Unable to create an API Token in an On-Premise Jira Align instance
Summary
When working in an On-Premise Jira Align instance, clicking Generate API Token (in the User Profile), errors with the following message:
“There was a problem displaying the API Token”
Additionally, clicking the OK button in the message pop-up does not show the details of any newly created tokens, resulting in users being unable to make REST API calls
Environment
Jira Align Self-Hosted
Diagnosis
The Jira Align ASP & ASPNET logs did not capture any error
The Windows Event Logs (Application & System) did not capture any error
The Internet Information Services (IIS) u_ex*.log files did capture a 404 HTTP status code, against PUT requests to the /api/users/me/apitoken endpoint made by EditMyProfileApiToken.asp. The following text and image is an example of the specific log entry:
2023-05-16 09:20:44 xxx.xxx.xxx.xxx PUT /api/users/me/apitoken - 443 - xxx.xxx.xxx.xxx Mozilla/5.0+(Windows+NT+10.0;+Win64;+x64)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/113.0.0.0+Safari/537.36
https://jiraalign.XXXcorp.com/EditMyProfileApiToken 404 6 0 3
HTTP 404 status codes are in indication that communication with the server was successful but that the requested item could not be found (or could not be accessed) - the substatus code of 6 that follows the 404 code is also important (see cause section below)
Further troubleshooting using Postman identified that GET requests were successful, however all PUT requests made into the Jira Align instance failed with a 404 error
Checking for possible activity by Firewall, Security or Anti-Virus software installed on the Jira Align web server returned no activity
Cause
As the 404 status code is generic, there may be more than one possible cause, including:
Actions by Firewall or Security Software running on the Jira Align Web Server that might be blocking REST API PUT requests
Incorrect verbs being specified in the <handlers> section of the web.config file
IIS being configured with either the IIS Server or the Jira Align Site (or both) being configured with HTTP Verbs filters in the Request Filtering configuration (as shown in the below image). Revisiting the IIS log(provided above) the substatus code that immediately follows the 404 status code then becomes key as if this digit is a the number 6 then it is indicative of issues with the HTTP Verbs filters.
Solution
Check for activity by firewall or security software: If PUT requests are found to be being blocked, arrange for the software in question to be reconfigured
Check the <handlers> section in the web.config file for the Jira Align Site - the following line should be present and contain verb=”*” to indicate that all verbs are enabled
<add name="ExtensionlessUrlHandler-Integrated-4.0" path="*." verb="*" type="System.Web.Handlers.TransferRequestHandler" preCondition="integratedMode,runtimeVersionv4.0" />Check the <security> section in the web.config file for the Jira Align Site - does it contain any requestFiltering verbs (as it should not). If any are found, do not edit the web.config file manually as it is better to use the IIS Manager
This is not a definitive check as the verbs being present in this section of the web.config may depend on where and when the HTTP Verbs were set in IISOpen the IIS Manager console
- Click on the Jira Align Site and then open Request Filtering (found in the IIS section)
Click on the HTTP Verbs tab
Remove all filters for verbs (whether Allowed = True or False) so that the screen looks like the below image
- In the right side Actions Menu on the same screen, click on Edit Feature Settings… and make sure that Allow unlisted verbs is checked/enabled (correct this and click OK if it is not)
Repeat from Step 5 but select the Overall IIS server instead of the Jira Align Site
Restart the IIS Server (select the Overall IIS server again and use the Restart option near the top of the right side bar)