JIRA throws Application failed to authenticate error when configuring a Crowd User Directory

Platform Notice: Data Center Only - This article only applies to Atlassian products on the Data Center platform.

Note that this KB was created for the Data Center version of the product. Data Center KBs for non-Data-Center-specific features may also work for Server versions of the product, however they have not been tested. Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.

*Except Fisheye and Crucible

Summary

Problem

When configuring JIRA to use Atlassian Crowd as a user directory and everything is already configured correctly (including credentials), JIRA still throws the following error in the UI

1 2 Connection test failed. Response from the server: com.atlassian.crowd.exception.InvalidAuthenticationException: Application failed to authenticate

The following stack trace is thrown in atlassian-jira.log

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 2015-06-16 19:43:12,114 http-bio-8080-exec-3 ERROR admin 1183x1167x1 17i2lib 192.168.0.1,127.0.0.1 /plugins/servlet/embedded-crowd/configure/crowd/ [crowd.embedded.admin.ConfigurationController] Configuration test failed for user directory: [ Crowd Server], type: [ CROWD ] com.atlassian.crowd.exception.runtime.OperationFailedException: com.atlassian.crowd.exception.InvalidAuthenticationException: Application failed to authenticate at com.atlassian.crowd.embedded.core.CrowdDirectoryServiceImpl.testConnection(CrowdDirectoryServiceImpl.java:78) at sun.reflect.GeneratedMethodAccessor787.invoke(Unknown Source) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:497) at com.atlassian.plugin.osgi.hostcomponents.impl.DefaultComponentRegistrar$ContextClassLoaderSettingInvocationHandler.invoke(DefaultComponentRegistrar.java:134) at com.sun.proxy.$Proxy230.testConnection(Unknown Source) <+2> (DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:497) ... Caused by: com.atlassian.crowd.exception.InvalidAuthenticationException: Application failed to authenticate at com.atlassian.crowd.integration.rest.service.RestExecutor$MethodExecutor.throwError(RestExecutor.java:643) at com.atlassian.crowd.integration.rest.service.RestExecutor$MethodExecutor.andReceive(RestExecutor.java:485) at com.atlassian.crowd.integration.rest.service.RestCrowdClient.searchUsers(RestCrowdClient.java:553) at com.atlassian.crowd.integration.rest.service.RestCrowdClient.testConnection(RestCrowdClient.java:541) at com.atlassian.crowd.directory.RemoteCrowdDirectory.testConnection(RemoteCrowdDirectory.java:834) ... 217 more

Diagnosis

  • JIRA and/or Crowd is running behind a reverse proxy

  • The Server URL field when configuring the user directory in JIRA uses the proxied URL

  • When bypassing proxy by adding an additional HTTP connector and then using the unproxied URL in the Server URL field, connection works fine

  • The following RequestHeader unset Authorizationline has been added to the apache configuration page as per Troubleshooting Apache

1 2 3 4 5 6 <Location /jira> RequestHeader unset Authorization ProxyPreserveHost On ProxyPass http://jiraserver/jira ProxyPassReverse http://jiraserver/jira </Location>

Cause

The RequestHeader unset Authorization line added to the proxy configuration is the cause of a failed authentication from JIRA to Crowd.

Solution

Resolution

  1. Remove or comment that line out

    1 2 3 4 5 6 <Location /jira> # RequestHeader unset Authorization ProxyPreserveHost On ProxyPass http://jiraserver/jira ProxyPassReverse http://jiraserver/jira </Location>

  2. Restart the Apache service

Updated on April 2, 2025
Platform
Data Center only
Product
Jira Software Data Center
On this pageSummaryDiagnosisCauseSolution

Still need help?

The Atlassian Community is here for you.
Ask the Community