OAuth を使用する際に、Jira Server のログで IMAP セットアップが AUTHENTICATE Failed エラーで失敗する

お困りですか?

アトラシアン コミュニティをご利用ください。

コミュニティに質問

問題

When trying to set up an IMAP service for JIRA applications notifications, you get an error AUTHENTICATE Failed. After enabling mail debugging, the following appears in the logs:

[Alerts Incident] Caesium-1-3 anonymous    Incident ITSM  * OK The Microsoft Exchange IMAP4 service is ready. [QWxhZGRpbjpvcGVuIHNlc2FtZQ==]
[Alerts Incident] Caesium-1-3 anonymous    Incident ITSM  IUR0 CAPABILITY
[Alerts Incident] Caesium-1-3 anonymous    Incident ITSM  * CAPABILITY IMAP4 IMAP4rev1 AUTH=PLAIN AUTH=XOAUTH2 SASL-IR UIDPLUS MOVE ID UNSELECT CHILDREN IDLE NAMESPACE LITERAL+
[Alerts Incident] Caesium-1-3 anonymous    Incident ITSM  IUR0 OK CAPABILITY completed.
IMAPS: AUTH: PLAIN
IMAPS: AUTH: XOAUTH2
IMAPS: protocolConnect login, host=outlook.office365.com, user=user_name@atl.onmicrosoft.com, password=<non-null>
IMAPS: AUTHENTICATE PLAIN command trace suppressed
IMAPS: AUTHENTICATE PLAIN command result: IUR1 NO AUTHENTICATE failed.
IMAPS: trying to connect to host "outlook.office365.com", port 993, isSSL true
[Alerts Incident] Caesium-1-3 anonymous    Incident ITSM  * OK The Microsoft Exchange IMAP4 service is ready. [QWxhZGRpbjpvcGVuIHNlc2FtZQ==]
[Alerts Incident] Caesium-1-3 anonymous    Incident ITSM  IUS0 CAPABILITY
[Alerts Incident] Caesium-1-3 anonymous    Incident ITSM  * CAPABILITY IMAP4 IMAP4rev1 AUTH=PLAIN AUTH=XOAUTH2 SASL-IR UIDPLUS ID UNSELECT CHILDREN IDLE NAMESPACE LITERAL+
[Alerts Incident] Caesium-1-3 anonymous    Incident ITSM  IUS0 OK CAPABILITY completed.
IMAPS: AUTH: PLAIN
IMAPS: AUTH: XOAUTH2
IMAPS: protocolConnect login, host=outlook.office365.com, user=user_name@atl.onmicrosoft.com, password=<non-null>
IMAPS: AUTHENTICATE PLAIN command trace suppressed
IMAPS: AUTHENTICATE PLAIN command result: IUS1 NO AUTHENTICATE failed. 

The following warning will also be in the atlassian-jira-incoming-mail.log:

