Application links is not working due to NTLM authentication error

Platform Notice: Data Center Only - This article only applies to Atlassian products on the Data Center platform.

Note that this KB was created for the Data Center version of the product. Data Center KBs for non-Data-Center-specific features may also work for Server versions of the product, however they have not been tested. Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.

*Except Fisheye and Crucible

Issue

Admins try to create an application link between Jira and Confluence but it fails with the NTLM authentication error in the UNIX-based environments. The log snippet below can be seen in the logs:

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 2023-05-18 15:42:53,987+1000 http-nio-8084-exec-24 WARN xxxx 942x24996x2 1n1gz2x 10.220.212.112 /rest/applinks/3.0/applinks [o.a.h.impl.auth.HttpAuthenticator] NTLM authentication error: Credentials cannot be used for NTLM authentication: org.apache.http.auth.UsernamePasswordCredentials 2023-05-18 15:42:54,229+1000 AppLinks ConcurrentExecutor:thread-1 WARN xxxx 942x25002x1 1n1gz2x 10.220.212.112 /rest/applinks/3.0/listApplicationlinks [o.a.h.impl.auth.HttpAuthenticator] NTLM authentication error: Credentials cannot be used for NTLM authentication: org.apache.http.auth.UsernamePasswordCredentials 2023-05-18 15:42:54,462+1000 AppLinks ConcurrentExecutor:thread-1 WARN xxxx 942x25002x1 1n1gz2x 10.220.212.112 /rest/applinks/3.0/listApplicationlinks [o.a.h.impl.auth.HttpAuthenticator] NTLM authentication error: Credentials cannot be used for NTLM authentication: org.apache.http.auth.UsernamePasswordCredentials 2023-05-18 15:42:54,507+1000 AppLinks ConcurrentExecutor:thread-1 WARN xxxx 942x25002x1 1n1gz2x 10.220.212.112 /rest/applinks/3.0/listApplicationlinks [o.a.h.impl.auth.HttpAuthenticator] NTLM authentication error: Credentials cannot be used for NTLM authentication: org.apache.http.auth.UsernamePasswordCredentials ... ... ... 2023-05-18 15:43:05,551+1000 http-nio-8084-exec-21 ERROR xxxx 943x25018x1 1n1gz2x 10.220.212.112 /plugins/servlet/applinks/oauth/login-dance/authorize [c.a.a.oauth.auth.OAuthApplinksServlet] An error occurred when performing the oauth 'dance' for application link 'Confluence (6c965259-e1d4-3f19-bfc4-c8e82495d78d) http://localhost:8094 confluence' com.atlassian.oauth.consumer.OAuthConsumerNotFoundException: Consumer with key '' could not be found at com.atlassian.oauth.consumer.core.ConsumerServiceImpl.getConsumerAndSecret(ConsumerServiceImpl.java:133) at com.atlassian.oauth.consumer.core.ConsumerServiceImpl.sign(ConsumerServiceImpl.java:119) at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(Unknown Source) at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source) at java.base/java.lang.reflect.Method.invoke(Unknown Source) at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:344) at org.eclipse.gemini.blueprint.service.importer.support.internal.aop.ServiceInvoker.doInvoke(ServiceInvoker.java:56) at org.eclipse.gemini.blueprint.service.importer.support.internal.aop.ServiceInvoker.invoke(ServiceInvoker.java:60) at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:186) at org.springframework.aop.support.DelegatingIntroductionInterceptor.doProceed(DelegatingIntroductionInterceptor.java:137) ... ... ... 2023-05-18 15:43:28,126+1000 AppLinks ConcurrentExecutor:thread-1 WARN xxxx 942x25002x1 1n1gz2x 10.220.212.112 /rest/applinks/3.0/listApplicationlinks [o.a.h.impl.auth.HttpAuthenticator] NTLM authentication error: Credentials cannot be used for NTLM authentication: org.apache.http.auth.UsernamePasswordCredentials 2023-05-18 15:43:28,157+1000 AppLinks ConcurrentExecutor:thread-1 WARN xxxx 942x25002x1 1n1gz2x 10.220.212.112 /rest/applinks/3.0/listApplicationlinks [o.a.h.impl.auth.HttpAuthenticator] NTLM authentication error: Credentials cannot be used for NTLM authentication: org.apache.http.auth.UsernamePasswordCredentials 2023-05-18 15:43:36,239+1000 http-nio-8084-exec-24 WARN xxxx 943x25075x1 