Cannot save changes to User Directories or add new directories

Still need help?

The Atlassian Community is here for you.

Ask the community


Platform Notice: Data Center Only - This article only applies to Atlassian products on the data center platform.

Summary


Unable to save directory configuration or add a new directory, a 500 error is thrown whenever a directory configuration is saved with the following stacktrace:

2021-06-21 10:49:43,929-0500 https-openssl-nio-8443-exec-5 ERROR user 649x351x1 4o2nfd 10.1.10.152 /plugins/servlet/embedded-crowd/configure/ldap/ [c.a.d.c.p.ciphers.algorithm.AlgorithmCipher] Exception thrown when encrypting: EncryptionParameters{plainTextPassword='<SANITIZED>', algorithm='AES/CBC/PKCS5Padding', algorithmKey='AES', algorithmParametersFilePath='null', keyFilePath='null', outputFilesBasePath='C:\Program Files\Atlassian\Application Data\JIRA\keys\', saveAlgorithmParametersToSeparateFile='false', saveSealedObjectToSeparateFile='false'}
java.lang.RuntimeException: java.io.FileNotFoundException: C:\Program Files\Atlassian\Application Data\JIRA\keys\javax.crypto.spec.SecretKeySpec_1624290583892 (The system cannot find the path specified)
at com.atlassian.db.config.password.ciphers.algorithm.serialization.SerializationFile.createFileAndSave(SerializationFile.java:26)
at com.atlassian.db.config.password.ciphers.algorithm.AlgorithmCipher.getKeyOrGenerateNewAndGet(AlgorithmCipher.java:245)
at com.atlassian.db.config.password.ciphers.algorithm.AlgorithmCipher.encrypt(AlgorithmCipher.java:178)
at com.atlassian.db.config.password.ciphers.algorithm.AlgorithmCipher.encrypt(AlgorithmCipher.java:114)
at com.atlassian.crowd.crypto.ClusterAwareCipherWrapper.encrypt(ClusterAwareCipherWrapper.java:48)
at com.atlassian.crowd.crypto.DbConfigPasswordCipherEncryptor.doEncrypt(DbConfigPasswordCipherEncryptor.java:87)
at com.atlassian.crowd.crypto.DbConfigPasswordCipherEncryptor.changeEncryptionKey(DbConfigPasswordCipherEncryptor.java:71)
at com.atlassian.jira.crowd.embedded.encryptors.MissingKeyLoggerEncryptor.changeEncryptionKey(MissingKeyLoggerEncryptor.java:47)
at com.atlassian.crowd.crypto.CachedEncryptor.changeEncryptionKey(CachedEncryptor.java:81)
at com.atlassian.crowd.crypto.SaltingEncryptor.changeEncryptionKey(SaltingEncryptor.java:56)
at com.atlassian.crowd.crypto.MissingKeyHandlingEncryptor.encrypt(MissingKeyHandlingEncryptor.java:24)
at com.atlassian.crowd.crypto.PrefixBasedSwitchableEncryptor.encrypt(PrefixBasedSwitchableEncryptor.java:45)
at com.atlassian.crowd.crypto.ClusterLockingEncryptor.lambda$encrypt$1(ClusterLockingEncryptor.java:27)
at com.atlassian.crowd.lock.ClusterLockWrapper.run(ClusterLockWrapper.java:43)
at com.atlassian.crowd.crypto.ClusterLockingEncryptor.encrypt(ClusterLockingEncryptor.java:27)
at com.atlassian.jira.crowd.embedded.encryptors.JiraEncryptor.encrypt(JiraEncryptor.java:35)
at com.atlassian.crowd.crypto.DirectoryPasswordsEncryptor.lambda$transformPasswordAttributes$0(DirectoryPasswordsEncryptor.java:32)
at java.util.HashMap.replaceAll(HashMap.java:1305)
at com.atlassian.crowd.crypto.DirectoryPasswordsEncryptor.transformPasswordAttributes(DirectoryPasswordsEncryptor.java:31)
at com.atlassian.crowd.crypto.DirectoryPasswordsEncryptor.encryptPasswords(DirectoryPasswordsEncryptor.java:25)
at com.atlassian.crowd.crypto.EncryptingDirectoryDAO.update(EncryptingDirectoryDAO.java:56)
at com.atlassian.crowd.manager.directory.DirectoryManagerGeneric.updateDirectory(DirectoryManagerGeneric.java:192)
at com.atlassian.crowd.embedded.core.CrowdDirectoryServiceImpl.updateDirectory(CrowdDirectoryServiceImpl.java:129)
...
...
Caused by: java.io.FileNotFoundException: C:\Program Files\Atlassian\Application Data\JIRA\keys\javax.crypto.spec.SecretKeySpec_1624290583892 (The system cannot find the path specified)
at java.io.FileOutputStream.open0(Native Method)
at java.io.FileOutputStream.open(FileOutputStream.java:270)
at java.io.FileOutputStream.<init>(FileOutputStream.java:213)
at java.io.FileOutputStream.<init>(FileOutputStream.java:101)
at com.atlassian.db.config.password.ciphers.algorithm.serialization.SerializationFile.createFileAndSave(SerializationFile.java:21)


Environment

  • Jira 8.17.x
  • Active Directory as User Directory

Cause

We couldn't replicate the problem locally, for some reason in some specific cases Jira is unable to encrypt the user DN password used to connect with Active Directory, it is trying to use a specific cipher from Crowd which is not available by default in Jira

Solution

The cipher file is provided by Crowd, you can download a Crowd Archive from https://www.atlassian.com/software/crowd/download-archive, once you configure a home folder and start Crowd you should be able to find the cipher located in: crowd-home/shared/keys/javax.crypto.spec.SecretKeySpec_*
You can then copy this file to the path thrown in the error from Jira logs and restart Jira, Jira will be able to encrypt the passwords then.



Last modified on Sep 9, 2021

Was this helpful?

Yes
No
Provide feedback about this article
Powered by Confluence and Scroll Viewport.