Problem with user authentication from Bitbacket to Jira

Jira are using as authentication server for Bitbacket. But recently we redirect all traffic to Jira to https. So now users cant authenticate in Bitbacket. Jira base url and server url for Crowd server are the same https://jira.mydomain.com. Application name and password are correct. In Jira white list Bitbacket added. And Bitbacket and Jira have working certificates and accessible by https. But when i testing server setting for connecting to Crowd server i getting error

Connection test failed. Response from the server:
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

As I understand there are some problem with certificates but I dont get how to fix it...

1 answer

1 accepted

Accepted Answer
0 votes
Boris Berenberg Community Champion Oct 19, 2017

You need to add Jira’s certificate to the Bitbucket Java Truststore. Basically this but from BB https://confluence.atlassian.com/adminjiraserver075/connecting-to-ssl-services-935391760.html

Added certificate but now i`m getting error 

Connection test failed. Response from the server:
com.atlassian.crowd.exception.InvalidAuthenticationException: Application failed to authenticate

 For testing i create a new application in Jira user server,  and even turned off white list. But when i creating new user directory in Bitbacket with 100% right name and password i still getting the same error. 

But we have apache before jira, i think its  all about him... Probably the best idea will be to create a new instance and configure Jira with tomcat without any other proxy

Boris Berenberg Community Champion Oct 20, 2017

It’s much better using a proxy in front. Changing to using Tomcat to terminte SSL won’t help since the problem was on the consuming end.

If you look at the new error, it’s no longer a Java certificate error, this is Jira rejecting the auth attempt.

Do you see an error in the Jira logs? Try putting 0.0.0.0 /0 for the IP of Confluence in Jira. Are you putting in Jira’s IP into Confluence or the hostname? If it’s the IP is it the IP of Apache or direct to Jira? If it’s the IP try switching to hostname since Apache is likely doing name based routing.

Thanks  a lot! You was right with 0.0.0.0 /0 in IP of Jira user server. Its working now.

And i had a Jira hostname in Bitbacket.

But why I shouldn't use tomcat instead of apache? It also can be configured for ssl.

Suggest an answer

Log in or Sign up to answer
Community showcase
Posted Sep 18, 2018 in Jira

What modern development practices are at the heart of how your team delivers software?

Hey Community mates! Claire here from the Software Product Marketing team. We all know software development changes rapidly, and it's often tough to keep up. But from our research, we've found the h...

20,618 views 2 7
Join discussion

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you