Unable to update LDAP directory or add a new LDAP directory java.lang.SecurityException: JCE cannot authenticate the provider BC
Platform Notice: Data Center Only - This article only applies to Atlassian apps on the Data Center platform.
Note that this KB was created for the Data Center version of the product. Data Center KBs for non-Data-Center-specific features may also work for Server versions of the product, however they have not been tested. Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.
*Except Fisheye and Crucible
Summary
Unable to update user directories or add a new directory. It throws a 500 error with the following stack trace:
http-nio-8080-exec-4 ERROR admin 619x144x1 1squ2zt xxxx.xxxx.xxxx.xxxx xxxx.xxxx.xxxx.xxxx /plugins/servlet/embedded-crowd/configure/ldap/ [c.a.d.c.p.ciphers.algorithm.AlgorithmCipher] Exception thrown when encrypting: EncryptionParameters{plainTextPassword='<SANITIZED>', algorithm='AES/CBC/PKCS5Padding', algorithmKey='AES', algorithmParametersFilePath='null', keyFilePath='/jira/home_jira/keys/javax.crypto.spec.SecretKeySpec_1635793850314', outputFilesBasePath='/jira/home_jira/keys/', saveAlgorithmParametersToSeparateFile='false', saveSealedObjectToSeparateFile='false'}
java.lang.SecurityException: JCE cannot authenticate the provider BC
at javax.crypto.Cipher.getInstance(Cipher.java:656)
at com.atlassian.db.config.password.ciphers.algorithm.AlgorithmCipher.encrypt(AlgorithmCipher.java:182)
at com.atlassian.db.config.password.ciphers.algorithm.AlgorithmCipher.encrypt(AlgorithmCipher.java:114)
at com.atlassian.crowd.crypto.ClusterAwareCipherWrapper.encrypt(ClusterAwareCipherWrapper.java:48)
at com.atlassian.crowd.crypto.DbConfigPasswordCipherEncryptor.doEncrypt(DbConfigPasswordCipherEncryptor.java:87)
at com.atlassian.crowd.crypto.DbConfigPasswordCipherEncryptor.encrypt(DbConfigPasswordCipherEncryptor.java:52)
at com.atlassian.jira.crowd.embedded.encryptors.MissingKeyLoggerEncryptor.encrypt(MissingKeyLoggerEncryptor.java:26)
at com.atlassian.crowd.crypto.CachedEncryptor.lambda$new$0(CachedEncryptor.java:38)
at com.atlassian.crowd.crypto.CachedEncryptor$1.load(CachedEncryptor.java:57)
at com.atlassian.crowd.crypto.CachedEncryptor$1.load(CachedEncryptor.java:53)
at com.google.common.cache.LocalCache$LoadingValueReference.loadFuture(LocalCache.java:3528)
at com.google.common.cache.LocalCache$Segment.loadSync(LocalCache.java:2277)
at com.google.common.cache.LocalCache$Segment.lockedGetOrLoad(LocalCache.java:2154)
at com.google.common.cache.LocalCache$Segment.get(LocalCache.java:2044)
at com.google.common.cache.LocalCache.get(LocalCache.java:3952)
at com.google.common.cache.LocalCache.getOrLoad(LocalCache.java:3974)
at com.google.common.cache.LocalCache$LocalLoadingCache.get(LocalCache.java:4958)
at com.google.common.cache.LocalCache$LocalLoadingCache.getUnchecked(LocalCache.java:4964)
at com.atlassian.crowd.crypto.CachedEncryptor.get(CachedEncryptor.java:82)
at com.atlassian.crowd.crypto.CachedEncryptor.encrypt(CachedEncryptor.java:67)
at com.atlassian.crowd.crypto.SaltingEncryptor.encrypt(SaltingEncryptor.java:28)
at com.atlassian.crowd.crypto.MissingKeyHandlingEncryptor.encrypt(MissingKeyHandlingEncryptor.java:21)
at com.atlassian.crowd.crypto.PrefixBasedSwitchableEncryptor.encrypt(PrefixBasedSwitchableEncryptor.java:45)
at com.atlassian.crowd.crypto.ClusterLockingEncryptor.lambda$encrypt$1(ClusterLockingEncryptor.java:27)
