Allowlist URL's for Jira-Slack integration
要約
Jira and Slack integration may sometime end up with errors while the environment is set up on a Cloud.
環境
8.22.2
診断
Investigating through the logs you could see that there will be an HTTP 400 response code received within Jira for the endpoint /rest/slack/latest/connection
Looking at the logs further, we can see that Slack will terminate the handshake generated by Jira
https-openssl-nio-443-exec-68 url: /rest/slack/latest/connection-status/ABCD1234; user: XYZ WARN XYZ 349x601204x4 abcd1z xxx.xxx.xxx.xxx:10218 /rest/slack/latest/connection-status/ACBD1234
[c.a.p.slack.util.ResponseMapper] Error when performing request to Slack: auth.test/bot
javax.net.ssl.SSLHandshakeException: Remote host terminated the handshake
at java.base/sun.security.ssl.SSLSocketImpl.handleEOF(Unknown Source)
at java.base/sun.security.ssl.SSLSocketImpl.decode(Unknown Source)
原因
The paths <baseUrl>/slack/ and <baseUrl>/rest/slack/latest/ are not whitelisted in the firewall and security filters are in place.
ソリューション
As per the Slack documentation on Manage Slack connection issues it's recommended to add all specified URLs (https://my.slack.com/help/urls) to your allowlist in Jira as well as the Firewall.
Slack must have a persistent connection between our messaging server and members’ apps or browsers. To do so, Slack uses WebSockets over port 443.
Proxies and firewalls can sometimes interrupt this connection. If someone using Slack can’t connect from a specific location, or if there’s a WebSocket failure in our Slack connection test, you’ll need to adjust your proxy or firewall to keep the connection to Slack open. Here’s how:
- Visit https://my.slack.com/help/urls and add all specified URLs to your allowlist. If your environment requires access to multiple workspaces and/or orgs, visit that page from each workspace and/or org.
To conclude, the suggestion is to whitelist the URLs as suggested in the Slack and Atlassian documentation.