Connecting JIRA to Crowd Throwing ApplicationPermissionException
Symptoms
- Crowd users are unable to login to JIRA.
- While testing the directory configuration, the below error is displayed on the configuration screen:
Additionally, the below exception will appear in the atlassian-jira.log
:
2015-02-10 16:55:54,616 atlassian-scheduler-quartz1.clustered_Worker-2 WARN [directory.ldap.cache.EventTokenChangedCacheRefresher] Could not update event token.
com.atlassian.crowd.exception.OperationFailedException: com.atlassian.crowd.exception.ApplicationPermissionException: HTTP Status 403 - Client with address "123.123.123.123" is forbidden from making requests to the application, avengers.type Status reportmessage Client with address "123.123.123.123" is forbidden from making requests to the application, avengers.description Access to the specified resource (Client with address "123.123.123.123" is forbidden from making requests to the application, avengers.) has been forbidden.Apache Tomcat/6.0.32
at com.atlassian.crowd.directory.RemoteCrowdDirectory.getCurrentEventToken(RemoteCrowdDirectory.java:757)
at com.atlassian.crowd.directory.ldap.cache.EventTokenChangedCacheRefresher.synchroniseAll(EventTokenChangedCacheRefresher.java:54)
at com.atlassian.crowd.directory.DbCachingRemoteDirectory.synchroniseCache(DbCachingRemoteDirectory.java:1014)
at com.atlassian.crowd.manager.directory.DirectorySynchroniserImpl.synchronise(DirectorySynchroniserImpl.java:75)
at com.atlassian.jira.crowd.embedded.JiraDirectorySynchroniser.synchronizeDirectory(JiraDirectorySynchroniser.java:96)
at com.atlassian.jira.crowd.embedded.JiraDirectorySynchroniser.runJob(JiraDirectorySynchroniser.java:60)
at com.atlassian.scheduler.core.JobLauncher.runJob(JobLauncher.java:135)
at com.atlassian.scheduler.core.JobLauncher.launchAndBuildResponse(JobLauncher.java:101)
at com.atlassian.scheduler.core.JobLauncher.launch(JobLauncher.java:80)
at com.atlassian.scheduler.quartz1.Quartz1Job.execute(Quartz1Job.java:32)
at org.quartz.core.JobRunShell.run(JobRunShell.java:223)
at org.quartz.simpl.SimpleThreadPool$WorkerThread.run(SimpleThreadPool.java:549)
Caused by: com.atlassian.crowd.exception.ApplicationPermissionException: HTTP Status 403 - Client with address "123.123.123.123" is forbidden from making requests to the application, avengers.type Status reportmessage Client with address "123.123.123.123" is forbidden from making requests to the application, avengers.description Access to the specified resource (Client with address "123.123.123.123" is forbidden from making requests to the application, avengers.) has been forbidden.Apache Tomcat/6.0.32
at com.atlassian.crowd.integration.rest.service.RestExecutor$MethodExecutor.throwError(RestExecutor.java:490)
at com.atlassian.crowd.integration.rest.service.RestExecutor$MethodExecutor.andReceive(RestExecutor.java:344)
at com.atlassian.crowd.integration.rest.service.RestCrowdClient.getCurrentEventToken(RestCrowdClient.java:1052)
at com.atlassian.crowd.directory.RemoteCrowdDirectory.getCurrentEventToken(RemoteCrowdDirectory.java:754)
... 11 more
Cause
This is caused by the difference in the IP addresses configured in Crowd and the IP addresses used by the JIRA instance which is connecting to the Crowd server.
This error message isn't very pretty, so we've raised an issue to get it fixed: JRA-25598 - Getting issue details... STATUS
Resolution
- Login to the Crowd server and locate the Application administered for the JIRA instance.
- Switch to the Remote Addresses tab.
- Remove/Add the IP Addresses to match the IP Address of the JIRA server.
- If JIRA and Crowd are running on the same server, you may need to add both
localhost
and127.0.0.1
to the IP Address list. - If JIRA is configured to use a Proxy server, you may need to add this proxy server address to the IP Address list, or Exclude the Crowd Address from being proxied using the
*.nonProxyHosts
argument.
- If JIRA and Crowd are running on the same server, you may need to add both
Re-test the connection to the Crowd from JIRA.
Please take a look at our Integrating Crowd with Atlassian Jira docs, specifically the section Define the JIRA Application in Crowd for more details on this configuration.