Bamboo lost connection to the external user directory preventing users from logging in

Still need help?

The Atlassian Community is here for you.

Ask the community

Platform Notice: Server and Data Center Only - This article only applies to Atlassian products on the server and data center platforms.

This Knowledge Base Article is only meant for Bamboo instances prior v6.6.

A new feature Embedded Crowd has been introduced in most recent Bamboo version (v6.6 or above) and this can be review in Bamboo 6.6 Release Notes

If you are running Bamboo v6.6 or above, please refer to Connecting to external user directories instead.

Symptoms

Users are unable to login to Bamboo

2014-10-20 11:15:18,427 ERROR [http-apr-8085-exec-64] [DefaultUserAccessor] Error in getUser():com.atlassian.crowd.exception.OperationFailedException: javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake

Similar to the above error you may see other similar errors surrounding the getUser() function or errors pertaining to a failure to communicate with either the Crowd or JIRA server that houses the userbase.

Diagnosis

A drop in connection between Bamboo server and user server (JIRA, Crowd, etc.) has occurred.

Cause

There are a number of potential causes here:

  1. Remote user server is down
  2. Network changes have blocked the connection
    1. New firewall in place is not allowing traffic between the two servers
    2. The baseURL of one of the servers has changed
    3. SSL has been enabled/disabled on one and config has not been updated
    4. Proxy has changed and now traffic is routing incorrectly
    5. Any one of a million other common network issues
  3. Application access credentials have changed and Bamboo no longer has permission on remote app


Workaround

The following steps will update the configuration of Bamboo from using the external user directory to utilizing the internal user directory.

  1. Stop Bamboo
  2. Backup the <Bamboo Home Directory>/xml-data/configuration/atlassian-user.xml to a different location
  3. Do one of the following:

    1. Replace its contents with the following:

      atlassian-user.xml
      <atlassian-user>
          <repositories>
              <hibernate name="Hibernate Repository" key="hibernateRepository" description="Hibernate Repository" cache="true"/>
          </repositories>
      </atlassian-user> 
    2. Replace the file entirely with a brand new <Bamboo Install Directory>/atlassian-bamboo/WEB-INF/classes/atlassian-user.xml

  4. Clear the data from the following tables in case you had too many unsuccessful login attempts and to clear stale login tokens:

    DELETE FROM auth_attempt_info;
    DELETE FROM rememberme_token;
  5. (Optional) Disable SSO 

    Open seraph-config.xml found under <bamboo-install>\atlassian-bamboo\WEB-INF\classes and check if SSO is disabled (see last line):

    seraph-config.xml
    <init-param>
            <!--
              the URL to redirect to when the user explicitly clicks on a login link (rather than being redirected after
              trying to access a protected resource). Most of the time, this will be the same value as 'login.url'.
                - same properties as login.url above
            -->
            <param-name>link.login.url</param-name>
            <param-value>/userlogin!default.action?os_destination=${originalurl}</param-value>
            <!--<param-value>/secure/Dashboard.jspa?os_destination=${originalurl}</param-value>-->
            <!--<param-value>http://sso.mycompany.com/login?redirectTo=${originalurl}</param-value>-->       
    </init-param>

    Ensure the com.atlassian.crowd.integration.seraph.v25.BambooAuthenticator is commented out and the com.atlassian.bamboo.user.authentication.BambooAuthenticator is uncommented, example below:

        <!-- Determines what roles (permissions) a user has. -->
        <rolemapper class="com.atlassian.bamboo.user.authentication.BambooRoleMapper"/>
        <authenticator class="com.atlassian.bamboo.user.authentication.BambooAuthenticator"/>
        <controller class="com.atlassian.bamboo.user.authentication.BambooSecurityController"/>
        <elevatedsecurityguard class="com.atlassian.bamboo.user.authentication.BambooElevatedSecurityGuard"/>    <!-- If you're authenticating against a Crowd server you can use this authenticator for single sign-on.
             Enable it after configuring your Crowd properties through user management and restart Bamboo. It does not support
             Crowd property changes at runtime. If you need to switch back to local users, revert the change and
             restart Bamboo again.
         -->
         <!--<authenticator class="com.atlassian.crowd.integration.seraph.v25.BambooAuthenticator"/>-->


  6. Log in as the original admin user that was created when the instance was first established. If you are unable to recover the login details, follow the steps to restore the admin password.

CAPTCHA

If you get locked out by CAPTCHA as an admin user, disable CAPTCHA by following the steps in the resolution in the following KB:


Resolution

  • If this is a simple connection loss between Bamboo and the user server, fix the network issue blocking Bamboo from the user repo server.



DescriptionUsers are unable to login to Bamboo with errors surrounding the getUser() function or errors pertaining to a failure to communicate with either the Crowd or JIRA server that houses the userbase.

Last modified on Dec 3, 2019

Was this helpful?

Yes
No
Provide feedback about this article
Powered by Confluence and Scroll Viewport.