Can't create application link between Jira and Confluence due to the error "The supplied Application URL has redirected once"

お困りですか?

アトラシアン コミュニティをご利用ください。

コミュニティに質問

プラットフォームについて: Server と Data Center のみ - この記事は、サーバーおよびデータセンター プラットフォームのアトラシアン製品にのみ適用されます。

    

要約

When trying to configure an application link between Jira and Confluence (or any other combination of 2 Atlassian Server/Data Center application), the following message is thrown in the UI while the user configuring the link is redirected from 1 application to the other:

The supplied Application URL has redirected once. Please check the redirected URL field to ensure this is a URL that you trust.

 The screenshot below illustrates what is seen in the UI when the user trying to configure an application link between Jira and Confluence is supposed to be automatically redirected from Confluence to Jira but can't, because of the redirection error:



環境

  • Any combination of 2 Atlassian Server/Data Center application. For example: Jira 8.x with Conflunece 7.x.
  • At least one of the 2 applications is configured behind an Reverse Proxy server that comes with an SSO redirection feature (for example, Azure MFA)

診断

  • Enable the debugging package org.apache.http in Jira > ⚙ > System > Logging and profiling (or in Confluence > ⚙ > General Configuration > Logging and Profiling) and replicate the issue
  • When checking the logs from either Jira or Confluence you should see that, when 1 application is trying to fetch the manifest information from the other application via the end point /rest/applinks/3.0/applicationlinkForm/manifest.json, the application gets redirected to the Microsoft SSO login page, and therefore fails to fetch the manifest

    2021-11-05 16:09:18,835 DEBUG [http-nio-8090-exec-6 url: /rest/applinks/3.0/applicationlinkForm/manifest.json; user: testuser] [org.apache.http.wire] wire http-outgoing-4321 >> "GET /rest/applinks/1.0/manifest HTTP/1.1[\r][\n]"
    
    ...
    
    2021-11-05 16:09:19,030 DEBUG [http-nio-8090-exec-6 url: /rest/applinks/3.0/applicationlinkForm/manifest.json; user: testuser] [org.apache.http.wire] wire http-outgoing-4321 <<
    "Location: https://login.microsoftonline.com/XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX/oauth2/authorize?response_type=code&client_id=XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX&scope=openid&nonce=XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX&redirect_uri=https%3a%2f%2fjira.test.com%2f&state=AppProxyState%3a%7b%22InvalidTokenRetry%22%3anull%2c%22IsMsofba%22%3afalse%2c%22OriginalRawUrl%22%3a%22https%3a%5c%2f%5c%2fjira.test.com%5c%2frest%5c%2fapplinks%5c%2f1.0%5c%2fmanifest%22%2c%22RequestProfileId%22%3anull%2c%22SessionId%22%3a%22XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX%22%7d%23EndOfStateParam%23&client-request-id=XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX[\r][\n]"
    
    ...
    
    2021-11-05 16:09:19,036 INFO [http-nio-8090-exec-6 url: /rest/applinks/3.0/applicationlinkForm/manifest.json; user: testuser] [applinks.core.manifest.AppLinksManifestDownloader] handle Manifest request got redirected to
    'https://login.microsoftonline.com/XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX/oauth2/authorize?response_type=code&client_id=XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX&scope=openid&nonce=XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX&redirect_uri=https%3a%2f%2fjira.test.com%2f&state=AppProxyState%3a%7b%22InvalidTokenRetry%22%3anull%2c%22IsMsofba%22%3afalse%2c%22OriginalRawUrl%22%3a%22https%3a%5c%2f%5c%2fjira.test.com%5c%2frest%5c%2fapplinks%5c%2f1.0%5c%2fmanifest%22%2c%22RequestProfileId%22%3anull%2c%22SessionId%22%3a%22XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX%22%7d%23EndOfStateParam%23&client-request-id=XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX'.

原因

The reverse proxy that Jira (or Confluence) is configure with is automatically redirecting any rest API call to its login page. In the example above, Microsoft Azure is automatically redirecting any HTTP call made to Jira (including the REST API calls) to the Microsoft SSO page.

(warning) Please note that this behavior only occurs when the SSO redirection is performed by the Proxy Server itself. If you configure Jira (or Confluence) to use SAML SSO via the Atlassian Native SSO functionality, the redirection issue will not occur. This is because the Atlassian Native SSO feature does not redirect REST API calls to the SSO login page out-of-the-box. Therefore, if you observe automatic redirection of API calls to the SSO login page, it is likely that it is caused by the reverse proxy that the Atlassian Application is configured with.

ソリューション

A few options:

  • Reach out to the Reverse Proxy server administrator (or Microsoft support if you are using Azure as a proxy) to see if the SSO redirection can be bypassed for any REST API calls made to the Atlassian application
  • Alternatively, you might consider configuring both Atlassian Applications with an outbound Proxy server, and ensure that any call coming from the outbound proxy server bypasses the SSO redirection on the Reverse Proxy server side (for example the Azure proxy server, in the example above)



最終更新日: 2021 年 12 月 1 日

この内容はお役に立ちましたか?

はい
いいえ
この記事についてのフィードバックを送信する
Powered by Confluence and Scroll Viewport.