Unable to log in to Crowd while authentication to the connected applications is fine
問題
All of sudden, user is unable to login to Crowd Console. However, user can login to the applications that use Crowd for authentication without any problem.
atlassian-crowd.log に次のメッセージが出力される。
2015-03-09 08:12:56,131 http-8095-2 ERROR [crowd.integration.springsecurity.CrowdSSOAuthenticationProcessingFilter] Unable to unset Crowd SSO token
org.codehaus.xfire.XFireRuntimeException: Could not invoke service.. Nested exception is org.codehaus.xfire.fault.XFireFault: Couldn't send message.
org.codehaus.xfire.fault.XFireFault: Couldn't send message.
at org.codehaus.xfire.fault.XFireFault.createFault(XFireFault.java:89)
at org.codehaus.xfire.handler.OutMessageSender.invoke(OutMessageSender.java:30)
at org.codehaus.xfire.handler.HandlerPipeline.invoke(HandlerPipeline.java:131)
at org.codehaus.xfire.client.Invocation.invoke(Invocation.java:79)
at org.codehaus.xfire.client.Invocation.invoke(Invocation.java:114)
at org.codehaus.xfire.client.Client.invoke(Client.java:336)
at org.codehaus.xfire.client.XFireProxy.handleRequest(XFireProxy.java:77)
at org.codehaus.xfire.client.XFireProxy.invoke(XFireProxy.java:57)
at $Proxy139.authenticateApplication(Unknown Source)
at com.atlassian.crowd.service.soap.client.SecurityServerClientImpl.authenticate(SecurityServerClientImpl.java:229)
at com.atlassian.crowd.service.soap.client.SecurityServerClientImpl.getSoapApplicationToken(SecurityServerClientImpl.java:214)
at com.atlassian.crowd.service.soap.client.SecurityServerClientImpl.invalidateToken(SecurityServerClientImpl.java:325)
at com.atlassian.crowd.service.cache.CacheAwareAuthenticationManager.invalidate(CacheAwareAuthenticationManager.java:96)
at com.atlassian.crowd.integration.http.HttpAuthenticatorImpl.logoff(HttpAuthenticatorImpl.java:289)
at com.atlassian.crowd.integration.springsecurity.CrowdSSOAuthenticationProcessingFilter.onUnsuccessfulAuthentication(CrowdSSOAuthenticationProcessingFilter.java:242)
...
Caused by: org.codehaus.xfire.XFireException: Couldn't send message.
at org.codehaus.xfire.transport.http.HttpChannel.sendViaClient(HttpChannel.java:145)
at org.codehaus.xfire.transport.http.HttpChannel.send(HttpChannel.java:48)
at org.codehaus.xfire.handler.OutMessageSender.invoke(OutMessageSender.java:26)
... 75 more
Caused by: java.net.ConnectException: Connection timed out: connect
at java.net.PlainSocketImpl.socketConnect(Native Method)
at java.net.PlainSocketImpl.doConnect(PlainSocketImpl.java:333)
at java.net.PlainSocketImpl.connectToAddress(PlainSocketImpl.java:195)
at java.net.PlainSocketImpl.connect(PlainSocketImpl.java:182)
at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:366)
at java.net.Socket.connect(Socket.java:529)
at java.net.Socket.connect(Socket.java:478)
at java.net.Socket.<init>(Socket.java:375)
at java.net.Socket.<init>(Socket.java:249)
at org.apache.commons.httpclient.protocol.DefaultProtocolSocketFactory.createSocket(DefaultProtocolSocketFactory.java:80)
at org.apache.commons.httpclient.protocol.DefaultProtocolSocketFactory.createSocket(DefaultProtocolSocketFactory.java:122)
at org.apache.commons.httpclient.HttpConnection.open(HttpConnection.java:707)
at org.apache.commons.httpclient.MultiThreadedHttpConnectionManager$HttpConnectionAdapter.open(MultiThreadedHttpConnectionManager.java:1361)
at org.apache.commons.httpclient.HttpMethodDirector.executeWithRetry(HttpMethodDirector.java:387)
at org.apache.commons.httpclient.HttpMethodDirector.executeMethod(HttpMethodDirector.java:171)
at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:397)
at org.codehaus.xfire.transport.http.CommonsHttpMessageSender.send(CommonsHttpMessageSender.java:369)
at org.codehaus.xfire.transport.http.HttpChannel.sendViaClient(HttpChannel.java:123)
... 77 more
診断
環境
- Crowd SSO is enabled
原因
- The Crowd server's IP address has changed or the domain name in
crowd.propertiesis incorrect. - An expired Crowd SSL certificate can also generate similar warnings along with other SSL specific details such as PKIX errors.
ソリューション 1
- Modify the crowd.server.url property in
<crowd-home-directory>/crowd.propertiesfile to have the correct IP address or domain name for Crowd - If the issue persists, contact Atlassian Support at https://support.atlassian.com/ja/
ソリューション 2
- Confirm your Crowd SSL certificate expiry date and update accordingly with the following article https://confluence.atlassian.com/crowd/configuring-crowd-to-work-with-ssl-151520306.html
最終更新日: 2023 年 1 月 4 日
Powered by Confluence and Scroll Viewport.