Problem with user authentication from Bitbacket to Jira

Jira are using as authentication server for Bitbacket. But recently we redirect all traffic to Jira to https. So now users cant authenticate in Bitbacket. Jira base url and server url for Crowd server are the same https://jira.mydomain.com. Application name and password are correct. In Jira white list Bitbacket added. And Bitbacket and Jira have working certificates and accessible by https. But when i testing server setting for connecting to Crowd server i getting error

Connection test failed. Response from the server:
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

As I understand there are some problem with certificates but I dont get how to fix it...

1 answer

1 accepted

You need to add Jira’s certificate to the Bitbucket Java Truststore. Basically this but from BB https://confluence.atlassian.com/adminjiraserver075/connecting-to-ssl-services-935391760.html

Added certificate but now i`m getting error 

Connection test failed. Response from the server:
com.atlassian.crowd.exception.InvalidAuthenticationException: Application failed to authenticate

 For testing i create a new application in Jira user server,  and even turned off white list. But when i creating new user directory in Bitbacket with 100% right name and password i still getting the same error. 

But we have apache before jira, i think its  all about him... Probably the best idea will be to create a new instance and configure Jira with tomcat without any other proxy

It’s much better using a proxy in front. Changing to using Tomcat to terminte SSL won’t help since the problem was on the consuming end.

If you look at the new error, it’s no longer a Java certificate error, this is Jira rejecting the auth attempt.

Do you see an error in the Jira logs? Try putting 0.0.0.0 /0 for the IP of Confluence in Jira. Are you putting in Jira’s IP into Confluence or the hostname? If it’s the IP is it the IP of Apache or direct to Jira? If it’s the IP try switching to hostname since Apache is likely doing name based routing.

Thanks  a lot! You was right with 0.0.0.0 /0 in IP of Jira user server. Its working now.

And i had a Jira hostname in Bitbacket.

But why I shouldn't use tomcat instead of apache? It also can be configured for ssl.

Suggest an answer

Log in or Sign up to answer
How to earn badges on the Atlassian Community

How to earn badges on the Atlassian Community

Badges are a great way to show off community activity, whether you’re a newbie or a Champion.

Learn more
Community showcase
Published yesterday in Jira Service Desk

Wy are we still using email for Service Desk workflows?

...attest to the experience of an urgent approval that gets lost in the boss’s inbox and requires that special “Please Approve” email or text message. In an age where we have distributed teams...

103 views 0 2
Read article

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you