Confluence user management via JIRA failed to authenticate

Admins June 6, 2019


We have fresh self hosted installation of Jira Core 8.2.1 and Confluence 6.15.4 at two separate servers(LXC) with Ubuntu 18.04. Both applications were successfully installed, configured postgresql 9.6 database connection and apache2 http/https proxy. After license input there were configured internal user directories at both application with their own administrator accounts.

We have followed instruction from and in part "Delegate user management to Jira" selected option with instruction

After successfully created Application in "Jira User Server" with "application name"=confluence, secure password and IP of confluence server. We used those credentials in confluence "User Directories" -> added "Attlassian Jira" and tested settings. Problem is that we always get error:

"Connection test failed. Response from the server:
com.atlassian.crowd.exception.InvalidAuthenticationException: Application failed to authenticate"

We are getting same error if HTTPS proxy via apache2 is used.

Also run test with stopped JIRA service and got correct error from test that could not reach user management rest service: 

"Connection test failed. Response from the server:
The following URL does not specify a valid Crowd User Management REST service:"


Logs from one of "test settings":

2019-06-06 15:44:10,564 WARN [http-nio-8090-exec-6] [confluence.impl.hibernate.ConfluenceHibernateTransactionManager] doRollback Performing rollback. Transactions:
->[com.atlassian.confluence.user.crowd.ConfluenceCrowdDirectoryService.testConnection]: PROPAGATION_REQUIRED,ISOLATION_DEFAULT,readOnly (Session #994532257)
-- referer: | url: /plugins/servlet/embedded-crowd/configure/jira/ | traceId: ef3f5f925d55be36 | userName: admin
2019-06-06 15:44:10,566 ERROR [http-nio-8090-exec-6] [crowd.embedded.admin.ConfigurationController] handleSubmit Configuration test failed for user directory: [ JIRA Server], type: [ CROWD ]
-- referer: | url: /plugins/servlet/embedded-crowd/configure/jira/ | traceId: ef3f5f925d55be36 | userName: admin
com.atlassian.crowd.exception.runtime.OperationFailedException: com.atlassian.crowd.exception.InvalidAuthenticationException: Application failed to authenticate
Caused by: com.atlassian.crowd.exception.InvalidAuthenticationException: Application failed to authenticate

JIRA server apache logs:
/var/log/apache2/access.log - - [06/Jun/2019:15:44:10 +0200] "POST /rest/usermanagement/1/search?entity-type=user&start-index=0&max-results=1&expand=user HTTP/1.1" 401 574 "-" "Apache-HttpClient/4.5.5 (Java/1.8.0_202)"

[Thu Jun 06 15:44:10.561030 2019] [proxy:trace2] [pid 3324:tid 139655055881984] mod_proxy.c(663): [client] AH03461: attempting to match URI path '/rest/usermanagement/1/search' against prefix '/' for proxying
[Thu Jun 06 15:44:10.561063 2019] [proxy:trace1] [pid 3324:tid 139655055881984] mod_proxy.c(748): [client] AH03464: URI path '/rest/usermanagement/1/search' matches proxy handler 'proxy:http://localhost:8080/rest/usermanagement/1/search'
[Thu Jun 06 15:44:10.561077 2019] [authz_core:debug] [pid 3324:tid 139655055881984] mod_authz_core.c(809): [client] AH01626: authorization result of Require all granted: granted
[Thu Jun 06 15:44:10.561082 2019] [authz_core:debug] [pid 3324:tid 139655055881984] mod_authz_core.c(809): [client] AH01626: authorization result of <RequireAny>: granted
[Thu Jun 06 15:44:10.561092 2019] [proxy_http:trace1] [pid 3324:tid 139655055881984] mod_proxy_http.c(60): [client] HTTP: canonicalising URL //localhost:8080/rest/usermanagement/1/search
[Thu Jun 06 15:44:10.561111 2019] [proxy:trace2] [pid 3324:tid 139655055881984] proxy_util.c(1968): [client] http: found worker http://localhost:8080/ for http://localhost:8080/rest/usermanagement/1/search?entity-type=user&start-index=0&max-results=1&expand=user
[Thu Jun 06 15:44:10.561119 2019] [proxy:debug] [pid 3324:tid 139655055881984] mod_proxy.c(1228): [client] AH01143: Running scheme http handler (attempt 0)
[Thu Jun 06 15:44:10.561124 2019] [proxy_http:trace1] [pid 3324:tid 139655055881984] mod_proxy_http.c(1904): [client] HTTP: serving URL http://localhost:8080/rest/usermanagement/1/search?entity-type=user&start-index=0&max-results=1&expand=user
[Thu Jun 06 15:44:10.561129 2019] [proxy:debug] [pid 3324:tid 139655055881984] proxy_util.c(2162): AH00942: HTTP: has acquired connection for (localhost)
[Thu Jun 06 15:44:10.561135 2019] [proxy:debug] [pid 3324:tid 139655055881984] proxy_util.c(2215): [client] AH00944: connecting http://localhost:8080/rest/usermanagement/1/search?entity-type=user&start-index=0&max-results=1&expand=user to localhost:8080
[Thu Jun 06 15:44:10.561142 2019] [proxy:debug] [pid 3324:tid 139655055881984] proxy_util.c(2424): [client] AH00947: connected /rest/usermanagement/1/search?entity-type=user&start-index=0&max-results=1&expand=user to localhost:8080
[Thu Jun 06 15:44:10.561154 2019] [proxy:trace2] [pid 3324:tid 139655055881984] proxy_util.c(2707): HTTP: reusing backend connection [::1]:58496<>[::1]:8080
[Thu Jun 06 15:44:10.563631 2019] [proxy:debug] [pid 3324:tid 139655055881984] proxy_util.c(2177): AH00943: http: has released connection for (localhost)
[Thu Jun 06 15:44:10.563656 2019] [proxy_http:trace2] [pid 3324:tid 139655055881984] mod_proxy_http.c(1792): [client] end body send


