Can't create application link between Jira and Confluence due to the error "The supplied Application URL has redirected once"

Platform Notice: Data Center Only - This article only applies to Atlassian products on the Data Center platform.

Note that this KB was created for the Data Center version of the product. Data Center KBs for non-Data-Center-specific features may also work for Server versions of the product, however they have not been tested. Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.

*Except Fisheye and Crucible

Summary

When trying to configure an application link between Jira and Confluence (or any other combination of 2 Atlassian Server/Data Center application), the following message is thrown in the UI while the user configuring the link is redirected from 1 application to the other:

1 The supplied Application URL has redirected once. Please check the redirected URL field to ensure this is a URL that you trust.

The screenshot below illustrates what is seen in the UI when the user trying to configure an application link between Jira and Confluence is supposed to be automatically redirected from Confluence to Jira but can't, because of the redirection error:

(Auto-migrated image: description temporarily unavailable)

Environment

  • Any combination of 2 Atlassian Server/Data Center application. For example: Jira 8.x with Conflunece 7.x.

  • At least one of the 2 applications is configured behind an Reverse Proxy server that comes with an SSO redirection feature (for example, Azure MFA)

Diagnosis

  • Enable the debugging package org.apache.http in Jira > ⚙ > System > Logging and profiling (or in Confluence > ⚙ > General Configuration > Logging and Profiling) and replicate the issue

  • When checking the logs from either Jira or Confluence you should see that, when 1 application is trying to fetch the manifest information from the other application via the end point /rest/applinks/3.0/applicationlinkForm/manifest.json, the application gets redirected to the Microsoft SSO login page, and therefore fails to fetch the manifest

    1 2 3 4 5 6 7 8 9 10 11 2021-11-05 16:09:18,835 DEBUG [http-nio-8090-exec-6 url: /rest/applinks/3.0/applicationlinkForm/manifest.json; user: testuser] [org.apache.http.wire] wire http-outgoing-4321 >> "GET /rest/applinks/1.0/manifest HTTP/1.1[\r][\n]" ... 2021-11-05 16:09:19,030 DEBUG [http-nio-8090-exec-6 url: /rest/applinks/3.0/applicationlinkForm/manifest.json; user: testuser] [org.apache.http.wire] wire http-outgoing-4321 << "Location: https://login.microsoftonline.com/XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX/oauth2/authorize?response_type=code&client_id=XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX&scope=openid&nonce=XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX&redirect_uri=https%3a%2f%2fjira.test.com%2f&state=AppProxyState%3a%7b%22InvalidTokenRetry%22%3anull%2c%22IsMsofba%22%3afalse%2c%22OriginalRawUrl%22%3a%22https%3a%5c%2f%5c%2fjira.test.com%5c%2frest%5c%2fapplinks%5c%2f1.0%5c%2fmanifest%22%2c%22RequestProfileId%22%3anull%2c%22SessionId%22%3a%22XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX%22%7d%23EndOfStateParam%23&client-request-id=XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX[\r][\n]" ... 2021-11-05 16:09:19,036 INFO [http-nio-8090-exec-6 url: /rest/applinks/3.0/applicationlinkForm/manifest.json; user: testuser] [applinks.core.manifest.AppLinksManifestDownloader] handle Manifest request got redirected to 'https://login.microsoftonline.com/XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX/oauth2/authorize?response_type=code&client_id=XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX&scope=openid&nonce=XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX&redirect_uri=https%3a%2f%2fjira.test.com%2f&state=AppProxyState%3a%7b%22InvalidTokenRetry%22%3anull%2c%22IsMsofba%22%3afalse%2c%22OriginalRawUrl%22%3a%22https%3a%5c%2f%5c%2fjira.test.com%5c%2frest%5c%2fapplinks%5c%2f1.0%5c%2fmanifest%22%2c%22RequestProfileId%22%3anull%2c%22SessionId%22%3a%22XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX%22%7d%23EndOfStateParam%23&client-request-id=XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX'.

Cause

The reverse proxy that Jira (or Confluence) is configure with is automatically redirecting any rest API call to its login page. In the example above, Microsoft Azure is automatically redirecting any HTTP call made to Jira (including the REST API calls) to the Microsoft SSO page.

⚠️ Please note that this behavior only occurs when the SSO redirection is performed by the Proxy Server itself. If you configure Jira (or Confluence) to use SAML SSO via the Atlassian Native SSO functionality, the redirection issue will not occur. This is because the Atlassian Native SSO feature does not redirect REST API calls to the SSO login page out-of-the-box. Therefore, if you observe automatic redirection of API calls to the SSO login page, it is likely that it is caused by the reverse proxy that the Atlassian Application is configured with.

Solution

A few options:

  • Reach out to the Reverse Proxy server administrator (or Microsoft support if you are using Azure as a proxy) to see if the SSO redirection can be bypassed for any REST API calls made to the Atlassian application

  • Alternatively, you might consider configuring both Atlassian Applications with an outbound Proxy server, and ensure that any call coming from the outbound proxy server bypasses the SSO redirection on the Reverse Proxy server side (for example the Azure proxy server, in the example above)

Updated on April 2, 2025
Platform
Data Center only
Product
Jira Software Data Center
On this pageSummaryDiagnosisCauseSolution

Still need help?

The Atlassian Community is here for you.
Ask the Community