Application Link between Bitbucket Server and JIRA fails due to systems clock not being synchronized
Platform Notice: Data Center Only - This article only applies to Atlassian products on the Data Center platform.
Note that this KB was created for the Data Center version of the product. Data Center KBs for non-Data-Center-specific features may also work for Server versions of the product, however they have not been tested. Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.
*Except Fisheye and Crucible
Symptoms
Bitbucket Server Application Link throws this error when trying to connect to a JIRA instance:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
2014-09-17 12:49:42,672 ERROR [http-nio-7990-exec-3] ztaccardi @1M2JZ6Vx769x162x0 ap28qy 192.168.11.1 "GET /plugins/servlet/applinks/oauth/login-dance/authorize HTTP/1.1" c.a.a.c.a.oauth.OAuthApplinksServlet An error occurred when performing the oauth 'dance' for application link 'eCB JIRA (ea6bc4d5-d779-3527-ab7c-79e07567e5e8) https://ecb-collabralink.atlassian.net com.atlassian.applinks.application.jira.JiraApplicationTypeImpl@120536dd'
com.atlassian.applinks.core.auth.oauth.OAuthMessageProblemException: Failed to get token from service provider, problem was: 'timestamp_refused'
at com.atlassian.applinks.core.auth.oauth.OAuthTokenRetriever$1.handle(OAuthTokenRetriever.java:128) ~[applinks-plugin-4.2.4_1408643294000.jar:na]
at com.atlassian.sal.core.net.HttpClientRequest.executeAndReturn(HttpClientRequest.java:351) ~[HttpClientRequest.class:na]
at com.atlassian.applinks.core.auth.oauth.OAuthTokenRetriever.requestToken(OAuthTokenRetriever.java:139) ~[applinks-plugin-4.2.4_1408643294000.jar:na]
at com.atlassian.applinks.core.auth.oauth.OAuthTokenRetriever.getRequestToken(OAuthTokenRetriever.java:51) ~[applinks-plugin-4.2.4_1408643294000.jar:na]
at com.atlassian.applinks.core.auth.oauth.OAuthApplinksServlet.obtainAndAuthorizeRequestToken(OAuthApplinksServlet.java:304) ~[applinks-plugin-4.2.4_1408643294000.jar:na]
at com.atlassian.applinks.core.auth.oauth.OAuthApplinksServlet.doGet(OAuthApplinksServlet.java:164) ~[applinks-plugin-4.2.4_1408643294000.jar:na]
at com.atlassian.applinks.core.rest.context.ContextFilter.doFilter(ContextFilter.java:25) [applinks-plugin-4.2.4_1408643294000.jar:na]
at com.atlassian.bitbucket.internal.spring.security.Bitbucket ServerAuthenticationFilter.doFilter(Bitbucket ServerAuthenticationFilter.java:86) [Bitbucket ServerAuthenticationFilter.class:na]
at com.atlassian.bitbucket.internal.web.auth.BeforeLoginPluginAuthenticationFilter.doInsideSpringSecurityChain(BeforeLoginPluginAuthenticationFilter.java:111) [BeforeLoginPluginAuthenticationFilter.class:na]
at com.atlassian.bitbucket.internal.web.auth.BeforeLoginPluginAuthenticationFilter.doFilter(BeforeLoginPluginAuthenticationFilter.java:77) [BeforeLoginPluginAuthenticationFilter.class:na]
at com.atlassian.security.auth.trustedapps.filter.TrustedApplicationsFilter.doFilter(TrustedApplicationsFilter.java:100) [TrustedApplicationsFilter.class:na]
at com.atlassian.oauth.serviceprovider.internal.servlet.OAuthFilter.doFilter(OAuthFilter.java:69) [atlassian-oauth-service-provider-plugin-1.9.2_1408643294000.jar:na]
at com.atlassian.analytics.client.filter.DefaultAnalyticsFilter.doFilter(DefaultAnalyticsFilter.java:33) [analytics-client-3.40_1408643294000.jar:na]
at com.atlassian.core.filters.AbstractHttpFilter.doFilter(AbstractHttpFilter.java:31) [AbstractHttpFilter.class:na]
at com.atlassian.bitbucket.internal.web.auth.BeforeLoginPluginAuthenticationFilter.doBeforeBeforeLoginFilters(BeforeLoginPluginAuthenticationFilter.java:89) [BeforeLoginPluginAuthenticationFilter.class:na]
at com.atlassian.bitbucket.internal.web.auth.BeforeLoginPluginAuthenticationFilter.doFilter(BeforeLoginPluginAuthenticationFilter.java:75) [BeforeLoginPluginAuthenticationFilter.class:na]
at com.atlassian.bitbucket.internal.request.DefaultRequestManager.doAsRequest(DefaultRequestManager.java:84) [DefaultRequestManager.class:na]
at com.hazelcast.web.WebFilter.doFilter(WebFilter.java:450) [WebFilter.class:3.3-RC3]
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145) [na:1.7.0_51]
at java.lang.Thread.run(Thread.java:744) [na:1.7.0_51]
... 195 frames trimmed
2014-09-17 19:47:12,601 WARN [http-nio-80-exec-10] @1VBDOXx1187x72x0 10.84.141.252,165.254.226.135 "POST /plugins/servlet/oauth/request-token HTTP/1.0" c.a.o.s.i.s.RequestTokenServlet Rejecting OAuth request for url "http://appian.collabralink.com/plugins/servlet/oauth/request-token" due to invalid timestamp ({oauth_problem=timestamp_refused, oauth_acceptable_timestamps=1410997332600-1410997932600}). This is most likely due to our system clock not being synchronized with the consumer's clock.
Cause
Application Links fail when the clocks are not synced.
Resolution
Synchronise both applications with NTP. For example, while trying to connect a Bitbucket Server instance behind the firewall with a JIRA Cloud instance, executing the command below on Bitbucket Server to get it in sync resolved the issue for an installation on Ubuntu:
1
$ sudo ntpdate ntp.ubuntu.com
Was this helpful?