If you require more information or higher level of apache trace logs I can provide them.


With kind regards,

Jan Gardian



2 answers

1 accepted

0 votes
Answer accepted
Admins June 12, 2019

So after few testing with configuring User Directories in Confluence to use Atlassian Jira main problem was in "Server URL" input.

If you have configured https proxy via Apache2/Nginx your base URL in jira is e.g. "" but at the same time jira runs without proxy at "".

So in User Directory Server URL you should input "" and not base jira URL. I also tested connecting via Proxy Host "" but could not connect to backend which runs on localhost.

Dylan August 5, 2021

Hi all,


I know this topic is quite old, but the accepted answer is potentially a workaround of another bigger problem.

Since we faced the same issue, we were able to keep "" in the Server URL configuration. We solved it this way:

  1. In the Nginx configuration, make sure to not have the line: proxy_set_header Authorization ""; (Atlassian wiki source)
    1. If so, delete it and reload configuration (nginx -s reload)
  2. If running Nginx and Jira on the same machine like OP, make sure localhost and are correctly set in /etc/hosts
  3. Add jira base URL in /etc/hosts associated to
    1. e.g. localhost
  4. If using Jira user directories from Confluence as OP, make sure to correctly configure the application (e.g. Confluence) with:
    1. Application IP address (e.g.
    2. Application hostname (e.g.
    3. Localhost (



0 votes
JP _AC Bielefeld Leader_
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
June 6, 2019


why is the mod_authz_core module enabled? Did you whitelist the Confluence URL in Jira. Are there any entries in the Jira application log?



Admins June 7, 2019


Mod_authz_core module is enabled by default apache2 installation. On this module depend modules mod_auhtz_user, mod_authz_server. Also it is used by "Require all granted" configuration that is advised in instruction for apache2 proxy for jira at

Yes whitelist contains:

http\:\/\/confluence\.example\.com.*  Regular expression  Allow incoming true

https\:\/\/confluence\.example\.com.*  Regular expression Allow incoming true  Domain name Allow incoming true  Domain name Allow incoming true


Tested confluence url and all Outgoing and Incoming are ok.


My vhost configuration for apache2(we also do not use any context path as for one application we use one server):

<VirtualHost _default_:80>

ProxyRequests Off

<Proxy *>
Require all granted

RequestHeader unset Authorization
ProxyPass / http://localhost:8080/
ProxyPassReverse / http://localhost:8080/

LogLevel trace6
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined



Regarding Jira application logs I do not see any logs from times when running "Test Settings" from confluence. Only logs can be seen in apache logs.


With kind regards,

Jan Gardian

Admins June 12, 2019

Tested same configuration with http proxy via nginx engine and got same behavior as with apache2. In both cases still getting response 401 "Application failed to authenticate".

Is there some other settings that I need to allow application in confluence or in jira other than whitelist? For SSL I also added internal CA into atlassian keystore. But with SSL or without still getting 401.

Like Dmitrii likes this

Suggest an answer

Log in or Sign up to answer