Jira に認証のために接続できない - Forbidden 403

症状

When trying to integrate Stash to JIRA for user management as described at Connecting Stash to JIRA for user management, it fails with either of the following errors in atlassian-stash.log:

2014-07-31 09:03:44,168 ERROR [http-bio-7990-exec-5] Csmarkus @1QMMOPRx543x995x0 8qk0ii 192.168.1.1 "POST /plugins/servlet/embedded-crowd/configure/jira/ HTTP/1.1" c.a.c.e.a.ConfigurationController Configuration test failed for user directory: [ JIRA Server], type: [ CROWD ]
com.atlassian.crowd.exception.runtime.OperationFailedException: com.atlassian.crowd.exception.ApplicationPermissionException: Forbidden (403) Encountered a "403 - Forbidden" error while loading this page. Go to JIRA home
	at com.atlassian.crowd.embedded.core.CrowdDirectoryServiceImpl.testConnection(CrowdDirectoryServiceImpl.java:78) ~[embedded-crowd-core-2.7.2.jar:na]
	at com.atlassian.stash.internal.crowd.SecureCrowdDirectoryServiceImpl.testConnection(SecureCrowdDirectoryServiceImpl.java:52) ~[stash-service-impl-3.2.0.jar:na]
	...
Caused by: com.atlassian.crowd.exception.ApplicationPermissionException: Forbidden (403) Encountered a "403 - Forbidden" error while loading this page. Go to JIRA home
	...

あるいは

2013-02-25 18:46:40,671 ERROR [http-bio-7990-exec-7] kahloun.foong 1126x118x1 jx9vwz 0:0:0:0:0:0:0:1%0 "POST /plugins/servlet/embedded-crowd/configure/jira/ HTTP/1.1" c.a.c.e.a.ConfigurationController Configuration test failed for user directory: [ JIRA Server], type: [ CROWD ]
com.atlassian.crowd.exception.runtime.OperationFailedException: com.atlassian.crowd.exception.ApplicationPermissionException: <!DOCTYPE html>
<html>
<head>
    <title>Forbidden (403)</title>
...
</head>
<body id="jira" class="aui-layout aui-style-default page-type-message">
<div id="page">
    <header id="header" role="banner">
        <nav class="global" role="navigation">
            <div class="primary">
                <h1 id="logo"><a href="/secure/MyJiraHome.jspa"><img src="/images/jira111x30.png" width="111" height="30" alt="Your Company JIRA" /></a></h1>
            </div>
        </nav>
    </header>
    <section id="content" role="main">
        <header><h1>Forbidden (403)</h1></header>
        <div class="content-container">
            <div class="content-body">
                <p>Encountered a <code>403 - Forbidden</code> error while loading this page.</p>
                <p><a href="/secure/MyJiraHome.jspa">JIRA home</a></p>
            </div>
        </div>
    </section>
</div>
</body>
</html>
	at com.atlassian.crowd.embedded.core.CrowdDirectoryServiceImpl.testConnection(CrowdDirectoryServiceImpl.java:78) ~[embedded-crowd-core-2.5.3-m1.jar:na]
	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[na:1.6.0_37]
...
Caused by: com.atlassian.crowd.exception.ApplicationPermissionException: <!DOCTYPE html>

原因

Stash server could not connect or access to JIRA server due to the following cause:

  1. JIRA does not include Stash server IP address in JIRA User Server settings
  2. JIRA has not whitelisted Stash server or IP address, despite both of them located within same server. 
  3. There is a proxy or firewall that blocks such access from Stash to JIRA.

ソリューション

  • Ensure that Stash server URL (or IP address) has been added to JIRA User Server or whitelist settings
  • Configure any proxy or firewall (rules blocking the access, NAT or PAT etc.) that might block such access. You might want to follow this method Configuring Web Proxy Support for Confluence ore review the rules in your firewall or even the logs to see if these packages are being dropped.

  • Try bypassing the proxy. For instance, if both JIRA and Stash are on the same server, use 127.0.0.1 to connect, instead. On JIRA User Server:

    • "Step 1: Set up JIRA to allow connections from Stash", item 5, configure the following IPs:

      127.0.0.1
      ::1
      your.hostname
    • "Step 2: Set up Stash to connect to JIRA", item 4, configure http://127.0.0.1:8080/jira on the "Server URL" settings.

    • Alternatively, use the IPs of Stash and JIRA if they have direct connection to each other through the network.

最終更新日 2018 年 11 月 2 日

この内容はお役に立ちましたか?

はい
いいえ
この記事についてのフィードバックを送信する
Powered by Confluence and Scroll Viewport.