Crowd SSO and JIRA does not allow me to login to JIRA

Jerome Taylor March 28, 2013

I am able to configure JIRA 5.x and Fisheye 2.8.x to use Crowd 2.6.x for user authenication, which allows me to login to both applicatins.

When I turn on SSO for Fisheye I can still login to Fisheye.

When i turn on SSO for JIRA based on these instructions https://confluence.atlassian.com/display/CROWD/Integrating+Crowd+with+Atlassian+JIRA I can not login to JIRA.

Here is the log entires from crowd after SSO is enabled in JIRA:

2013-03-29 12:37:50,771 http-8095-10 DEBUG [crowd.manager.authentication.TokenAuthenticationManagerImpl] Authenticating user: ht1792
2013-03-29 12:37:50,775 http-8095-10 DEBUG [atlassian.crowd.directory.SpringLDAPConnector] Performing user search: baseDN = dc=itservices,dc=sbc,dc=com - filter = (&(&(objectCategory=Person)(sAMAccountName=*))(sAMAccountName=ht1792))
2013-03-29 12:37:51,228 http-8095-10 DEBUG [crowd.manager.authentication.TokenAuthenticationManagerImpl] generateUserToken: user ht1792
2013-03-29 12:37:51,229 http-8095-10 DEBUG [manager.token.factory.TokenKeyGeneratorImpl] Generating Token for principal: ht1792
2013-03-29 12:37:51,229 http-8095-10 DEBUG [manager.token.factory.TokenKeyGeneratorImpl] Generating Token for principal: ht1792
2013-03-29 12:37:51,230 http-8095-10 DEBUG [crowd.dao.token.TokenDAOHibernate] Updating object: Token{identifierHash='gEECB0AxG4M0O75ApfqYEg00', lastAccessedTime=1364578671230, createdDate=2013-03-29 11:51:31.261, duration=null, name='ht1792', directoryId=32771}
2013-03-29 12:37:51,230 http-8095-10 DEBUG [crowd.manager.authentication.TokenAuthenticationManagerImpl] User <ht1792> has access to the application <itracktest>

Any help would be appricated.

3 answers

1 accepted

0 votes
Answer accepted
Jerome Taylor April 11, 2013

I check all three configuration and it all looks good.

I can get crowd to authentication users for JIRA and Fisheye (SSO disable for JIRA).

The problem is when I edit the file seraph-config.xml to enable SSO for JIRA. I cannot log into JIRA anymore.

Fisheye url - http://icode.test.att.com/</span<>>

JIRA url - http://scm.test.att.com:8071/

Crowd SSO domain - .test.att.com

Not sure what I am doing wrong.


0 votes
William Zanchet [Atlassian]
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
July 4, 2013

Jerome,

1. What are the URLs being used to access each application?
2. What is the [SSO Domain|http://confluence.atlassian.com/display/CROWD/Domain] value stored in Crowd?
3. Are both applications using the Crowd authenticator at their *WEB-INF/classes/seraph-config.xml* files? Are all the configuration inside *crowd.properties* correct?
4. How many Directories are assigned to each application in Crowd? If more than one, are they in the exact same [order|http://confluence.atlassian.com/display/CROWD/Specifying+the+Directory+Order+for+an+Application]?
5. Are proxy servers being used between Crowd and the applications? If so, please add their IP addresses to the [Trusted Proxy Servers list|http://confluence.atlassian.com/display/CROWD/Configuring+Trusted+Proxy+Servers] in Crowd

Cheers,

WZ

0 votes
Septa Cahyadiputra
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
March 29, 2013

Hi Jerome,

For this kind of issue since you have confirmed that disabling the SSO allow your JIRA integration to work hence the issue might be caused by SSO configuration or environmental issue. Please double check the following configuration:

  • JIRA's crowd.properties
  • Ensure that your SSO domain is configured correctly
  • Check if there are any proxy in between JIRA and Crowd that might messed up the SSO cookies

Hope it helps.

Cheers,
Septa Cahyadiputra

Suggest an answer

Log in or Sign up to answer
TAGS
AUG Leaders

Atlassian Community Events