at com.atlassian.crowd.lock.ClusterLockWrapper.run(ClusterLockWrapper.java:43)
at com.atlassian.crowd.crypto.ClusterLockingEncryptor.encrypt(ClusterLockingEncryptor.java:27)
at com.atlassian.jira.crowd.embedded.encryptors.JiraEncryptor.encrypt(JiraEncryptor.java:35)
at com.atlassian.crowd.directory.LazyAttributesEvaluationDirectory.lambda$extractFromDelegateAndTransform$1(LazyAttributesEvaluationDirectory.java:77)
at com.google.common.cache.LocalCache$LocalManualCache$1.load(LocalCache.java:4876)
at com.google.common.cache.LocalCache$LoadingValueReference.loadFuture(LocalCache.java:3528)
at com.google.common.cache.LocalCache$Segment.loadSync(LocalCache.java:2277)
at com.google.common.cache.LocalCache$Segment.lockedGetOrLoad(LocalCache.java:2154)
at com.google.common.cache.LocalCache$Segment.get(LocalCache.java:2044)
at com.google.common.cache.LocalCache.get(LocalCache.java:3952)
at com.google.common.cache.LocalCache$LocalManualCache.get(LocalCache.java:4871)
at com.atlassian.crowd.directory.LazyAttributesEvaluationDirectory.getValue(LazyAttributesEvaluationDirectory.java:53)
at com.atlassian.crowd.directory.LazyAttributesEvaluationDirectory.lambda$getAttributes$0(LazyAttributesEvaluationDirectory.java:66)
at java.util.stream.ForEachOps$ForEachOp$OfRef.accept(ForEachOps.java:184)
at java.util.stream.ReferencePipeline$2$1.accept(ReferencePipeline.java:175)
at java.util.Spliterators$ArraySpliterator.forEachRemaining(Spliterators.java:948)
at java.util.stream.AbstractPipeline.copyInto(AbstractPipeline.java:481)
at java.util.stream.AbstractPipeline.wrapAndCopyInto(AbstractPipeline.java:471)
at java.util.stream.ForEachOps$ForEachOp.evaluateSequential(ForEachOps.java:151)
at java.util.stream.ForEachOps$ForEachOp$OfRef.evaluateSequential(ForEachOps.java:174)
at java.util.stream.AbstractPipeline.evaluate(AbstractPipeline.java:234)
at java.util.stream.ReferencePipeline.forEach(ReferencePipeline.java:418)
at com.atlassian.crowd.directory.LazyAttributesEvaluationDirectory.getAttributes(LazyAttributesEvaluationDirectory.java:66)
at com.atlassian.crowd.model.directory.DirectoryImpl.<init>(DirectoryImpl.java:108)
at com.atlassian.jira.crowd.embedded.ofbiz.OfBizDirectoryDao.update(OfBizDirectoryDao.java:180)
at com.atlassian.crowd.crypto.EncryptingDirectoryDAO.update(EncryptingDirectoryDAO.java:57)
at com.atlassian.crowd.manager.directory.DirectoryManagerGeneric.updateDirectory(DirectoryManagerGeneric.java:192)
at com.atlassian.crowd.embedded.core.CrowdDirectoryServiceImpl.updateDirectory(CrowdDirectoryServiceImpl.java:129)
... 3 filtered
at java.lang.reflect.Method.invoke(Method.java:498)
at com.atlassian.plugin.util.ContextClassLoaderSettingInvocationHandler.invoke(ContextClassLoaderSettingInvocationHandler.java:26)
at com.sun.proxy.$Proxy318.updateDirectory(Unknown Source)
... 3 filtered
at java.lang.reflect.Method.invoke(Method.java:498)
at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:343)
at org.eclipse.gemini.blueprint.service.importer.support.internal.aop.ServiceInvoker.doInvoke(ServiceInvoker.java:56)
at org.eclipse.gemini.blueprint.service.importer.support.internal.aop.ServiceInvoker.invoke(ServiceInvoker.java:60)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:186)
at org.springframework.aop.support.DelegatingIntroductionInterceptor.doProceed(DelegatingIntroductionInterceptor.java:136)
