PasswordEncoderNotFoundException during login after restoring from Cloud Export
Platform notice: Server and Data Center only. This article only applies to Atlassian products on the Server and Data Center platforms.
Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.
*Except Fisheye and Crucible
Problem
After restoring a Cloud export to JIRA Server, you find that you are unable to login as any user.
The following appears in the atlassian-jira.log
2017-06-22 10:28:00,568 http-nio-8080-exec-6 ERROR [o.a.c.c.C.[.[localhost].[/].[default]] Servlet.service() for servlet [default] in context with path [] threw exception
com.atlassian.crowd.exception.PasswordEncoderNotFoundException: You cannot get a null password encoder from the factory
at com.atlassian.crowd.password.factory.PasswordEncoderFactoryImpl.checkArgument(PasswordEncoderFactoryImpl.java:158)
at com.atlassian.crowd.password.factory.PasswordEncoderFactoryImpl.getInternalEncoder(PasswordEncoderFactoryImpl.java:55)
at com.atlassian.crowd.directory.AbstractInternalDirectory.authenticate(AbstractInternalDirectory.java:419)
at com.atlassian.crowd.directory.AbstractInternalDirectory.processAuthentication(AbstractInternalDirectory.java:256)
at com.atlassian.crowd.directory.AbstractInternalDirectory.authenticate(AbstractInternalDirectory.java:222)
at com.atlassian.crowd.manager.directory.DirectoryManagerGeneric.authenticateUser(DirectoryManagerGeneric.java:311)
at com.atlassian.crowd.manager.application.ApplicationServiceGeneric.authenticateUser(ApplicationServiceGeneric.java:198)
at com.atlassian.crowd.embedded.core.CrowdServiceImpl.authenticate(CrowdServiceImpl.java:75)
at com.atlassian.jira.security.login.JiraSeraphAuthenticator.crowdServiceAuthenticate(JiraSeraphAuthenticator.java:75)
at com.atlassian.jira.security.login.JiraSeraphAuthenticator.authenticate(JiraSeraphAuthenticator.java:49)
at com.atlassian.seraph.auth.DefaultAuthenticator.login(DefaultAuthenticator.java:88)
... 13 filtered
at com.atlassian.plugins.rest.module.servlet.RestSeraphFilter.doFilter(RestSeraphFilter.java:37)
... 20 filtered
at com.atlassian.jira.servermetrics.CorrelationIdPopulatorFilter.doFilter(CorrelationIdPopulatorFilter.java:30)
... 10 filtered
at com.atlassian.web.servlet.plugin.request.RedirectInterceptingFilter.doFilter(RedirectInterceptingFilter.java:21)
... 4 filtered
at com.atlassian.web.servlet.plugin.LocationCleanerFilter.doFilter(LocationCleanerFilter.java:36)
... 29 filtered
at com.atlassian.jira.servermetrics.MetricsCollectorFilter.doFilter(MetricsCollectorFilter.java:25)
... 28 filtered
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
at java.lang.Thread.run(Thread.java:745)
Diagnosis
Diagnostic Steps
Check to see if there is any data in the
cwd_directory_attribute
table:select * from cwd_directory_attribute;
Or, examine the
entities.xml
file in your Cloud export, looking for a row like this (it's probably missing):<DirectoryAttribute directoryId="1" name="user_encryption_method" value="atlassian-security"/>
Cause
It appears that this data isn't being correctly exported for some Cloud instances: - JRACLOUD-67061Getting issue details... STATUS
Workaround
To workaround this, we can insert the missing data to JIRA's database:
First, confirm that the directory ID for JIRA's Internal user directory is "1":
select * from cwd_directory;
If the ID from above isn't '1', then update the query below accordingly, otherwise, run this to add the missing but required attribute into JIRA's database:
Always back up your data before performing any modifications to the database. If possible, test any alter, insert, update, or delete SQL commands on a staging server first.
INSERT INTO cwd_directory_attribute ("directory_id","attribute_name","attribute_value") VALUES ('1','user_encryption_method','atlassian-security');
Restart JIRA