OAuth fails when linking jira and confluence over SSL

I'm trying to link jira (v6.0.7) and confluence (v5.2.3) together over https. Jira runs on his own server on port 6443 over https, confluence runs on his own server on port 6543 over https. Both servers are in the same domain and do not have a proxy between them. I can successfully establish an application link between jira and confluence. The certificates are correctly installed and i also created a project link. But when i try to link jira issues to confluence or to a confluence page to jira it doesn't work. When i look at my application link, it says that the "application link seems to be offline". I also cannot configure incoming authentications because of a missing XSFR-Form Token. However, when i switch jira and confluence to http, everything works as expected.

I have following output in the log files:

Jira-log:

2013-09-05 15:03:56,241 http-bio-6443-exec-1 WARN mramprecht 903x201x1 wlcy6m 172.21.101.96 /plugins/servlet/applinks/listApplicationLinks [atlassian.applinks.ui.BatchedJSONi18NBuilderFactory] Duplicate i18n entry for key 'applinks.auth.provider.com.atlassian.applinks.api.auth.types.OAuthAuthenticationProvider'

2013-09-05 15:13:16,045 pool-5-thread-8 WARN mramprecht 913x225x1 wlcy6m 172.21.101.96 /rest/applinks/1.0/listApplicationlinks [apache.commons.httpclient.SimpleHttpConnectionManager] SimpleHttpConnectionManager being used incorrectly. Be sure that HttpMethod.releaseConnection() is always called and that only one thread and/or method is using this connection manager at a time.

2013-09-05 15:13:18,822 http-bio-6443-exec-17 WARN mramprecht 913x230x2 wlcy6m 172.21.101.96 /rest/applinks/1.0/permission/reciprocate-application-delete/58fb70e1-1479-3d90-a488-5464d10bf7c4 [apache.commons.httpclient.HttpMethodDirector] Unable to respond to any of these challenges: {oauth=OAuth realm="https%3A%2F%2Fconfluence.ktn.gv.at%3A6543"}

2013-09-05 15:13:18,823 http-bio-6443-exec-17 WARN mramprecht 913x230x2 wlcy6m 172.21.101.96 /rest/applinks/1.0/permission/reciprocate-application-delete/58fb70e1-1479-3d90-a488-5464d10bf7c4 [applinks.core.rest.PermissionResource] Authentication failed for application link Confluence (58fb70e1-1479-3d90-a488-5464d10bf7c4) https://confluence.ktn.gv.at:6543 com.atlassian.applinks.application.confluence.ConfluenceApplicationTypeImpl@7f0b4e. Response headers: {WWW-Authenticate=OAuth realm="https%3A%2F%2Fconfluence.ktn.gv.at%3A6543", Date=Thu, 05 Sep 2013 13:13:18 GMT, Vary=Accept, Content-Length=174, Expires=Thu, 01 Jan 1970 01:00:00 CET, X-Seraph-Trusted-App-Error=BAD_SIGNATURE;Bad signature for URL: {0};["https://confluence.ktn.gv.at/rest/applinks/1.0/permission/delete-application/d5769c27-0a3f-3709-8aab-197d79378ac3"], X-Seraph-Trusted-App-Status=ERROR, Connection=close, Content-Type=application/xml, Server=Apache-Coyote/1.1, Cache-Control=no-transform, Pragma=No-cache} body: <?xml version="1.0" encoding="UTF-8" standalone="yes"?><status><status-code>401</status-code><message>Client must be authenticated to access this resource.</message></status>

2013-09-05 15:13:19,760 http-bio-6443-exec-25 WARN mramprecht 913x231x1 wlcy6m 172.21.101.96 /rest/applinks/1.0/applicationlink/58fb70e1-1479-3d90-a488-5464d10bf7c4 [atlassian.streams.internal.ActivityProviderConnectionMonitorImpl] Application links were updated. Flushing the reachable activity provider cache.

2013-09-05 15:16:41,987 http-bio-6443-exec-14 INFO mramprecht 916x246x1 1vyud2x 172.21.100.53 /plugins/servlet/applinks/auth/conf/trusted/autoconfig/58fb70e1-1479-3d90-a488-5464d10bf7c4 [security.auth.trustedapps.DefaultTrustedApplicationManager] mramprecht is storing TrustedApplication: 0 applicationId: confluence:5831536

Confluence-log:

2013-09-05 15:13:18,857 WARN [http-6543-3] [auth.trustedapps.filter.TrustedApplicationFilterAuthenticator] authenticate Failed to login trusted application: jira:13989532 due to bad URL signature.

