Uploaded image for project: 'Jira Data Center'
  1. Jira Data Center
  2. JRASERVER-78763

Authentication failure through forward proxy with authentication enabled while creating an outgoing OAuth2 application link

XMLWordPrintable

      Issue Summary

      Jira fails to establish connection to any external system through forward proxy with authentication enabled causing failure in configuration of Oauth application link and email server

      Steps to Reproduce

      1. Configure a forward proxy using basic proxy authentication: eg: tinyproxy
      2. Configure JIRA to use a authenticated forward proxy using following start up options: 
        -Dhttp.proxyHost=127.0.0.1 -Dhttp.proxyPort=8888 -Dhttp.proxyUser=user -Dhttp.proxyPassword=pass -Dhttps.proxyHost=127.0.0.1 -Dhttps.proxyPort=8888 -Dhttps.proxyUser=user -Dhttps.proxyPassword=pass  -Djdk.http.auth.tunneling.disabledSchemes

            3. Attempt to create an application link to external Email server and test connection, it would fail with error as shown under Actual Results "Test Connection fails" 
            4. Proceed to add a mail server using above broken application link and as result, it would display the error "HTTP/1.0 407 Proxy Authentication Required"

       

      Expected Results

      Jira should be able to connect to external system through authentication enabled forward proxy

      Actual Results

      Test Connection fails 

      The below exception is thrown in the atlassian-jira.log file:

      2025-04-22 16:09:43,937+0000 http-nio-8080-exec-4 url: /jira/rest/oauth2-client/latest/config/flow/cdffc5a8-2c86-4470-a7b9-e3a71944207e; user: admin ERROR admin 969x1007x2 p92afp 172.29.217.172,172.50.0.2 /rest/oauth2-client/latest/config/flow/cdffc5a8-2c86-4470-a7b9-e3a71944207e [c.a.o.c.rest.resource.ClientConfigurationResource] Error occurred while authorizing an integration. The error message is: java.io.IOException: Unable to tunnel through proxy. Proxy returns "HTTP/1.0 407 Proxy Authentication Required"

      HTTP/1.0 407 Proxy Authentication Required in UI while attempting to mail server.

       

      Workaround

      Discuss with the network team one of the following options:

      • Disable proxy authentication
      • Configure a transparent proxy, which wouldn't require any configuration on the JVM level
      • Configure a local unauthenticated proxy that would pass requests to the upstream proxy (authenticated)

        1. image-2025-04-23-12-24-37-485.png
          image-2025-04-23-12-24-37-485.png
          140 kB
        2. image-2025-04-23-12-37-19-938.png
          image-2025-04-23-12-37-19-938.png
          67 kB

              mmarzecki Mateusz Marzęcki
              1ece1773342d Sandip Shrivastava
              Votes:
              1 Vote for this issue
              Watchers:
              4 Start watching this issue

                Created:
                Updated: