1. Danut M [StonikByte] Avatar Danut M [StonikByte]
  2. Apps
  3. Great Gadgets Add-On
  4. Issues

⚡KNOWN ISSUE: App gadgets not working on Confluence Data Center when SSO is used

Issue #158 new
Danut M [StonikByte] repo owner created an issue

Symptoms

On Confluence Data Center with Single Sign-On (SSO), most of the app gadgets imported from Jira as external gadgets cannot be used in Confluence pages due to an error (401 - Unauthorized).

Diagnosis

This happens when Jira is configured to use SSOSeraphAuthenticator, which means that in the seraph-config.xml file located in Jira's WEB-INF/classes directory has this line uncommented:

<authenticator class="com.atlassian.jira.security.login.SSOSeraphAuthenticator"/>

The Jira log file contains errors like this:

2022-08-18 11:43:27,047+0200 pool-task-service-1-thread-13 ERROR W92326 703x120394x1 8ifbei 172.23.254.214,172.23.254.11 /plugins/servlet/stonikbyte/greatgadgets/aws [c.s.c.b.services.tasks.Task] Error executing task with key: http://127.0.0.1:8080AgileBoards : Received http error code 401. Access to /rest/agile/1.0/board is not authorized. The id of this error is: 1382949090049972
com.stonikbyte.connect.base.rest.client.exceptions.HttpRequestUnauthorizedException: Received http error code 401. Access to /rest/agile/1.0/board is not authorized. The id of this error is: 1382949090049972
    at com.stonikbyte.connect.base.rest.client.BaseJiraRestServiceProvider.evaluateResponse(BaseJiraRestServiceProvider.java:180)
    at com.stonikbyte.connect.base.rest.client.BaseJiraRestServiceProvider.checkHttpResponseCode(BaseJiraRestServiceProvider.java:334)
    at com.stonikbyte.connect.server.rest.client.JiraServerRestServiceProvider.readServiceResponse(JiraServerRestServiceProvider.java:252)
    at com.stonikbyte.connect.server.rest.client.JiraServerRestServiceProvider.readPaginatedResponseInternal(JiraServerRestServiceProvider.java:115)
    at com.stonikbyte.connect.server.rest.client.JiraServerRestServiceProvider.readPaginatedResponse(JiraServerRestServiceProvider.java:58)
    at com.stonikbyte.great.gadgets.common.services.impl.JiraRestServiceImpl.getAllAgileBoards(JiraRestServiceImpl.java:1284)
    at com.stonikbyte.great.gadgets.common.tasks.TaskGetAllAgileBoards.execute(TaskGetAllAgileBoards.java:36)
    at com.stonikbyte.connect.base.services.tasks.Task.run(Task.java:203)
    at com.stonikbyte.connect.base.services.tasks.ManagedExecutorService$MonitoredTask.run(ManagedExecutorService.java:198)
    at java.base/java.util.concurrent.Executors$RunnableAdapter.call(Unknown Source)
    at java.base/java.util.concurrent.FutureTask.run(Unknown Source)
    at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
    at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
    at java.base/java.lang.Thread.run(Unknown Source)

Cause

These errors occur due to the fact that the gadgets fail to connect to Jira for retrieving the necessary data. This happens because the SSO specific info is not passes to Jira along with the request made by Confluence.

Workaround

A workaround is to configure Jira to use JiraSeraphAuthenticator instead of SSOSeraphAuthenticator. Based on our tests, this change fixes the error and the user logon is not impacted.

This can be done by editing the seraph-config.xml file from Jira's WEB-INF/classes directory.

First, comment this line...

<authenticator class="com.atlassian.jira.security.login.SSOSeraphAuthenticator"/>

… then, uncomment this line

<authenticator class="com.atlassian.jira.security.login.JiraSeraphAuthenticator"/>

Save the file. Repeat this on all Jira nodes.

Resolution

No resolution yet. A ticket (ECOHELP-1713) was open with Atlassian for making this to work with SSOSeraphAuthenticator in-place.

Comments (13)

  14. Log in to comment
Assignee
Type
bug
Priority
major
Status
new
Version
1.9.0
Votes
0
Watchers
1