IMAP fails with A3 BAD User is authenticated but not connected error in Jira server integrated with Office365
プラットフォームについて: Server および Data Center のみ。この記事は、Server および Data Center プラットフォームのアトラシアン製品にのみ適用されます。
Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.
*Fisheye および Crucible は除く
問題
atlassian-jira.log に次のメッセージが表示される。
2014-09-12 07:40:48,051 ERROR [365 IMAP] QuartzScheduler_Worker-3 ServiceRunner Help Desk Handler[10100]: Messaging Exception in service 'com.atlassian.jira.service.services.mail.MailFetcherService$MessageProviderImpl' when getting mail: A3 BAD User is authenticated but not connected.
javax.mail.MessagingException: A3 BAD User is authenticated but not connected.;
nested exception is:
com.sun.mail.iap.BadCommandException: A3 BAD User is authenticated but not connected.
at com.sun.mail.imap.IMAPFolder.open(IMAPFolder.java:961)
at com.atlassian.jira.service.services.mail.MailFetcherService$MessageProviderImpl.getAndProcessMail(MailFetcherService.java:254)
at com.atlassian.jira.service.services.mail.MailFetcherService.runImpl(MailFetcherService.java:401)
at com.atlassian.jira.service.services.file.AbstractMessageHandlingService.run(AbstractMessageHandlingService.java:257)
at com.atlassian.jira.service.JiraServiceContainerImpl.run(JiraServiceContainerImpl.java:61)
at com.atlassian.jira.service.ServiceRunner.execute(ServiceRunner.java:48)
at org.quartz.core.JobRunShell.run(JobRunShell.java:195)
at org.quartz.simpl.SimpleThreadPool$WorkerThread.run(SimpleThreadPool.java:520)
Caused by: com.sun.mail.iap.BadCommandException: A3 BAD User is authenticated but not connected.
原因
原因 1
O365 configuration to allow IMAP over OAuth2.0 is incomplete as Client Access Rules is missing "IMAP4" rule. See Microsoft Documentation.
原因 2
When following the steps to configure your Jira incoming mail server to use OAuth 2.0, the request to "Authorize" was not completed by the mailbox owner or delegated user.
例:
- A user is attempting to configure Jira's incoming mail server to use OAuth 2.0 for the account support@atlassian.com
- A user authenticated to Jira with the username charlie@altassian.com and re-directed to Google or Microsoft Office365 when they click "Authorize"
- A user enters their charlie@atlassian.com username and password to authorize the OAuth 2.0 connection between Jira and the email service provider.
The problem is caused because charlie@atlassian.com cannot allow the OAuth connection between Jira and support@atlassian.com.
原因 3
When following the steps to configure your Jira incoming mail server to use OAuth 2.0, the OAuth client secret was not set correctly. In this case, the error may appear as the following in the logs:
- QBK3 BAD User is authenticated but not connected
- CSA3 BAD User is authenticated but not connected
ソリューション
ソリューション 1
Make sure "IMAP4" is added to Client Access Rules in O365 for both the mailbox and the OAuth account, and when testing the input in O365 using Jira context, the test is completed successfully.
ソリューション 2
Complete the "Authorize" request using OAuth2.0 with username and password for the required email account
For example, when the user support@atlassian.com is re-directed to Google or Microsoft Office365, and allows the OAuth connection between Jira and the mail box for support@atlassian.com the connection will succeed.
ソリューション 3
Use the steps from Generate an OAuth 2.0 key and secret in Azure to set the OAuth client secret in Jira.