Come for the products,
stay for the community

The Atlassian Community can help you and your team get more value out of Atlassian products and practices.

Atlassian Community about banner
Community Members
Community Events
Community Groups

Jira with Azure AD Application Proxy



We're having some issues with a specific setup where we use Azure AD Application Proxy to allow all users to access the Jira site without VPN by first logging into Azure AD.

  1. Users browse to
  2. User is prompted to login to Azure AD
  3. User is forwarded to Jira
  4. User can login to Jira or access company "public" data without logging in to Jira itself (they would not be able to access Jira without logging into the proxy, so we have confirmed they are employees).

This all works fine except for some specific cases.

  • Gadgets on dashboards have their titles/configuration to say _MSG_Gadget_... because Jira accesses itself to fill these in
  • REST API calls to Jira (from within Jira via groovy scripts) fail as they use the Base URL which points to as they are prompted to login (I think this is the problem)
  • Possibly other issues regarding the system making calls to itself

The Azure Proxy is setup as follows: (external URL) directs to the proxy which directs to jira.mysite.internal (Internal URL) which points to the IP of the server. All users should access the Jira via the and not use the internal URL.

Is there a way to tell Jira not to go to but directly to itself as in the IP address to load gadgets, and all the other cool stuff?

I tried changing the /etc/hosts file on Linux to point to the IP address of itself, but that doesn't seem to do anything for the gadgets.

Anyone have experience with this or an idea of how to approach this?

Thanks in advance8

2 answers

1 accepted

1 vote
Answer accepted

For those interested, we've managed to resolve this problem by using the following setup:

  • We are using a split DNS setup, meaning that the URL is both registered publicly, but from within the local company network, we use a different DNS pointing the URL directly to the server, instead of to the Azure Proxy.
  • E.g.: on a public network will access public DNS and direct to the Azure proxy. However internally the local DNS will handle the request and point to the server for the same URL.
  • On the Jira server we have an apache proxy handling the incoming requests (of both the azure traffic and the internal network traffic)
  • As Jira is hosted on a server within the local network, it will use the local DNS and be directed directly to it's own server --> gadgets work

Generally we still advise our users to use the company VPN for optimal experience. If the don't, they need to keep the following into account:

  • Communication breakdown errors can happen when the azure authentication token expires as Jira does not refresh these in the background. If you have pages open for extended periods of time and try to do actions, it will throw an error. A simple refresh is the solution
  • Traffic is slightly slower
  • Confluence specifically --> Atlassian Companion app does not work via the proxy

Hi Jorden,

Thanks for your answer! I am facing the same problem. 

Can you please provide more details regarding the Apache proxy config?

Thanks in advance, 


Hi @afernandes 

We used the documentation from Atlassian:

On the Application Proxy you need to provide a PFX file which holds the details of the certificates that apache proxy is working with. This will make sure that both the application proxy as any other direct traffic is all running securely over SSL.

Kind regards

Like afernandes likes this

Hey mate - this is literally a nightmare.  We have been through it.  Contact me on LinkedIn and ill help you.

Hi David,

Thanks for the reply. I've sent you an invite on LinkedIn, but in regards to the problem, we've already been able to fix it. (But yes, it was indeed a nightmare :D )

Thanks though! I'll post a comment with our approach below.

Kind regards

Suggest an answer

Log in or Sign up to answer