Bamboo Data Center login not working post Database refresh activity

Platform Notice: Data Center Only - This article only applies to Atlassian products on the Data Center platform.

Note that this KB was created for the Data Center version of the product. Data Center KBs for non-Data-Center-specific features may also work for Server versions of the product, however they have not been tested. Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.

*Except Fisheye and Crucible

Summary

This article covers a scenario where login to a UAT/Dev instance of Bamboo was not working post refreshing it's Database from Production. Following error was seen : You have entered an invalid username and password. Please try again

Environment

  • Bamboo version : 9.2.3

  • Crowd version : 6.1.3 

The issue was seen on the above 2 environment but the solution is applicable for any other supported environment as well

Diagnosis

  1. While trying to login to Bamboo using the users imported from Crowd, below error was seen on the Bamboo GUI

    (Auto-migrated image: description temporarily unavailable)

  2. In the atlassian-bamboo.log file we could see the below error

    1 2 2024-11-18 14:10:37,094 WARN [atlassian-scheduler-quartz2.local_Worker-2] [EventTokenChangedCacheRefresher] Could not update event token. com.atlassian.crowd.exception.OperationFailedException: com.atlassian.crowd.exception.ApplicationPermissionException: HTTP Status 403 – ForbiddenType Status ReportMessage Client with address "1.2.3.4" is forbidden from making requests to the application, bamprod.Description The server understood the request but refuses to authorize it.

Cause

Bamboo stores all the user management data including the configuration of the directories in the Database. When a UAT Database is refreshed from Production it replaces all the data in the UAT Environment DB with that of Production, this includes the User management directories related configuration.

When you try to login to the UAT Instance of Bamboo, Bamboo will try to connect to the Crowd Instance of production as the configurations in the UAT environment is refreshed with production, as the Bamboo UAT instance does not have access to Crowd production Instance the login fails.

Solution

  1. The first step is to validate if there are any Bamboo Internal directory user which has Admin rights which can login to the Bamboo UAT instance, If there is a user please skip to step 3 else follow step 2

  2. Generate a recovery Admin user by following the steps at Lockout recovery process, using this admin user we'll fix the crowd configuration in Bamboo

  3. Login using the recovery Admin user created in step 2 and fix the crowd configuration in UAT Bamboo, for more details please refer Integrating Bamboo with Crowd

  4. Post step 3 goto <bamboo-install>/atlassian-bamboo/WEB-INF/classes/seraph-config.xmlfile and validate if SSO is disabled, please makes sure below authenticator is enabled and com.atlassian.crowd.integration.seraph.v25.BambooAuthenticator is disabled

    1 2 3 4 <rolemapper class="com.atlassian.bamboo.user.authentication.BambooRoleMapper"/> <authenticator class="com.atlassian.bamboo.user.authentication.BambooAuthenticator"/> <controller class="com.atlassian.bamboo.user.authentication.BambooSecurityController"/> <elevatedsecurityguard class="com.atlassian.bamboo.user.authentication.BambooElevatedSecurityGuard"/>

  5. Restart Bamboo and check if login is working. Now you can try to recreate the SSO if you wish in the UAT environment.

Updated on March 13, 2025
Platform
Data Center only
Product
Bamboo Data Center
On this pageSummaryDiagnosisCauseSolution

Still need help?

The Atlassian Community is here for you.
Ask the Community