 WARN [Alerts Incident] Caesium-1-3 anonymous    Incident ITSM  Incident ITSM [10900]: javax.mail.AuthenticationFailedException: AUTHENTICATE failed. while connecting to host "outlook.office365.com" as user "user_name@atl.onmicrosoft.com" via protocol "SECURE_IMAP": javax.mail.AuthenticationFailedException: AUTHENTICATE failed.
javax.mail.AuthenticationFailedException: AUTHENTICATE failed.
	at com.sun.mail.imap.IMAPStore.protocolConnect(IMAPStore.java:708) [jakarta.mail-1.6.5.jar:1.6.5]
	at javax.mail.Service.connect(Service.java:364) [jakarta.mail-1.6.5.jar:1.6.5]
	at javax.mail.Service.connect(Service.java:222) [jakarta.mail-1.6.5.jar:1.6.5]
	at javax.mail.Service.connect(Service.java:243) [jakarta.mail-1.6.5.jar:1.6.5]
	at com.atlassian.mail.server.InternalAuthenticationContext.connectService(InternalAuthenticationContext.java:58) [atlassian-mail-5.0.3.jar:?]
	at com.atlassian.mail.server.AbstractMailServer.smartConnect(AbstractMailServer.java:156) [atlassian-mail-5.0.3.jar:?]
	at com.atlassian.jira.service.services.mail.MailServicesHelper.lambda$connectUsing$2(MailServicesHelper.java:81) [jira-api-8.13.3.jar:?]
	at java.util.Optional.map(Optional.java:215) [?:1.8.0_181]
	at com.atlassian.jira.service.services.mail.MailServicesHelper.handleAuthAwareMailServer(MailServicesHelper.java:52) [jira-api-8.13.3.jar:?]
	at com.atlassian.jira.service.services.mail.MailServicesHelper.getConnectedStore(MailServicesHelper.java:46) [jira-api-8.13.3.jar:?]
	at com.atlassian.jira.service.services.mail.MailFetcherService.getConnectedStore(MailFetcherService.java:397) [jira-api-8.13.3.jar:?]
	at com.atlassian.jira.service.services.mail.MailFetcherService$MessageProviderImpl.getAndProcessMail(MailFetcherService.java:166) [jira-api-8.13.3.jar:?]
	at com.atlassian.jira.service.services.mail.MailFetcherService.processMessages(MailFetcherService.java:361) [jira-api-8.13.3.jar:?]
	at com.atlassian.jira.service.services.mail.MailFetcherService.runImpl(MailFetcherService.java:353) [jira-api-8.13.3.jar:?]
	at com.atlassian.jira.service.services.file.AbstractMessageHandlingService.run(AbstractMessageHandlingService.java:229) [jira-api-8.13.3.jar:?]
	at com.atlassian.jira.service.JiraServiceContainerImpl.run(JiraServiceContainerImpl.java:68) [classes/:?]
	at com.atlassian.jira.service.ServiceRunner.runService(ServiceRunner.java:62) [classes/:?]
	at com.atlassian.jira.service.ServiceRunner.runServiceId(ServiceRunner.java:44) [classes/:?]
	at com.atlassian.jira.service.ServiceRunner.runJob(ServiceRunner.java:32) [classes/:?]
	at com.atlassian.scheduler.core.JobLauncher.runJob(JobLauncher.java:134) [atlassian-scheduler-core-3.0.0.jar:?]
	at com.atlassian.scheduler.core.JobLauncher.launchAndBuildResponse(JobLauncher.java:106) [atlassian-scheduler-core-3.0.0.jar:?]
	at com.atlassian.scheduler.core.JobLauncher.launch(JobLauncher.java:90) [atlassian-scheduler-core-3.0.0.jar:?]
	at com.atlassian.scheduler.caesium.impl.CaesiumSchedulerService.launchJob(CaesiumSchedulerService.java:435) [atlassian-scheduler-caesium-3.0.2.jar:?]
	at com.atlassian.scheduler.caesium.impl.CaesiumSchedulerService.executeClusteredJob(CaesiumSchedulerService.java:430) [atlassian-scheduler-caesium-3.0.2.jar:?]
	at com.atlassian.scheduler.caesium.impl.CaesiumSchedulerService.executeClusteredJobWithRecoveryGuard(CaesiumSchedulerService.java:454) [atlassian-scheduler-caesium-3.0.2.jar:?]
	at com.atlassian.scheduler.caesium.impl.CaesiumSchedulerService.executeQueuedJob(CaesiumSchedulerService.java:382) [atlassian-scheduler-caesium-3.0.2.jar:?]
	at com.atlassian.scheduler.caesium.impl.SchedulerQueueWorker.executeJob(SchedulerQueueWorker.java:66) [atlassian-scheduler-caesium-3.0.2.jar:?]
	at com.atlassian.scheduler.caesium.impl.SchedulerQueueWorker.executeNextJob(SchedulerQueueWorker.java:60) [atlassian-scheduler-caesium-3.0.2.jar:?]
	at com.atlassian.scheduler.caesium.impl.SchedulerQueueWorker.run(SchedulerQueueWorker.java:35) [atlassian-scheduler-caesium-3.0.2.jar:?]
	at java.lang.Thread.run(Thread.java:748) [?:1.8.0_181]


原因

Using the wrong Scopes can cause this error, even when the authentication attempt looks successful in the related Google or Microsoft logs. 

ソリューション

Use the Scopes listed in Integrating with OAuth 2.0.

For Google, we recommend using the https://mail.google.com/ scope for IMAP and POP3.

For Microsoft, we recommend https://outlook.office.com/IMAP.AccessAsUser.All or https://outlook.office.com/POP.AccessAsUser.All, and offline_access.








最終更新日: 2023 年 2 月 4 日

この内容はお役に立ちましたか?

はい
いいえ
この記事についてのフィードバックを送信する
Powered by Confluence and Scroll Viewport.