Unable to connect to JIRA for authentication - Forbidden 403

Symptoms

When trying to integrate Stash to JIRA for user management as described at Connecting Stash to JIRA for user management, it fails with either of the following errors in atlassian-stash.log:

2014-07-31 09:03:44,168 ERROR [http-bio-7990-exec-5] Csmarkus @1QMMOPRx543x995x0 8qk0ii 192.168.1.1 "POST /plugins/servlet/embedded-crowd/configure/jira/ HTTP/1.1" c.a.c.e.a.ConfigurationController Configuration test failed for user directory: [ JIRA Server], type: [ CROWD ]
com.atlassian.crowd.exception.runtime.OperationFailedException: com.atlassian.crowd.exception.ApplicationPermissionException: Forbidden (403) Encountered a "403 - Forbidden" error while loading this page. Go to JIRA home
	at com.atlassian.crowd.embedded.core.CrowdDirectoryServiceImpl.testConnection(CrowdDirectoryServiceImpl.java:78) ~[embedded-crowd-core-2.7.2.jar:na]
	at com.atlassian.stash.internal.crowd.SecureCrowdDirectoryServiceImpl.testConnection(SecureCrowdDirectoryServiceImpl.java:52) ~[stash-service-impl-3.2.0.jar:na]
	...
Caused by: com.atlassian.crowd.exception.ApplicationPermissionException: Forbidden (403) Encountered a "403 - Forbidden" error while loading this page. Go to JIRA home
	...

Or:

2013-02-25 18:46:40,671 ERROR [http-bio-7990-exec-7] kahloun.foong 1126x118x1 jx9vwz 0:0:0:0:0:0:0:1%0 "POST /plugins/servlet/embedded-crowd/configure/jira/ HTTP/1.1" c.a.c.e.a.ConfigurationController Configuration test failed for user directory: [ JIRA Server], type: [ CROWD ]
com.atlassian.crowd.exception.runtime.OperationFailedException: com.atlassian.crowd.exception.ApplicationPermissionException: <!DOCTYPE html>
<html>
<head>
    <title>Forbidden (403)</title>
...
</head>
<body id="jira" class="aui-layout aui-style-default page-type-message">
<div id="page">
    <header id="header" role="banner">
        <nav class="global" role="navigation">
            <div class="primary">
                <h1 id="logo"><a href="/secure/MyJiraHome.jspa"><img src="/images/jira111x30.png" width="111" height="30" alt="Your Company JIRA" /></a></h1>
            </div>
        </nav>
    </header>
    <section id="content" role="main">
        <header><h1>Forbidden (403)</h1></header>
        <div class="content-container">
            <div class="content-body">
                <p>Encountered a <code>403 - Forbidden</code> error while loading this page.</p>
                <p><a href="/secure/MyJiraHome.jspa">JIRA home</a></p>
            </div>
        </div>
    </section>
</div>
</body>
</html>
	at com.atlassian.crowd.embedded.core.CrowdDirectoryServiceImpl.testConnection(CrowdDirectoryServiceImpl.java:78) ~[embedded-crowd-core-2.5.3-m1.jar:na]
	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[na:1.6.0_37]
...
Caused by: com.atlassian.crowd.exception.ApplicationPermissionException: <!DOCTYPE html>

Cause

Stash server could not connect or access to JIRA server due to the following cause:

  1. JIRA does not include Stash server IP address in JIRA User Server settings
  2. JIRA has not whitelisted Stash server or IP address, despite both of them located within same server. 
  3. There is a proxy or firewall that blocks such access from Stash to JIRA.

Resolution

  • Ensure that Stash server URL (or IP address) has been added to JIRA User Server or whitelist settings
  • Configure any proxy or firewall (rules blocking the access, NAT or PAT etc.) that might block such access. You might want to follow this method Configuring Web Proxy Support for Confluence ore review the rules in your firewall or even the logs to see if these packages are being dropped.

  • Try bypassing the proxy. For instance, if both JIRA and Stash are on the same server, use 127.0.0.1 to connect, instead. On JIRA User Server:

    • "Step 1: Set up JIRA to allow connections from Stash", item 5, configure the following IPs:

      127.0.0.1
      ::1
      your.hostname
    • "Step 2: Set up Stash to connect to JIRA", item 4, configure http://127.0.0.1:8080/jira on the "Server URL" settings.

    • Alternatively, use the IPs of Stash and JIRA if they have direct connection to each other through the network.

Last modified on Nov 2, 2018

Was this helpful?

Yes
No
Provide feedback about this article
Powered by Confluence and Scroll Viewport.