at org.springframework.aop.support.DelegatingIntroductionInterceptor.invoke(DelegatingIntroductionInterceptor.java:124)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:186)
at org.eclipse.gemini.blueprint.service.util.internal.aop.ServiceTCCLInterceptor.invokeUnprivileged(ServiceTCCLInterceptor.java:70)
at org.eclipse.gemini.blueprint.service.util.internal.aop.ServiceTCCLInterceptor.invoke(ServiceTCCLInterceptor.java:53)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:186)
at org.eclipse.gemini.blueprint.service.importer.support.LocalBundleContextAdvice.invoke(LocalBundleContextAdvice.java:57)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:186)
at org.springframework.aop.support.DelegatingIntroductionInterceptor.doProceed(DelegatingIntroductionInterceptor.java:136)
at org.springframework.aop.support.DelegatingIntroductionInterceptor.invoke(DelegatingIntroductionInterceptor.java:124)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:186)
at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:212)
at com.sun.proxy.$Proxy1514.updateDirectory(Unknown Source)
at com.atlassian.crowd.embedded.admin.ConfigurationController$2.doInTransaction(ConfigurationController.java:258)
at com.atlassian.crowd.embedded.admin.ConfigurationController$2.doInTransaction(ConfigurationController.java:250)
at com.atlassian.sal.core.transaction.HostContextTransactionTemplate$1.doInTransaction(HostContextTransactionTemplate.java:21)
at com.atlassian.jira.DefaultHostContextAccessor.doInTransaction(DefaultHostContextAccessor.java:50)
... 2 filtered
at java.lang.reflect.Method.invoke(Method.java:498)
at com.atlassian.plugin.util.ContextClassLoaderSettingInvocationHandler.invoke(ContextClassLoaderSettingInvocationHandler.java:26)
at com.sun.proxy.$Proxy608.doInTransaction(Unknown Source)
... 2 filtered
at java.lang.reflect.Method.invoke(Method.java:498)
at com.atlassian.plugin.osgi.bridge.external.HostComponentFactoryBean$DynamicServiceInvocationHandler.invoke(HostComponentFactoryBean.java:130)
at com.sun.proxy.$Proxy608.doInTransaction(Unknown Source)
at com.atlassian.sal.core.transaction.HostContextTransactionTemplate.execute(HostContextTransactionTemplate.java:18)
... 2 filtered
at java.lang.reflect.Method.invoke(Method.java:498)
at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:343)
at org.eclipse.gemini.blueprint.service.importer.support.internal.aop.ServiceInvoker.doInvoke(ServiceInvoker.java:56)
at org.eclipse.gemini.blueprint.service.importer.support.internal.aop.ServiceInvoker.invoke(ServiceInvoker.java:60)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:186)
at org.springframework.aop.support.DelegatingIntroductionInterceptor.doProceed(DelegatingIntroductionInterceptor.java:136)
at org.springframework.aop.support.DelegatingIntroductionInterceptor.invoke(DelegatingIntroductionInterceptor.java:124)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:186)
at org.eclipse.gemini.blueprint.service.util.internal.aop.ServiceTCCLInterceptor.invokeUnprivileged(ServiceTCCLInterceptor.java:70)
at org.eclipse.gemini.blueprint.service.util.internal.aop.ServiceTCCLInterceptor.invoke(ServiceTCCLInterceptor.java:53)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:186)
at org.eclipse.gemini.blueprint.service.importer.support.LocalBundleContextAdvice.invoke(LocalBundleContextAdvice.java:57)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:186)
