Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Failed to login trusted application: jira:xxxx due to bad URL signature.

Sorin Sbarnea (
Sorin Sbarnea (Citrix)
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
October 3, 2012

I am not able to link between two Jira instances, even if the application links are well established:

SRC Jira: In/Out Authentication setup to Trustes App (OAuth and Basic are disabled)

DST Jira: In/Out Authentication setup to Trustes App (OAuth and Basic are disabled)

Source JIRA:
2012-10-04 14:55:23,293 http-8080-2 WARN sorins 895x23715x1 f7ng5e 62.200.22.2,127.0.0.1 /secure/SelectTargetProjectAction.jspa [apache.commons.httpclient.HttpMethodBase] Going to buffer response body of large or unknown size. Using getResponseBodyAsStream instead is recommended.
2012-10-04 14:55:24,160 http-8080-2 WARN sorins 895x23716x1 f7ng5e 62.200.22.2,127.0.0.1 /secure/CopyDetailsAction.jspa [apache.commons.httpclient.HttpMethodDirector] Unable to respond to any of these challenges: {oauth=OAuth realm="http%3A%2F%2Fjira-test.uk.xensource.com"}
2012-10-04 14:55:24,160 http-8080-2 ERROR sorins 895x23716x1 f7ng5e 62.200.22.2,127.0.0.1 /secure/CopyDetailsAction.jspa [atlassian.cpji.action.CopyDetailsAction] Authentication failed.
com.atlassian.cpji.rest.UnauthorizedResponseException
	at com.atlassian.cpji.action.CopyDetailsAction$1.handle(CopyDetailsAction.java:128)
	at com.atlassian.cpji.action.CopyDetailsAction$1.handle(CopyDetailsAction.java:118)
	at com.atlassian.applinks.core.auth.ApplicationLinkRequestAdaptor$1.handle(ApplicationLinkRequestAdaptor.java:88)
	at com.atlassian.plugins.rest.module.jersey.JerseyRequest$2.handle(JerseyRequest.java:166)
	at com.atlassian.sal.core.net.HttpClientRequest.executeAndReturn(HttpClientRequest.java:307)
	at com.atlassian.plugins.rest.module.jersey.JerseyRequest.executeAndReturn(JerseyRequest.java:161)
	at com.atlassian.applinks.core.auth.ApplicationLinkRequestAdaptor.execute(ApplicationLinkRequestAdaptor.java:85)
	....
Destination JIRA:
2012-10-04 15:48:06,281 http-8080-3 WARN anonymous 948x453x1 - 172.16.24.143,10.80.225.83,127.0.0.1 /rest/copyissue/latest/plugininfo [auth.trustedapps.filter.TrustedApplicationFilterAuthenticator] Failed to login trusted application: jira:8750805 due to bad URL signature.
2012-10-04 15:48:07,156 http-8080-3 WARN anonymous 948x454x1 - 172.16.24.143,10.80.225.83,127.0.0.1 /rest/copyissue/latest/copyissue/issueTypeInformation/ZZ [auth.trustedapps.filter.TrustedApplicationFilterAuthenticator] Failed to login trusted application: jira:8750805 due to bad URL signature.

Both jira instances are using HTTPS and are behind nginx, nginx providing the HTTPS layer.

How to solve the problem?

Answer
Watch
Like Gerald Schneider likes this
1907 views

3 answers

1 accepted

6 votes
Answer accepted
Sorin Sbarnea (
Sorin Sbarnea (Citrix)
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
October 3, 2012

I solved this by adding these to both server.xml files:

<Connector port="8080"
    ...
    scheme="https"
    proxyName="jira.example.com"
    proxyPort="443"
/>


It was present on only one, enough to fail later.


 


 

					
				
			
			
			
				
			
			
			
			
			
			
		

		
		
	

	
	


	

		
	
	


		

	

		

			
		

	



		

	
				

			

			
 

		

	
				
				
			

		

	

	

	



	

	


	

	
	
	
		

			

	
		

			

			
	

	

		


	

	
				View More Comments
			

	

	


		

	

	
		

	       	
	 

	
		
	

	       	
		

	



        


              



	

	

	 
	
	
	 
	
	

	

	

	
		

			

			
	

	

		


	

	
		

			

				
					
		

			
 

			

				

					

		

		

		

		

		

		

		

		

		

		

		

		

		

		

		

		

		

		

		

		

		

		

		

		

		

		

		

		

		

		

		

			

	

		

			

	
		
			
		
			

 
 Nic Brough -Adaptavist-  
 
 Nic Brough -Adaptavist- 
 Community Leader 
 
 
  
 Community Leader 
 
 Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators. 
 
 Become a leader 
 
 
   October 3, 2012         
 

		
	
	


		

	

		

			

	
		
			

		

	
		

			
				
					
					
						
Ah, so it was the proxying, but I was guessing that it was Jira not recognising the proxies, rather than the Tomcat!  So close...


Nice work finding it!