2013-09-05 15:13:39,044 WARN [http-6543-5] [atlassian.applinks.ui.BatchedJSONi18NBuilderFactory] put Duplicate i18n entry for key 'applinks.auth.provider.com.atlassian.applinks.api.auth.types.OAuthAuthenticationProvider'

-- referer: https://confluence.ktn.gv.at:6543/plugins/servlet/upm | url: /admin/listapplicationlinks.action | userName: mramprecht | action: listapplicationlinks

2013-09-05 15:13:39,044 WARN [http-6543-5] [atlassian.applinks.ui.BatchedJSONi18NBuilderFactory] put Duplicate i18n entry for key 'applinks.auth.provider.com.atlassian.applinks.api.auth.types.OAuthAuthenticationProvider'

2013-09-05 15:13:39,606 WARN [pool-4-thread-6] [apache.commons.httpclient.SimpleHttpConnectionManager] getConnectionWithTimeout SimpleHttpConnectionManager being used incorrectly. Be sure that HttpMethod.releaseConnection() is always called and that only one thread and/or method is using this connection manager at a time.

2013-09-05 15:13:42,086 WARN [http-6543-2] [apache.commons.httpclient.HttpMethodDirector] processWWWAuthChallenge Unable to respond to any of these challenges: {oauth=OAuth realm="https%3A%2F%2Fjira.ktn.gv.at"}

-- referer: https://confluence.ktn.gv.at:6543/admin/listapplicationlinks.action | url: /rest/applinks/1.0/permission/reciprocate-application-delete/d5769c27-0a3f-3709-8aab-197d79378ac3 | userName: mramprecht

2013-09-05 15:13:42,086 WARN [http-6543-2] [applinks.core.rest.PermissionResource] handle Authentication failed for application link Jira (d5769c27-0a3f-3709-8aab-197d79378ac3) https://jira.ktn.gv.at:6443 com.atlassian.applinks.application.jira.JiraApplicationTypeImpl@13df228. Response headers: {WWW-Authenticate=OAuth realm="https%3A%2F%2Fjira.ktn.gv.at", Content-Length=174, Set-Cookie=atlassian.xsrf.token=BIK1-W8T6-H0MB-EHWX|490a9158438f55cfa86cc255fd4fb69bc1252e07|lout; Path=/, X-Seraph-Trusted-App-Error=APP_UNKNOWN;Unknown Application: {0};["confluence:5831536"], Connection=close, X-AUSERNAME=anonymous, Server=Apache-Coyote/1.1, Cache-Control=no-transform, Vary=Accept, Date=Thu, 05 Sep 2013 13:13:41 GMT, X-Seraph-Trusted-App-Status=ERROR, Content-Type=application/xml;charset=UTF-8, X-AREQUESTID=913x238x1} body: <?xml version="1.0" encoding="UTF-8" standalone="yes"?><status><status-code>401</status-code><message>Client must be authenticated to access this resource.</message></status>

2013-09-05 15:16:41,883 WARN [http-6543-5] [confluence.extra.jira.DefaultProjectKeyCache] handle No project keys retrieved anonymously from Jira

2 answers

1 accepted

Accepted Answer
2 votes

From your description, it seems like a bug in JRA-34550 which is due to a bug in the Shared Access Layer. Please try for the workaround solution for the moment.

Also, have you tried adding this workaround previously? I know that it says reverse proxy, but a quick test wouldn't hurt. :)

Thanks, changing the port helped me out. I'm gonna keep it that way until it gets fixed :)

I have the same problem trying to establish application link between Confluence 5.2.3 but with jira version 5.0.3 both on https and the symptoms are the same as specified above.

Possibly worth specified that I was able to create application link to the same jira server (v5.0.3) from fisheye (v3.0.3) and from another jira server (v5.2.11) as well, both on https and running on the same server as the confluence instance.

If you find any solution to this problem I'm also interested.

Suggest an answer

Log in or Sign up to answer
Community showcase
Posted Sep 18, 2018 in Jira

What modern development practices are at the heart of how your team delivers software?

Hey Community mates! Claire here from the Software Product Marketing team. We all know software development changes rapidly, and it's often tough to keep up. But from our research, we've found the h...

25,932 views 2 7
Join discussion

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you