Details
-
Bug
-
Resolution: Fixed
-
High
-
8.21.1
-
8.21
-
3
-
Severity 2 - Major
-
18
-
Description
Issue Summary
The endpoint /rest/auth/1/session when triggered with any user from LDAP connected to Jira over SSL (LDAPS) throws java.lang.ClassNotFoundException error.
- The issue does not occur with the same user when LDAP is connected without SSL (UseSSL unchecked).
- The local users work perfectly.
- This occurs only in 8.21.x
Steps to Reproduce
- Setup LDAP with SSL
- Make sure you can login to Jira with an user from the LDAPS
- Run the curl command
curl -X POST https://docs.uat.flatex.com/jira/rest/auth/1/session -H 'content-type: application/json' -d '{ "username": "admin", "password": "admin" }' -v
Expected Results
To get the session details
* Connection #0 to host sunjira.com left intact {"session":{"name":"JSESSIONID","value":"3800E103432ECD188C7823FEE6D2988C"},"loginInfo":{"failedLoginCount":3,"loginCount":11,"lastFailedLoginTime":"2021-04-06T08:53:08.262+0530","previousLoginTime":"2022-02-06"}}
Actual Results
Running the same Curl with LDAPS user
* upload completely sent off: 56 out of 56 bytes * Mark bundle as not supporting multiuse < HTTP/1.1 401 < Date: Thu, 27 Jan 2022 12:34:47 GMT < Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.4.0RC6 < Strict-Transport-Security: max-age=15768000 < X-AREQUESTID: 814x25790x1 < Referrer-Policy: strict-origin-when-cross-origin < X-XSS-Protection: 1; mode=block < X-Content-Type-Options: nosniff < Strict-Transport-Security: max-age=31536000 < X-AUSERNAME: anonymous < WWW-Authenticate: JIRA REST POST < Content-Security-Policy: sandbox < Cache-Control: no-cache, no-store, no-transform < WWW-Authenticate: OAuth realm="https%3A%2F%2Fsunjira.com%2Fjira" < Content-Type: application/json;charset=UTF-8 < Set-Cookie: atlassian.xsrf.token=BO7B-ZCU5-U9NH-RB4D_362bce9b358ddad294792edf74a7d03fb6e6a81d_lout; Path=/jira; Secure < Transfer-Encoding: chunked < * Connection #0 to host docs.uat.flatex.com left intact {"errorMessages":["Login failed"],"errors":{}}jopl@jopl-dell-precision:~$
The below exception is thrown in the log file:
2022-02-01 15:41:09,253+0100 http-nio-8080-exec-24 ERROR anonymous 941x55094x1 - 10.40.152.102,10.40.66.77 /rest/auth/1/session [c.a.j.security.login.JiraSeraphAuthenticator] Error occurred while trying to authenticate user 'user1'. com.atlassian.crowd.exception.runtime.OperationFailedException at com.atlassian.crowd.embedded.core.CrowdServiceImpl.convertOperationFailedException(CrowdServiceImpl.java:676) at com.atlassian.crowd.embedded.core.CrowdServiceImpl.authenticate(CrowdServiceImpl.java:76) at com.atlassian.jira.security.login.JiraSeraphAuthenticator.authenticate(JiraSeraphAuthenticator.java:53) at com.atlassian.seraph.auth.DefaultAuthenticator.login(DefaultAuthenticator.java:97) at com.atlassian.seraph.filter.PasswordBasedLoginFilter.runAuthentication(PasswordBasedLoginFilter.java:133) Caused by: org.springframework.transaction.CannotCreateTransactionException: Could not create DirContext instance for transaction; nested exception is org.springframework.ldap.CommunicationException: 192.168.24.138:636; nested exception is javax.naming.CommunicationException: 192.168.24.138:636 [Root exception is java.lang.ClassNotFoundException: com.atlassian.crowd.directory.ssl.LdapHostnameVerificationSSLSocketFactory] Caused by: org.springframework.ldap.CommunicationException: 192.168.24.138:636; nested exception is javax.naming.CommunicationException: 192.168.24.138:636 [Root exception is java.lang.ClassNotFoundException: com.atlassian.crowd.directory.ssl.LdapHostnameVerificationSSLSocketFactory] at org.springframework.ldap.support.LdapUtils.convertLdapException(LdapUtils.java:108) at org.springframework.ldap.core.support.AbstractContextSource.createContext(AbstractContextSource.java:355) at org.springframework.ldap.core.support.AbstractContextSource.doGetContext(AbstractContextSource.java:139) at org.springframework.ldap.core.support.AbstractContextSource.getReadWriteContext(AbstractContextSource.java:174) at org.springframework.ldap.transaction.compensating.manager.ContextSourceTransactionManagerDelegate.getNewHolder(ContextSourceTransactionManagerDelegate.java:96) ... 323 more Caused by: javax.naming.CommunicationException: 192.168.24.138:636 [Root exception is java.lang.ClassNotFoundException: com.atlassian.crowd.directory.ssl.LdapHostnameVerificationSSLSocketFactory]
Workaround
Currently, there is no known workaround for this behavior. A workaround will be added here when available