JIRA applications is unable to connect to crowd due to application failing to authenticate
Platform Notice: Data Center Only - This article only applies to Atlassian products on the Data Center platform.
Note that this KB was created for the Data Center version of the product. Data Center KBs for non-Data-Center-specific features may also work for Server versions of the product, however they have not been tested. Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.
*Except Fisheye and Crucible
Symptoms
When attempting any of the following actions, the JIRA application throws the below exception in the logs.
Log in to the JIRA application.
Synchronise the User Directory with Crowd.
The following appears in the atlassian-jira.log:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
2012-10-29 06:44:58,504 QuartzWorker-1 WARN [directory.ldap.cache.EventTokenChangedCacheRefresher] Could not update event token.
com.atlassian.crowd.exception.OperationFailedException: com.atlassian.crowd.exception.InvalidAuthenticationException: Application failed to authenticate
at com.atlassian.crowd.directory.RemoteCrowdDirectory.getCurrentEventToken(RemoteCrowdDirectory.java:657)
at com.atlassian.crowd.directory.ldap.cache.EventTokenChangedCacheRefresher.synchroniseAll(EventTokenChangedCacheRefresher.java:45)
at com.atlassian.crowd.directory.DbCachingRemoteDirectory.synchroniseCache(DbCachingRemoteDirectory.java:619)
at com.atlassian.crowd.manager.directory.DirectorySynchroniserImpl.synchronise(DirectorySynchroniserImpl.java:63)
at com.atlassian.crowd.directory.DbCachingDirectoryPoller.pollChanges(DbCachingDirectoryPoller.java:50)
at com.atlassian.crowd.manager.directory.monitor.poller.DirectoryPollerJob.execute(DirectoryPollerJob.java:34)
at org.quartz.core.JobRunShell.run(JobRunShell.java:195)
at com.atlassian.multitenant.quartz.MultiTenantThreadPool$MultiTenantRunnable.run(MultiTenantThreadPool.java:72)
at org.quartz.simpl.SimpleThreadPool$WorkerThread.run(SimpleThreadPool.java:520)
Caused by: com.atlassian.crowd.exception.InvalidAuthenticationException: Application failed to authenticate
at com.atlassian.crowd.integration.rest.service.RestExecutor.throwError(RestExecutor.java:462)
at com.atlassian.crowd.integration.rest.service.RestExecutor$MethodExecutor.andReceive(RestExecutor.java:312)
at com.atlassian.crowd.integration.rest.service.RestCrowdClient.getCurrentEventToken(RestCrowdClient.java:944)
at com.atlassian.crowd.directory.RemoteCrowdDirectory.getCurrentEventToken(RemoteCrowdDirectory.java:651)
... 8 moreCause
The Application restrictions on the Crowd server (such as the IP address/block or password) are not being met by the JIRA server applications. This could be caused by a server migration if the IP on the new box is different or the application password has been changed within Crowd and is incorrect within JIRA applications.
Resolution
Verify that the IP of the JIRA server application are within the IP range as specified in the Applications Remote Addresses, as in Specifying an Application's Address or Hostname.
Check that the correct password is set within the Crowd User Directory, as in Connecting to Crowd or Another JIRA server application for User Management.
If JIRA is setup to use SSO with Crowd, then you'll want to ensure that the crowd.properties file contains the correct access information: Integrating Crowd with Atlassian Jira
If using SSO it's also possible special characters can break the application authentication to Crowd as described in CWD-4356 - Special Characters in application password will break SSO authentication
ℹ️
If the JIRA server applications cannot be accessed as users cannot log in, access can be restored as in our
Retrieving the JIRA Administrator
documentation.
Was this helpful?