Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Problem with user authentication from Bitbacket to Jira

Vitaliy
Vitaliy October 19, 2017

Jira are using as authentication server for Bitbacket. But recently we redirect all traffic to Jira to https. So now users cant authenticate in Bitbacket. Jira base url and server url for Crowd server are the same https://jira.mydomain.com. Application name and password are correct. In Jira white list Bitbacket added. And Bitbacket and Jira have working certificates and accessible by https. But when i testing server setting for connecting to Crowd server i getting error

Connection test failed. Response from the server:
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

As I understand there are some problem with certificates but I dont get how to fix it...

Answer
Watch
Like Be the first to like this
667 views

1 answer

1 accepted

0 votes
Answer accepted
Boris Berenberg - Atlas Authority
Boris Berenberg - Atlas Authority
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
October 19, 2017

You need to add Jira’s certificate to the Bitbucket Java Truststore. Basically this but from BB https://confluence.atlassian.com/adminjiraserver075/connecting-to-ssl-services-935391760.html

View More Comments
Vitaliy
Vitaliy October 20, 2017

Added certificate but now i`m getting error 

Connection test failed. Response from the server:
com.atlassian.crowd.exception.InvalidAuthenticationException: Application failed to authenticate

 For testing i create a new application in Jira user server,  and even turned off white list. But when i creating new user directory in Bitbacket with 100% right name and password i still getting the same error. 

But we have apache before jira, i think its  all about him... Probably the best idea will be to create a new instance and configure Jira with tomcat without any other proxy

Like
Boris Berenberg - Atlas Authority
Boris Berenberg - Atlas Authority
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
October 20, 2017

It’s much better using a proxy in front. Changing to using Tomcat to terminte SSL won’t help since the problem was on the consuming end.

If you look at the new error, it’s no longer a Java certificate error, this is Jira rejecting the auth attempt.

Do you see an error in the Jira logs? Try putting 0.0.0.0 /0 for the IP of Confluence in Jira. Are you putting in Jira’s IP into Confluence or the hostname? If it’s the IP is it the IP of Apache or direct to Jira? If it’s the IP try switching to hostname since Apache is likely doing name based routing.

Like
Vitaliy
Vitaliy October 20, 2017

Thanks  a lot! You was right with 0.0.0.0 /0 in IP of Jira user server. Its working now.

And i had a Jira hostname in Bitbacket.

But why I shouldn't use tomcat instead of apache? It also can be configured for ssl.

Like
Reply

Suggest an answer

Log in or Sign up to answer
Jira
Jira Software
TAGS
AUG Leaders

Atlassian Community Events

    See all events