-
Bug
-
Resolution: Fixed
-
Low
-
None
-
8.0.4, 8.1.4, 8.2.3, 7.21.5, 8.3.2, 8.4.1, 8.5.0
-
None
-
2
-
Severity 3 - Minor
-
10
-
Issue Summary
The document Connect Bitbucket to Crowd is missing the requirements to have Allow to generate user tokens enabled in Crowd in order to use HTTP access tokens.
Steps to Reproduce
- Configure the Bitbucket integration with Crowd according to the current version of the document.
- Configure legacy Crowd SSO in Bitbucket
Expected Results
The option Allow to generate user tokens is mentioned on the page and links to Crowd documentation Allowing applications to create user tokens.
Actual Results
When the user is trying to use Crowd without Allow to generate user tokens enabled it fails.
The below exception is thrown in the atlassian-bitbucket.log file:
2022-10-07 09:21:26,330 DEBUG [https-jsse-nio-8443-exec-12] @EXM9C4x561x86710x0 195.56.119.209,172.41.6.22 "GET /rest/api/1.0/projects/AWS HTTP/1.1" c.a.b.i.c.s.CrowdSsoAuthenticationHandler Error while authenticating for Crowd SSO com.atlassian.crowd.exception.InvalidAuthenticationException: Account with name <myuser> failed to authenticate at com.atlassian.crowd.exception.InvalidAuthenticationException.newInstanceWithName(InvalidAuthenticationException.java:45) at com.atlassian.crowd.integration.rest.service.RestCrowdClient.handleInvalidUserAuthentication(RestCrowdClient.java:1112) at com.atlassian.crowd.integration.rest.service.RestCrowdClient.authenticateSSOUserWithoutValidatingPassword(RestCrowdClient.java:890) at com.atlassian.crowd.integration.http.CrowdHttpAuthenticatorImpl.authenticateWithoutValidatingPassword(CrowdHttpAuthenticatorImpl.java:94) at com.atlassian.bitbucket.internal.crowd.sso.CrowdSsoAuthenticationHandler.onAuthenticationSuccess(CrowdSsoAuthenticationHandler.java:184) at com.atlassian.stash.internal.auth.PluginHttpAuthenticationSuccessHandler.onAuthenticationSuccess(PluginHttpAuthenticationSuccessHandler.java:47) at com.atlassian.stash.internal.spring.security.StashAuthenticationFilter.onSuccess(StashAuthenticationFilter.java:212) at com.atlassian.stash.internal.spring.security.StashAuthenticationFilter.doFilter(StashAuthenticationFilter.java:100) at com.atlassian.stash.internal.web.auth.BeforeLoginPluginAuthenticationFilter.doInsideSpringSecurityChain(BeforeLoginPluginAuthenticationFilter.java:112) at com.atlassian.stash.internal.web.auth.BeforeLoginPluginAuthenticationFilter.doFilter(BeforeLoginPluginAuthenticationFilter.java:75) at com.atlassian.security.auth.trustedapps.filter.TrustedApplicationsFilter.doFilter(TrustedApplicationsFilter.java:94) at com.atlassian.oauth.serviceprovider.internal.servlet.OAuthFilter.doFilter(OAuthFilter.java:67) at com.atlassian.oauth2.provider.core.web.AccessTokenFilter.lambda$doFilter$0(AccessTokenFilter.java:74) at com.atlassian.oauth2.scopes.request.DefaultScopesRequestCache.doWithScopes(DefaultScopesRequestCache.java:34) at jdk.internal.reflect.GeneratedMethodAccessor585.invoke(Unknown Source) at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at org.eclipse.gemini.blueprint.service.importer.support.internal.aop.ServiceInvoker.doInvoke(ServiceInvoker.java:56) at org.eclipse.gemini.blueprint.service.importer.support.internal.aop.ServiceInvoker.invoke(ServiceInvoker.java:60) at org.eclipse.gemini.blueprint.service.util.internal.aop.ServiceTCCLInterceptor.invokeUnprivileged(ServiceTCCLInterceptor.java:70) at org.eclipse.gemini.blueprint.service.util.internal.aop.ServiceTCCLInterceptor.invoke(ServiceTCCLInterceptor.java:53) at org.eclipse.gemini.blueprint.service.importer.support.LocalBundleContextAdvice.invoke(LocalBundleContextAdvice.java:57) at com.atlassian.oauth2.provider.core.web.AccessTokenFilter.doFilter(AccessTokenFilter.java:71) at com.atlassian.stash.internal.spring.lifecycle.LifecycleJohnsonServletFilterModuleContainerFilter.doFilter(LifecycleJohnsonServletFilterModuleContainerFilter.java:42) at com.atlassian.plugin.connect.plugin.auth.oauth2.DefaultSalAuthenticationFilter.doFilter(DefaultSalAuthenticationFilter.java:69) at com.atlassian.plugin.connect.plugin.auth.user.ThreeLeggedAuthFilter.doFilter(ThreeLeggedAuthFilter.java:109) at com.atlassian.plugins.authentication.impl.basicauth.filter.DisableBasicAuthFilter.doFilter(DisableBasicAuthFilter.java:70) at com.atlassian.jwt.internal.servlet.JwtAuthFilter.doFilter(JwtAuthFilter.java:37) at com.atlassian.analytics.client.filter.DefaultAnalyticsFilter.doFilter(DefaultAnalyticsFilter.java:26) at com.atlassian.analytics.client.filter.AbstractHttpFilter.doFilter(AbstractHttpFilter.java:33) at com.atlassian.troubleshooting.thready.filter.AbstractThreadNamingFilter.doFilter(AbstractThreadNamingFilter.java:46) at com.atlassian.stash.internal.spring.lifecycle.LifecycleJohnsonServletFilterModuleContainerFilter.doFilter(LifecycleJohnsonServletFilterModuleContainerFilter.java:42) at com.atlassian.stash.internal.web.auth.BeforeLoginPluginAuthenticationFilter.doBeforeBeforeLoginFilters(BeforeLoginPluginAuthenticationFilter.java:90) at com.atlassian.stash.internal.web.auth.BeforeLoginPluginAuthenticationFilter.doFilter(BeforeLoginPluginAuthenticationFilter.java:73) at com.atlassian.stash.internal.request.DefaultRequestManager.doAsRequest(DefaultRequestManager.java:84) at com.atlassian.stash.internal.hazelcast.ConfigurableWebFilter.doFilter(ConfigurableWebFilter.java:38) at java.base/java.lang.Thread.run(Thread.java:829) ... 157 frames trimmed
Workaround
Documentation bug - no workaround required.