- edited description
⚡KNOWN ISSUE: App gadgets not working on Confluence Data Center when SSO is used
Symptoms
On Confluence Data Center with Single Sign-On (SSO), most of the app gadgets imported from Jira as external gadgets cannot be used in Confluence pages due to an error (401 - Unauthorized).
Diagnosis
This happens when Jira is configured to use SSOSeraphAuthenticator
, which means that in the seraph-config.xml file located in Jira's WEB-INF/classes directory has this line uncommented:
<authenticator class="com.atlassian.jira.security.login.SSOSeraphAuthenticator"/>
The Jira log file contains errors like this:
2022-08-18 11:43:27,047+0200 pool-task-service-1-thread-13 ERROR W92326 703x120394x1 8ifbei 172.23.254.214,172.23.254.11 /plugins/servlet/stonikbyte/greatgadgets/aws [c.s.c.b.services.tasks.Task] Error executing task with key: http://127.0.0.1:8080AgileBoards : Received http error code 401. Access to /rest/agile/1.0/board is not authorized. The id of this error is: 1382949090049972
com.stonikbyte.connect.base.rest.client.exceptions.HttpRequestUnauthorizedException: Received http error code 401. Access to /rest/agile/1.0/board is not authorized. The id of this error is: 1382949090049972
at com.stonikbyte.connect.base.rest.client.BaseJiraRestServiceProvider.evaluateResponse(BaseJiraRestServiceProvider.java:180)
at com.stonikbyte.connect.base.rest.client.BaseJiraRestServiceProvider.checkHttpResponseCode(BaseJiraRestServiceProvider.java:334)
at com.stonikbyte.connect.server.rest.client.JiraServerRestServiceProvider.readServiceResponse(JiraServerRestServiceProvider.java:252)
at com.stonikbyte.connect.server.rest.client.JiraServerRestServiceProvider.readPaginatedResponseInternal(JiraServerRestServiceProvider.java:115)
at com.stonikbyte.connect.server.rest.client.JiraServerRestServiceProvider.readPaginatedResponse(JiraServerRestServiceProvider.java:58)
at com.stonikbyte.great.gadgets.common.services.impl.JiraRestServiceImpl.getAllAgileBoards(JiraRestServiceImpl.java:1284)
at com.stonikbyte.great.gadgets.common.tasks.TaskGetAllAgileBoards.execute(TaskGetAllAgileBoards.java:36)
at com.stonikbyte.connect.base.services.tasks.Task.run(Task.java:203)
at com.stonikbyte.connect.base.services.tasks.ManagedExecutorService$MonitoredTask.run(ManagedExecutorService.java:198)
at java.base/java.util.concurrent.Executors$RunnableAdapter.call(Unknown Source)
at java.base/java.util.concurrent.FutureTask.run(Unknown Source)
at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
at java.base/java.lang.Thread.run(Unknown Source)
Cause
These errors occur due to the fact that the gadgets fail to connect to Jira for retrieving the necessary data. This happens because the SSO specific info is not passes to Jira along with the request made by Confluence.
Workaround
A workaround is to configure Jira to use JiraSeraphAuthenticator
instead of SSOSeraphAuthenticator
. Based on our tests, this change fixes the error and the user logon is not impacted.
This can be done by editing the seraph-config.xml file from Jira's WEB-INF/classes directory.
First, comment this line...
<authenticator class="com.atlassian.jira.security.login.SSOSeraphAuthenticator"/>
… then, uncomment this line
<authenticator class="com.atlassian.jira.security.login.JiraSeraphAuthenticator"/>
Save the file. Repeat this on all Jira nodes.
Resolution
No resolution yet. A ticket (ECOHELP-1713) was open with Atlassian for making this to work with SSOSeraphAuthenticator
in-place.
Comments (13)
-
reporter -
reporter - edited description
-
reporter - edited description
-
reporter - edited description
-
reporter - edited description
-
reporter - edited description
-
reporter - edited description
-
reporter - edited description
-
reporter - edited description
-
reporter - edited description
-
reporter -
reporter -
reporter - Log in to comment