at org.springframework.aop.support.DelegatingIntroductionInterceptor.doProceed(DelegatingIntroductionInterceptor.java:136)
at org.springframework.aop.support.DelegatingIntroductionInterceptor.invoke(DelegatingIntroductionInterceptor.java:124)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:186)
at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:212)
at com.sun.proxy.$Proxy1490.execute(Unknown Source)
at com.atlassian.crowd.embedded.admin.ConfigurationController.saveDirectory(ConfigurationController.java:250)
at com.atlassian.crowd.embedded.admin.ConfigurationController.handleSubmit(ConfigurationController.java:155)
at com.atlassian.crowd.embedded.admin.ldap.LdapConfigurationController.onSubmit(LdapConfigurationController.java:87)
... 3 filtered
at java.lang.reflect.Method.invoke(Method.java:498)
at org.springframework.web.method.support.InvocableHandlerMethod.doInvoke(InvocableHandlerMethod.java:190)
at org.springframework.web.method.support.InvocableHandlerMethod.invokeForRequest(InvocableHandlerMethod.java:138)
at org.springframework.web.servlet.mvc.method.annotation.ServletInvocableHandlerMethod.invokeAndHandle(ServletInvocableHandlerMethod.java:105)
at org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.invokeHandlerMethod(RequestMappingHandlerAdapter.java:892)
at org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.handleInternal(RequestMappingHandlerAdapter.java:797)
at org.springframework.web.servlet.mvc.method.AbstractHandlerMethodAdapter.handle(AbstractHandlerMethodAdapter.java:87)
at org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:1040)
at org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:943)
at org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:1006)
at org.springframework.web.servlet.FrameworkServlet.doPost(FrameworkServlet.java:909)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:652)
at org.springframework.web.servlet.FrameworkServlet.service(FrameworkServlet.java:883)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:733)
at com.atlassian.plugin.servlet.DelegatingPluginServlet.service(DelegatingPluginServlet.java:37)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:733)
at com.atlassian.plugin.servlet.ServletModuleContainerServlet.service(ServletModuleContainerServlet.java:47)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:733)
... 44 filtered
at com.atlassian.servicedesk.internal.web.ExternalCustomerLockoutFilter.doFilter(ExternalCustomerLockoutFilter.java:55)
... 8 filtered
at com.atlassian.jira.plugin.mobile.web.filter.MobileAppRequestFilter.doFilter(MobileAppRequestFilter.java:59)
... 4 filtered
at com.atlassian.jira.plugin.mobile.login.MobileLoginSuccessFilter.doFilter(MobileLoginSuccessFilter.java:54)
... 3 filtered
at com.atlassian.diagnostics.internal.platform.monitor.http.HttpRequestMonitoringFilter.doFilter(HttpRequestMonitoringFilter.java:55)
... 8 filtered
at com.atlassian.web.servlet.plugin.request.RedirectInterceptingFilter.doFilter(RedirectInterceptingFilter.java:21)
... 48 filtered
at com.atlassian.plugins.slack.analytics.SlackAnalyticsFilter.doFilter(SlackAnalyticsFilter.java:35)
... 3 filtered
at com.atlassian.troubleshooting.thready.filter.AbstractThreadNamingFilter.doFilter(AbstractThreadNamingFilter.java:46)
... 17 filtered
at com.atlassian.jira.security.JiraSecurityFilter.lambda$doFilter$0(JiraSecurityFilter.java:66)
