Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

JIRA 5.1.3 and Juniper IVE (Instant Virtual Extranet)

Andrew Frayling
Andrew Frayling
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
October 10, 2012

Hi,

This is a long shot, but is anyone using JIRA 5.1.x with Juniper IVE for extranet access to JIRA?

After upgrading to JIRA 5.1.3 we're seeing an issue with Rapid Boards where a security exception is being thrown that is resulting in a blank page being displayed rather than the rapid board. The error being thrown is:

Security Error: Content at https://<juniper ive url>/secure/,DanaInfo=<jira url>,Port=8080+RapidBoard.jspa?rapidView=20&useStoredSettings=true may not load data from http://<jira url>:8080/secure/RapidBoard.jspa?rapidView=20.

so it looks like there's javascript being delivered to the client browser via the Juniper IVE url that contains calls to the backend JIRA url which are triggering some sort of cross site scripting protection.

Direct access to the rapid boards is all working fine, it's just when users are accessing via Juniper IVE that this problem is being reported.

If anyone is using Juniper IVE is there a setting to tell it to rewrite the URLs?

Cheers,

Andrew.

Answer
Watch
Like # people like this
1438 views

5 answers

1 accepted

0 votes
Answer accepted
Andrew Frayling
Andrew Frayling
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
June 11, 2013
We finally got a fix for this which required an upgrade of Juniper. Apparently Juniper cold not handle rewriting the HTML5 used by Rapid Boards, but an upgrade to 7.4R2 (build 24401), which had a specific fix for HTML5 rewriting, has fixed the issue.
Reply
0 votes
Jack Tsang
Jack Tsang March 25, 2013

I am also running into this issue since upgrading to Jira 5. I tried using updated the JIRA base URL with the fully qualified domain name and I still run into issues with the issue navigator and Green Hopper.


Any suggestions for things to try would be appreciated.

View More Comments
Jack Tsang
Jack Tsang January 22, 2014

Our IT dept upgraded the firmware to Juniper 8.0R1 recently and it resolved this issue. Thanks Andrew for the solution.

Like
Reply
0 votes
Kerem Caglar [Solveka]
Kerem Caglar [Solveka]
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
March 12, 2013

Hi,

Anybody who have resolved this issue without changing JIRA base URL?

Kerem

Reply
0 votes
Bastian Hammerer
Bastian Hammerer December 17, 2012

Hi,

We are using jira behind juniper sa too. And got the same errors.

We tried to rewrite the js scripts or use proxy mode / proxy server, but no chance to get running properly.

It would be nice to get Jira running properly behind SSL-VPN's like Juniper SA.

For us it is not an option to change the fqdn in Jira.

The dashboard with the gadgets and issue navigator and project view are working fine. Only the Agile and Rapidboard stuff does not working fine.

Thanks,

Reply
0 votes
LucasA
LucasA
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
October 10, 2012

Hi Andrew,

This error happens often when JIRA is running behind a proxy (not necessarily Juniper IVE). Would you make sure that the JIRA Base URL is set accordingly the FQDN from IVE?

Best regards,
Lucas Timm

View More Comments
Andrew Frayling
Andrew Frayling
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
October 10, 2012

Hi Lucas,

Ah, that makes sense, but I think that may break things for people who are not accessing via IVE? The majority of our users access JIRA directly using <JIRA url>, but a small number access via IVE using <IVE url>. If I change the base URL to <IVE url> that's going to break things for people accessing directly isn't it?

Cheers,

Andrew.

Like
LucasA
LucasA
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
October 10, 2012

Andrew,

The answer for your question depends a lot of your internal environment.
Setting the JIRA BaseURL to the IVE's FQDN will enforce JIRA to lookup its internal references over IVE. If you have some user which are currently browsing JIRA through the direct URL but have no access to IVE, they will see many misbehaviors in JIRA (in dashboard, gadgets, etc).

Best regards,
Lucas Timm

Like
Andrew Frayling
Andrew Frayling
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
October 11, 2012
Thanks Lucas. Brain not functioning correctly today :/ Was told everything was working with current config on 4.4.4, but broke with 5.1.3 now I'm not so sure. More testing at my end I think.
Like
Andrew Frayling
Andrew Frayling
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
October 11, 2012

Brain slightly more in gear, but I don't think changing the Base URL is going to work for this. With Juniper IVE the URLs are of the form:

https://portal.mycompany.com/secure/,DanaInfo=jira.mycompany.com,Port=8080+Dashboard.jspa

i.e. the URL, port and path are parameters to the Juniper IVE URL rather than Juniper just masking the backend hostname.

With the base URL set to jira.mycompany.com Juniper is correctly rewriting *most* of the URLs to the portal.mycompany.com/secure/,DanaInfo.... format, but for the URLs on the Agile boards that are triggering the security error it's re-writing them as:

https://portal.mycompany.com/s/en_USozt91j/782/12/ce494a197ed0b0eae57d6525479972de/_/download/contextbatch/js/gh-rapid/,DanaInfo=jira.mycompany.com,Port=8080,CT=js+batch.js

rather than:

https://portal.mycompany.com/secure/,DanaInfo=jira.mycompany.com,Port=8080+s/en_USozt91j/782/12/ce494a197ed0b0eae57d6525479972de/_/download/contextbatch/js/gh-rapid/batch.js

i.e. it's sticking the path to batch.js in the wrong place.

More digging to find out if there's a pattern to URLs it rewrites correctly and ones it doesn't.

Andrew.

Like
Reply

Suggest an answer

Log in or Sign up to answer
Jira
Jira Software
TAGS
AUG Leaders

Atlassian Community Events

    See all events