Crowd login fails when running two Crowd instances on the same domain

Still need help?

The Atlassian Community is here for you.

Ask the community

Platform Notice: Server and Data Center Only - This article only applies to Atlassian products on the server and data center platforms.


It is always a good practice to have a Production environment as well a Test/Staging/Dev environment. If you happen to have two Crowd instances running in the same domain and you might notice that you are able to login to one instance but not the other.

The symptom of the issue will be that you login to Crowd Production and everything looks good, then you try to login to Crowd Dev and it keeps on redirecting back to the login page.



  • Crowd Production:
  • Crowd Dev:

Diagnostic Steps

In order to investigate the issue, you will need to look at the following:

  1. HAR file to check whether the request is reaching the server or not
  2. Next step, double check in the response from the login action that you are getting a JSESSIONID and crowd.token.key cookie
  3. Try to login with wrong credentials and you should get an error Invalid Login this will verify that you are able to access the server and that Crowd server is working as intended
  4. Enable DEBUG Logging on Crowd 
    (warning) Please note that this logging is super noisy and it will quickly fill up your log files. Make sure to disable that once you identify the issue
    In the logs, you will notice the following cookies being sent by the browser:

    2017-11-08 13:49:45,544 http-bio-8095-exec-7 DEBUG [integration.http.util.CrowdHttpTokenHelperImpl] Cookie name/value: JSESSIONID / 28A6DF056DF1DBD3336BBA69DEBFBCBF
    2017-11-08 13:49:45,544 http-bio-8095-exec-7 DEBUG [integration.http.util.CrowdHttpTokenHelperImpl] Cookie name/value: crowd.token_key / DTMlYimNr0HHwyI8p0xmyA00
    2017-11-08 13:49:45,544 http-bio-8095-exec-7 DEBUG [integration.http.util.CrowdHttpTokenHelperImpl] Cookie name/value: crowd.token_key / nA6uRsJ4Li63eeb64atVDg00
    2017-11-08 13:49:45,544 http-bio-8095-exec-7 DEBUG [integration.http.util.CrowdHttpTokenHelperImpl] Cookie name/value: AWSALB / /eldlBkVmsHOtghOKOrvFAN6nObMEBCji2dXBvWo7EVY2P6e6lo1aj9yef4IEvP5XVdrqwC1480b+n3v9uutkmTL6ixPmeCKG2dBY5XcaZT6wQLMr/c8TLe/CKWD


As you can see the above logs show that you have two crowd.token_key cookies in your browser. The browser, in this case, will get confused as to which cookie to select since both Production and Dev instance belong to the domain and that causes the redirection to the login page on the Dev instance


You can resolve this problem using one of the below suggestions:

Resolution 1 - Change the crowd token cookie name

Since we have a duplicate cookie name belonging to the same domain, we will need to specify a different crowd token cookie for the Dev instance. To do that, please follow the below steps:

  1. Log in to the Dev instance using the IP and port
  2. Go to Settings -> General
  3. Change the SSO Cookie name from the default value crowd.token_key to crowd_dev.token_key or any other name that is different than the Production instance
  4. Update the settings 
  5. You should be able to login successfully to both Production and Dev instances without any problems


Resolution 2 - Move Dev instance to a different domain

You can also change the Crowd Dev domain to something other than in order to avoid this issue. You could configure it to and that would not confuse the browser as the Crowd Dev domain is not



Last modified on Nov 8, 2017

Was this helpful?

Provide feedback about this article
Powered by Confluence and Scroll Viewport.