					
				
			
			
			
				
			
			
			
			
			
			
		

		
		
	

	
	


	

		
	
	


		

	

		

			
		

	



		

	
				

			

			
 

		

	
				
				
			

		

	

	

	



	

	


	

	
	
	

	
		

	       	
	 

	
		
	

	       	
		

	



  Like         
              


    

      Reply
    

      
 


      



        



	

	

	 
	
	
	 
	
	

	

	

	
		

			

			
	

	

		


	

	
		

			

				
					
		

			
 

			

				

					

		

		

		

		

		

		

		

		

		

		

		

		

		

		

		

		

		

		

		

		

		

		

		

		

		

		

		

		

		

		

		

			

	

		

			

	
		
			




 
      
 2  votes  
 
 
 
 
 
  
 
 
 
 

		
			

 
 Nic Brough -Adaptavist-  
 
 Nic Brough -Adaptavist- 
 Community Leader 
 
 
  
 Community Leader 
 
 Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators. 
 
 Become a leader 
 
 
   October 3, 2012         
 

		
	
	


		

	

		

			

	
		
			

		

	
		

			
				
					
					
						
Obscure thought - is one of the nginx servers running on a separate server from the Jira it is proxying?


If it is, can you try adding that server as a trusted host/application as well as the remote Jira server?


I've seen this when running Jira/Apache on Server 1, Confluence on Server 2, but proxied through Apache on Server 3 - we needed to add Server 3 to the Jira on server 1 as a trusted application as well as the Confluence.

					
				
			
			
			
				
			
			
			
			
			
			
		

		
		
	

	
	


	

		
	
	


		

	

		

			
		

	



		

	
				

			

			
 

		

	
				
				
			

		

	

	

	



	

	


	

	
	
	
		

			

	
		

			

			
	

	

		


	

	
				View More Comments
			

	

	


		

	

	
		

	       	
	 

	
		
	

	       	
		

	



        


              



	

	

	 
	
	
	 
	
	

	

	

	
		

			

			
	

	

		


	

	
		

			

				
					
		

			
 

			

				

					

		

		

		

		

		

		

		

		

		

		

		

		

		

		

		

		

		

		

		

		

		

		

		

		

		

		

		

		

		

		

		

			

	

		

			

	
		
			
		
			

 
 Sorin Sbarnea (  
 
 Sorin Sbarnea (Citrix) 
 Rising Star 
 
 
  
 Rising Star 
 
 Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders. 
 
 Get recognized 
 
 
   October 3, 2012         
 

		
	
	


		

	

		

			

	
		
			

		

	
		

			
				
					
					
						
Both nginx servers are running on the same machines as the jira instances.


Note: if you take a look at the logs you will see two strange things: 


Unable to respond to any of these challenges: {oauth=OAuth realm="http%3A%2F%2Fjira-test.uk.xensource.com"}


#1 why oauth? it was not configured


#2 why http and not HTTPS, the server cannot work onver HTTP, both of them are configured with base url https://... 


I even tries to remove the two links and recreate them, still the realm is using http and not https, which seems like a good reason to fail.


 

					
				
			
			
			
				
			
			
			
			
			
			
		

		
		
	

	
	


	

		
	
	


		

	

		

			
		

	



		

	
				

			

			
 

		

	
				
				
			

		

	

	

	



	

	


	

	
	
	

	
		

	       	
	 

	
		
	

	       	
		

	



  Like         
              


    

      Reply
    

      
       



        



	

	

	 
	
	
	 
	
	

	

	

	
		

			

			
	

	

		


	

	
		

			

				
					
		

			
 

			

				

					

		

		

		

		

		

		

		

		

		

		

		

		

		

		

		

		

		

		

		

		

		

		

		

		

		

		

		

		

		

		

		

			

	

		

			

	
		
			




 
      
 0  votes  
 
 
 
 
 
  
 
 
 
 

		
			

 
 Stanislav Filippov  
 
 Stanislav Filippov  November 14, 2012         
 

		
	
	


		

	

		

			

	
		
			

		

	
		

			
				
					
					
						
We solved this issue by replacing connector in jetty.xml to ajp and by changing settings of apache proxy


#ProxyPass / http://127.0.0.1:8085/
     ProxyPass / ajp://127.0.0.1:8009/


 


 


More information about enabling AJP in bamboo:


https://confluence.atlassian.com/pages/viewpage.action?pageId=179447039


Regards,


Stanislav Filippov


NATIVE INSTRUMENTS GmbH 

					
				
			
			
			
				
			
			
			
			
			
			
		

		
		
	

	
	


	

		
	
	


		

	

		

			
		

	



		

	
				

			

			
 

		

	
				
				
			

		

	

	

	



	

	


	

	
	
	

	
		

	       	
	 

	
		
	

	       	
		

	



        



    

      Reply
    

      
 
  
    
  




  




 
Suggest an answer
 
 Log in or Sign up to answer 
 
  
		
			

		
			

		
	
	


		

			

	
		
			
		
			
		
			

   
 Jira 
  
 Jira Software 
  
 
TAGS
   


		
			

		
			
  
 
 
 
 AUG Leaders 
 
 
 
Atlassian Community Events
 
 
 
 
 
     
     See all events