Unable to connect to JIRA for authentication - Forbidden 403

Platform Notice: Data Center Only - This article only applies to Atlassian products on the Data Center platform.

Note that this KB was created for the Data Center version of the product. Data Center KBs for non-Data-Center-specific features may also work for Server versions of the product, however they have not been tested. Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.

*Except Fisheye and Crucible

Summary

When trying to integrate Bitbucket Server to JIRA for user management as described at Delegate user management to Jira, it fails with error 403, Forbidden.

Diagnosis

You see either of the following errors in atlassian-bitbucket.log:

2014-07-31 09:03:44,168 ERROR [http-bio-7990-exec-5] Csmarkus @1QMMOPRx543x995x0 8qk0ii 192.168.1.1 "POST /plugins/servlet/embedded-crowd/configure/jira/ HTTP/1.1" c.a.c.e.a.ConfigurationController Configuration test failed for user directory: [ JIRA Server], type: [ CROWD ] com.atlassian.crowd.exception.runtime.OperationFailedException: com.atlassian.crowd.exception.ApplicationPermissionException: Forbidden (403) Encountered a "403 - Forbidden" error while loading this page. Go to JIRA home at com.atlassian.crowd.embedded.core.CrowdDirectoryServiceImpl.testConnection(CrowdDirectoryServiceImpl.java:78) ~[embedded-crowd-core-2.7.2.jar:na] at com.atlassian.bitbucket.internal.crowd.SecureCrowdDirectoryServiceImpl.testConnection(SecureCrowdDirectoryServiceImpl.java:52) ~[bitbucket-service-impl-3.2.0.jar:na] ... Caused by: com.atlassian.crowd.exception.ApplicationPermissionException: Forbidden (403) Encountered a "403 - Forbidden" error while loading this page. Go to JIRA home ...

Or:

2013-02-25 18:46:40,671 ERROR [http-bio-7990-exec-7] kahloun.foong 1126x118x1 jx9vwz 0:0:0:0:0:0:0:1%0 "POST /plugins/servlet/embedded-crowd/configure/jira/ HTTP/1.1" c.a.c.e.a.ConfigurationController Configuration test failed for user directory: [ JIRA Server], type: [ CROWD ] com.atlassian.crowd.exception.runtime.OperationFailedException: com.atlassian.crowd.exception.ApplicationPermissionException: <!DOCTYPE html> <html> <head> <title>Forbidden (403)</title> ... </head> <body id="jira" class="aui-layout aui-style-default page-type-message"> <div id="page"> <header id="header" role="banner"> <nav class="global" role="navigation"> <div class="primary"> <h1 id="logo"><a href="/secure/MyJiraHome.jspa"><img src="/images/jira111x30.png" width="111" height="30" alt="Your Company JIRA" /></a></h1> </div> </nav> </header> <section id="content" role="main"> <header><h1>Forbidden (403)</h1></header> <div class="content-container"> <div class="content-body"> <p>Encountered a <code>403 - Forbidden</code> error while loading this page.</p> <p><a href="/secure/MyJiraHome.jspa">JIRA home</a></p> </div> </div> </section> </div> </body> </html> at com.atlassian.crowd.embedded.core.CrowdDirectoryServiceImpl.testConnection(CrowdDirectoryServiceImpl.java:78) ~[embedded-crowd-core-2.5.3-m1.jar:na] at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[na:1.6.0_37] ... Caused by: com.atlassian.crowd.exception.ApplicationPermissionException: <!DOCTYPE html>

Cause

Bitbucket Server instance could not connect or access to JIRA server due to the following cause:

  1. JIRA does not include Bitbucket Server instance IP address in JIRA User Server settings.

  2. JIRA has not whitelisted Bitbucket Server instance or IP address, despite both of them being located within same server.

  3. There is a proxy or firewall that blocks such access from Bitbucket Server to JIRA.

Solution

  • Ensure that Bitbucket Server instance URL (or IP address) has been added to JIRA User Server or whitelist settings.

  • Configure any proxy or firewall (rules blocking the access, NAT or PAT etc.) that might block such access. You might want to follow this method Configuring Web Proxy Support for Confluence or review the rules in your firewall or even the logs to see if these packages are being dropped.

  • Try bypassing the proxy. For instance, if both JIRA and Bitbucket Server are on the same server, use 127.0.0.1 to connect, instead. On JIRA User Server:

    • "Step 1: Set up JIRA to allow connections from Bitbucket Server", item 5, configure the following IPs:

      127.0.0.1 ::1 your.hostname

    • "Step 2: Set up Bitbucket Server to connect to JIRA", item 4, configure http://127.0.0.1:8080/jira on the "Server URL" settings.

    • Alternatively, use the IPs of Bitbucket Server and JIRA if they have direct connection to each other through the network.

    • A wild card *.*.*.* can also be used which will match any IP that tries to connect to Jira. But, please aware that it allows to connect from any IP and this bypass the IP level check to ensure the right application is connecting to Jira.

Updated on June 27, 2025
Platform
Data Center only
Product
Bitbucket Data Center
On this pageSummaryDiagnosisCauseSolution

Still need help?

The Atlassian Community is here for you.
Ask the Community