Create
cancel
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in

It's not the same without you

Join the community to find out what other Atlassian users are discussing, debating and creating.

Atlassian Community Hero Image Collage

Jira with Azure AD Application Proxy

Edited

Hi

We're having some issues with a specific setup where we use Azure AD Application Proxy to allow all users to access the Jira site without VPN by first logging into Azure AD.

  1. Users browse to jira.mysite.com
  2. User is prompted to login to Azure AD
  3. User is forwarded to Jira
  4. User can login to Jira or access company "public" data without logging in to Jira itself (they would not be able to access Jira without logging into the proxy, so we have confirmed they are employees).

This all works fine except for some specific cases.

  • Gadgets on dashboards have their titles/configuration to say _MSG_Gadget_... because Jira accesses itself to fill these in
  • REST API calls to Jira (from within Jira via groovy scripts) fail as they use the Base URL which points to jira.mysite.com as they are prompted to login (I think this is the problem)
  • Possibly other issues regarding the system making calls to itself

The Azure Proxy is setup as follows: jira.mysite.com (external URL) directs to the proxy which directs to jira.mysite.internal (Internal URL) which points to the IP of the server. All users should access the Jira via the jira.mysite.com and not use the internal URL.

Is there a way to tell Jira not to go to jira.mysite.com but directly to itself as in the IP address to load gadgets, and all the other cool stuff?

I tried changing the /etc/hosts file on Linux to point jira.mysite.com to the IP address of itself, but that doesn't seem to do anything for the gadgets.

Anyone have experience with this or an idea of how to approach this?

Thanks in advance8

2 answers

1 accepted

0 votes
Answer accepted

For those interested, we've managed to resolve this problem by using the following setup:

  • We are using a split DNS setup, meaning that the URL is both registered publicly, but from within the local company network, we use a different DNS pointing the URL directly to the server, instead of to the Azure Proxy.
  • E.g.: https://jira.mysite.com on a public network will access public DNS and direct to the Azure proxy. However internally the local DNS will handle the request and point to the server for the same URL.
  • On the Jira server we have an apache proxy handling the incoming requests (of both the azure traffic and the internal network traffic)
  • As Jira is hosted on a server within the local network, it will use the local DNS and be directed directly to it's own server --> gadgets work

Generally we still advise our users to use the company VPN for optimal experience. If the don't, they need to keep the following into account:

  • Communication breakdown errors can happen when the azure authentication token expires as Jira does not refresh these in the background. If you have pages open for extended periods of time and try to do actions, it will throw an error. A simple refresh is the solution
  • Traffic is slightly slower
  • Confluence specifically --> Atlassian Companion app does not work via the proxy

Hey mate - this is literally a nightmare.  We have been through it.  Contact me on LinkedIn https://au.linkedin.com/in/davidclarke08 and ill help you.

Hi David,

Thanks for the reply. I've sent you an invite on LinkedIn, but in regards to the problem, we've already been able to fix it. (But yes, it was indeed a nightmare :D )

Thanks though! I'll post a comment with our approach below.

Kind regards
Jorden

Suggest an answer

Log in or Sign up to answer
TAGS

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you