Unable to log in to Crowd while authentication to the connected applications is fine
Problem
All of sudden, user is unable to login to Crowd Console. However, user can login to the applications that use Crowd for authentication without any problem.
The following appears in the atlassian-crowd.log
2015-03-09 08:12:56,131 http-8095-2 ERROR [crowd.integration.springsecurity.CrowdSSOAuthenticationProcessingFilter] Unable to unset Crowd SSO token
org.codehaus.xfire.XFireRuntimeException: Could not invoke service.. Nested exception is org.codehaus.xfire.fault.XFireFault: Couldn't send message.
org.codehaus.xfire.fault.XFireFault: Couldn't send message.
at org.codehaus.xfire.fault.XFireFault.createFault(XFireFault.java:89)
at org.codehaus.xfire.handler.OutMessageSender.invoke(OutMessageSender.java:30)
at org.codehaus.xfire.handler.HandlerPipeline.invoke(HandlerPipeline.java:131)
at org.codehaus.xfire.client.Invocation.invoke(Invocation.java:79)
at org.codehaus.xfire.client.Invocation.invoke(Invocation.java:114)
at org.codehaus.xfire.client.Client.invoke(Client.java:336)
at org.codehaus.xfire.client.XFireProxy.handleRequest(XFireProxy.java:77)
at org.codehaus.xfire.client.XFireProxy.invoke(XFireProxy.java:57)
at $Proxy139.authenticateApplication(Unknown Source)
at com.atlassian.crowd.service.soap.client.SecurityServerClientImpl.authenticate(SecurityServerClientImpl.java:229)
at com.atlassian.crowd.service.soap.client.SecurityServerClientImpl.getSoapApplicationToken(SecurityServerClientImpl.java:214)
at com.atlassian.crowd.service.soap.client.SecurityServerClientImpl.invalidateToken(SecurityServerClientImpl.java:325)
at com.atlassian.crowd.service.cache.CacheAwareAuthenticationManager.invalidate(CacheAwareAuthenticationManager.java:96)
at com.atlassian.crowd.integration.http.HttpAuthenticatorImpl.logoff(HttpAuthenticatorImpl.java:289)
at com.atlassian.crowd.integration.springsecurity.CrowdSSOAuthenticationProcessingFilter.onUnsuccessfulAuthentication(CrowdSSOAuthenticationProcessingFilter.java:242)
...
Caused by: org.codehaus.xfire.XFireException: Couldn't send message.
at org.codehaus.xfire.transport.http.HttpChannel.sendViaClient(HttpChannel.java:145)
at org.codehaus.xfire.transport.http.HttpChannel.send(HttpChannel.java:48)
at org.codehaus.xfire.handler.OutMessageSender.invoke(OutMessageSender.java:26)
... 75 more
Caused by: java.net.ConnectException: Connection timed out: connect
at java.net.PlainSocketImpl.socketConnect(Native Method)
at java.net.PlainSocketImpl.doConnect(PlainSocketImpl.java:333)
at java.net.PlainSocketImpl.connectToAddress(PlainSocketImpl.java:195)
at java.net.PlainSocketImpl.connect(PlainSocketImpl.java:182)
at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:366)
at java.net.Socket.connect(Socket.java:529)
at java.net.Socket.connect(Socket.java:478)
at java.net.Socket.<init>(Socket.java:375)
at java.net.Socket.<init>(Socket.java:249)
at org.apache.commons.httpclient.protocol.DefaultProtocolSocketFactory.createSocket(DefaultProtocolSocketFactory.java:80)
at org.apache.commons.httpclient.protocol.DefaultProtocolSocketFactory.createSocket(DefaultProtocolSocketFactory.java:122)
at org.apache.commons.httpclient.HttpConnection.open(HttpConnection.java:707)
at org.apache.commons.httpclient.MultiThreadedHttpConnectionManager$HttpConnectionAdapter.open(MultiThreadedHttpConnectionManager.java:1361)
at org.apache.commons.httpclient.HttpMethodDirector.executeWithRetry(HttpMethodDirector.java:387)
at org.apache.commons.httpclient.HttpMethodDirector.executeMethod(HttpMethodDirector.java:171)
at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:397)
at org.codehaus.xfire.transport.http.CommonsHttpMessageSender.send(CommonsHttpMessageSender.java:369)
at org.codehaus.xfire.transport.http.HttpChannel.sendViaClient(HttpChannel.java:123)
... 77 more
Diagnosis
Environment
- Crowd SSO is enabled
Cause
- The Crowd server's IP address has changed or the domain name in
crowd.properties
is incorrect. - An expired Crowd SSL certificate can also generate similar warnings along with other SSL specific details such as PKIX errors.
Resolution 1
- Modify the crowd.server.url property in
<crowd-home-directory>/crowd.properties
file to have the correct IP address or domain name for Crowd - If the issue persists, contact Atlassian Support at https://support.atlassian.com/
Resolution 2
- Confirm your Crowd SSL certificate expiry date and update accordingly with the following article https://confluence.atlassian.com/crowd/configuring-crowd-to-work-with-ssl-151520306.html
Last modified on Jan 4, 2023
Powered by Confluence and Scroll Viewport.