1e07cu5 10.220.212.112 /rest/applinks/3.0/relocateApplicationlink/6c965259-e1d4-3f19-bfc4-c8e82495d78d [o.a.h.impl.auth.HttpAuthenticator] NTLM authentication error: Credentials cannot be used for NTLM authentication: org.apache.http.auth.UsernamePasswordCredentials 2023-05-18 15:43:38,111+1000 http-nio-8084-exec-1 WARN xxxx 943x25076x1 1e07cu5 10.220.212.112 /rest/applinks/3.0/relocateApplicationlink/6c965259-e1d4-3f19-bfc4-c8e82495d78d [o.a.h.impl.auth.HttpAuthenticator] NTLM authentication error: Credentials cannot be used for NTLM authentication: org.apache.http.auth.UsernamePasswordCredentials 2023-05-18 15:43:38,209+1000 http-nio-8084-exec-1 INFO xxxx 943x25076x1 1e07cu5 10.220.212.112 /rest/applinks/3.0/relocateApplicationlink/6c965259-e1d4-3f19-bfc4-c8e82495d78d [c.a.c.e.c.a.a.core.DefaultReadOnlyApplicationLinkService.links] Cache com.atlassian.applinks.core.DefaultReadOnlyApplicationLinkService.links was flushed 2023-05-18 15:43:38,598+1000 AppLinks ConcurrentExecutor:thread-1 WARN xxxx 942x25002x1 1n1gz2x 10.220.212.112 /rest/applinks/3.0/listApplicationlinks [o.a.h.impl.auth.HttpAuthenticator] NTLM authentication error: Credentials cannot be used for NTLM authentication: org.apache.http.auth.UsernamePasswordCredentials 2023-05-18 15:43:46,813+1000 http-nio-8084-exec-15 WARN xxxx 943x25083x2 1e07cu5 10.220.212.112 /rest/applinks/3.0/applicationlinkForm/manifest.json [o.a.h.impl.auth.HttpAuthenticator] NTLM authentication error: Credentials cannot be used for NTLM authentication: org.apache.http.auth.UsernamePasswordCredentials 2023-05-18 15:43:46,831+1000 http-nio-8084-exec-15 ERROR xxxx 943x25083x2 1e07cu5 10.220.212.112 /rest/applinks/3.0/applicationlinkForm/manifest.json [c.a.a.c.rest.ui.CreateApplicationLinkUIResource] ManifestNotFoundException thrown while retrieving manifest com.atlassian.applinks.spi.manifest.ManifestNotFoundException: com.atlassian.applinks.core.manifest.AppLinksManifestDownloader$ManifestGotRedirectedException: manifest got redirected at com.atlassian.applinks.core.manifest.AppLinksManifestDownloader.doDownload(AppLinksManifestDownloader.java:207) at com.atlassian.applinks.core.manifest.AppLinksManifestDownloader.access$000(AppLinksManifestDownloader.java:52) at com.atlassian.applinks.core.manifest.AppLinksManifestDownloader$1$1.<init>(AppLinksManifestDownloader.java:129) ... ... ... Caused by: com.atlassian.applinks.core.manifest.AppLinksManifestDownloader$ManifestGotRedirectedException: manifest got redirected at com.atlassian.applinks.core.manifest.AppLinksManifestDownloader$2.handle(AppLinksManifestDownloader.java:184) at com.atlassian.plugins.rest.module.jersey.JerseyRequest$1.handle(JerseyRequest.java:115) at com.atlassian.plugins.rest.module.jersey.JerseyRequest$1.handle(JerseyRequest.java:113) at com.atlassian.plugins.rest.module.jersey.JerseyRequest$2.handle(JerseyRequest.java:134) at com.atlassian.sal.core.net.HttpClientRequest.executeAndReturn(HttpClientRequest.java:117) at com.atlassian.plugins.rest.module.jersey.JerseyRequest.execute(JerseyRequest.java:113) at com.atlassian.applinks.core.manifest.AppLinksManifestDownloader.doDownload(AppLinksManifestDownloader.java:174) ... 322 more

Cause:

According to the documentation, the following authentication schemes are supported: Basic, Digest, NTLM, SPNEGO, Kerberos

In particular: NTLM is a proprietary authentication scheme developed by Microsoft and optimized for Windows platforms. NTLM is believed to be more secure than Digest.

The problem happens when this authentication method is used in the outbound proxies.

Resolution

  1. Change the proxy authentication method to one of the supported ones (e.g Kerberos)

  2. Disable the authentication method on the proxy

  3. Remove proxy details from your Jira configurations (in JRA_INSTALL/bin/setenv.sh)

Updated on April 8, 2025
Platform
Data Center only
Product
Jira Software Data Center
On this pageIssueCause:Resolution

Still need help?

The Atlassian Community is here for you.
Ask the Community