPS and are behind nginx, nginx providing the HTTPS layer.
How to solve the problem?
I solved this by adding these to both server.xml files:
<Connector port="8080" ... scheme="https" proxyName="jira.example.com" proxyPort="443" />
It was present on only one, enough to fail later.
Ah, so it was the proxying, but I was guessing that it was Jira not recognising the proxies, rather than the Tomcat! So close...
Nice work finding it!
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Obscure thought - is one of the nginx servers running on a separate server from the Jira it is proxying?
If it is, can you try adding that server as a trusted host/application as well as the remote Jira server?
I've seen this when running Jira/Apache on Server 1, Confluence on Server 2, but proxied through Apache on Server 3 - we needed to add Server 3 to the Jira on server 1 as a trusted application as well as the Confluence.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Both nginx servers are running on the same machines as the jira instances.
Note: if you take a look at the logs you will see two strange things:
Unable to respond to any of these challenges: {oauth=OAuth realm=
"http%3A%2F%2Fjira-test.uk.xensource.com"
}
#1 why oauth? it was not configured
#2 why http and not HTTPS, the server cannot work onver HTTP, both of them are configured with base url https://...
I even tries to remove the two links and recreate them, still the realm is using http and not https, which seems like a good reason to fail.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
We solved this issue by replacing connector in jetty.xml to ajp and by changing settings of apache proxy
#ProxyPass / http://127.0.0.1:8085/ ProxyPass / ajp://127.0.0.1:8009/
More information about enabling AJP in bamboo:
https://confluence.atlassian.com/pages/viewpage.action?pageId=179447039
Regards,
Stanislav Filippov
NATIVE INSTRUMENTS GmbH
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.