... 1 filtered
at com.atlassian.jira.security.JiraSecurityFilter.doFilter(JiraSecurityFilter.java:64)
... 16 filtered
at com.atlassian.pats.web.filter.TokenBasedAuthenticationFilter.doFilter(TokenBasedAuthenticationFilter.java:83)
... 23 filtered
at com.atlassian.jira.servermetrics.CorrelationIdPopulatorFilter.doFilter(CorrelationIdPopulatorFilter.java:30)
... 5 filtered
at com.valiantys.jira.plugins.sql.service.servletcontext.ContextListenerServletFilter.doFilter(ContextListenerServletFilter.java:24)
... 3 filtered
at com.atlassian.plugins.authentication.impl.basicauth.filter.DisableBasicAuthFilter.doFilter(DisableBasicAuthFilter.java:70)
... 3 filtered
at com.atlassian.servicedesk.internal.web.CustomerContextSettingFilter.lambda$invokeFilterChain$0(CustomerContextSettingFilter.java:215)
at com.atlassian.servicedesk.internal.api.util.context.ReentrantThreadLocalBasedCodeContext.rteInvoke(ReentrantThreadLocalBasedCodeContext.java:136)
at com.atlassian.servicedesk.internal.api.util.context.ReentrantThreadLocalBasedCodeContext.runOutOfContext(ReentrantThreadLocalBasedCodeContext.java:89)
at com.atlassian.servicedesk.internal.utils.context.CustomerContextServiceImpl.runOutOfCustomerContext(CustomerContextServiceImpl.java:47)
at com.atlassian.servicedesk.internal.web.CustomerContextSettingFilter.outOfCustomerContext(CustomerContextSettingFilter.java:206)
at com.atlassian.servicedesk.internal.web.CustomerContextSettingFilter.doFilterImpl(CustomerContextSettingFilter.java:134)
at com.atlassian.servicedesk.internal.web.CustomerContextSettingFilter.doFilter(CustomerContextSettingFilter.java:123)
... 9 filtered
at com.atlassian.jwt.internal.servlet.JwtAuthFilter.doFilter(JwtAuthFilter.java:37)
... 3 filtered
at com.atlassian.web.servlet.plugin.request.RedirectInterceptingFilter.doFilter(RedirectInterceptingFilter.java:21)
... 4 filtered
at com.atlassian.troubleshooting.thready.filter.AbstractThreadNamingFilter.doFilter(AbstractThreadNamingFilter.java:46)
... 3 filtered
at com.atlassian.web.servlet.plugin.LocationCleanerFilter.doFilter(LocationCleanerFilter.java:36)
... 29 filtered
at com.atlassian.jira.servermetrics.MetricsCollectorFilter.doFilter(MetricsCollectorFilter.java:25)
... 25 filtered
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
at java.lang.Thread.run(Thread.java:748)
Caused by: java.util.jar.JarException: file:/srv/jira/jira-8201/atlassian-jira/WEB-INF/lib/bcprov-jdk15on-1.68.jar is not signed by a trusted signer.
at javax.crypto.JarVerifier.verifySingleJar(JarVerifier.java:540)
at javax.crypto.JarVerifier.verifyJars(JarVerifier.java:363)
at javax.crypto.JarVerifier.verify(JarVerifier.java:289)
at javax.crypto.JceSecurity.verifyProviderJar(JceSecurity.java:164)
at javax.crypto.JceSecurity.getVerificationResult(JceSecurity.java:190)
... 425 moreEnvironment
Jira 8.20.1
Java JDK 1.8.0_201
Diagnosis
Java JRE currently in use is JDK 1.8.0_201:
<java.home>/opt/appsrv/jdk1.8.0_201/jre</java.home>
Cause
It happens to be an issue while using the /javax.crypto.spec.SecretKeySpec_1635793850314 cipher to encrypt the LDAP password in the database. It looks like a Java problem, as it seems the current JRE is unable to trust the jar
Solution
Switch to Java 11 (AdoptOpenJDK 11.0.11+9)
Updated on September 26, 2025
Was this helpful?
Still need help?
The Atlassian Community is here for you.