-
Bug
-
Resolution: Not a bug
-
Medium (View bug fix roadmap)
-
None
-
Unknown
-
Severity 3 - Minor
-
Problem
If JIRA/Stash with SSL connections are using an invalid hostname in the SSL certificate, workflow triggers will not work. Other functions of the application link integration appears to be working as expected.
Summary
- Configure JIRA and Stash with SSL in Tomcat(using SSL certificate with an invalid hostname)
Sample Connector from server.xml file used for both JIRA and Stash with the only difference being listening ports:
<Connector port="8443" protocol="org.apache.coyote.http11.Http11Protocol" maxHttpHeaderSize="8192" SSLEnabled="true" maxThreads="150" minSpareThreads="25" enableLookups="false" disableUploadTimeout="true" acceptCount="100" scheme="https" secure="true" clientAuth="false" sslProtocol="TLS" useBodyEncodingForURI="true" keyAlias="jira639" keystoreFile="<jira-home>jira.jks" keystorePass="changeit" keystoreType="JKS"/>
Tests via Applinks Diagnostics plugin all come back successful.
- Go to workflow in JIRA and when adding a workflow trigger you'll see a message telling you 'JIRA is not able to communicate with Stash':
It is possible to still add the trigger, however tests reveal that it does not work as message in the diagnostic above indicates.
Verifiy
- Please see Development Panel missing and Workflow triggers not working to confirm whether you are using a valid SSL certificate.
- is related to
-
-
- Closed
-
- derives
-
FUSE-2091 Failed to load
- is caused by
-
APLDEV-279 Failed to load
- mentioned in
-
Page
Failed to load
-
Page
Failed to load
-
Page Loading...
-
-
-
- relates to
-
| Form Name | |||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
[JSWSERVER-14892] Workflow Triggers not working with Tomcat over SSL when certificate contains invalid hostname
Closing this bug as we have only been able to reproduce this using a SSL certificate with an invalid hostname in Stash or JIRA side.
Michael Bellomo
added a comment - Images @Matthew
From Stash:
-on pull requests I can see the linked JIRA tickets and follow the links
-on pull requests I can see the bamboo build status (green check) - I know this is bamboo, not JIRA, but trying to illustrate that we have successfully linked apps
From JIRA:
-I can create stash branches via "Create branch" link
-I can see the number of commits made, and the date
-I can see that there is a pull request and it's status
-I can see bamboo builds, as well as the green check indicating status (again, I know this is bamboo)
-I do not even have a "source" tab in JIRA...I thought we used to but forget
Attaching some screenshots of what I see.
Also, we actually have a support ticket open, and they said this is a known issue and pointed us at this ticket (JRA-41236). Here's the quote from support:
“Initially I was puzzled to why your trigger doesn't work properly. So I've spent some time digging through a couple of JIRA cases as well and based on your situation, it looks it you've hit a known bug in JIRA and not Stash JRA-41236. This is actually a problem with JIRA where it does not trigger the transition over SSL due to limited workflow trigger configuration”
Michael Bellomo
added a comment - - edited @Matthew
From Stash:
-on pull requests I can see the linked JIRA tickets and follow the links
-on pull requests I can see the bamboo build status (green check) - I know this is bamboo, not JIRA, but trying to illustrate that we have successfully linked apps
From JIRA:
-I can create stash branches via "Create branch" link
-I can see the number of commits made, and the date
-I can see that there is a pull request and it's status
-I can see bamboo builds, as well as the green check indicating status (again, I know this is bamboo)
-I do not even have a "source" tab in JIRA...I thought we used to but forget
Attaching some screenshots of what I see.
Also, we actually have a support ticket open, and they said this is a known issue and pointed us at this ticket ( JRA-41236 ). Here's the quote from support:
Support wrote
“Initially I was puzzled to why your trigger doesn't work properly. So I've spent some time digging through a couple of JIRA cases as well and based on your situation, it looks it you've hit a known bug in JIRA and not Stash JRA-41236 . This is actually a problem with JIRA where it does not trigger the transition over SSL due to limited workflow trigger configuration”
For others watching this issue, it is important to check that both the Stash or FishEye instance and the JIRA instance have their application links configured correctly in both directions and from both ends as detailed in https://confluence.atlassian.com/display/JIRA/Integrating+JIRA+with+Code+Development+Tools and following the instructions in the description of this issue.
Please note there are existing issues if you are using SNI in your tomcat (or Apache) configuration (JRA-24515, STASH-2970).
mgimbl - It may be best if you open a support ticket with us at https://support.atlassian.com. There are a few things they will need to know:
- Do you have more than 1 Stash instance or a FishEye instance or a Bitbucket/Github connected to your JIRA and if so what versions are the FishEye and Stash instances?
- If you have FishEye connected, are you scanning the same source code that you have in Stash?
- Do you see your Stash commits in the development panel when you click "commits" as well as in the source tab?
For the source tab to appear, it normally means that one of your connected dev-tools (Stash or FishEye) is not capable of working with the development panel. The tab will however, show all the commits from all connected FishEye and Stash instances whether they work with the development panel or not.
It is strange that your dev-tools admin page shows no warnings yet when you add a trigger it says it can't connect. The trigger check tht it can work is more exhaustive than warnings in the admin page - it checks that not only can JIRA talk to the Stash instance, but Stash can talk to JIRA - it is important that you have your applinks configured correctly in both directions and from both sides as detailed in https://confluence.atlassian.com/display/JIRA/Integrating+JIRA+with+Code+Development+Tools
Thanks,
Matt Watson (Integration Development Manager)
michael.bellomo, could you elaborate on which parts of your Stash integration work? Creating a branch in Stash from JIRA should be the last thing to break as in practice, it's only a redirect, so only requires JIRA to know about Stash, whereas other features such as commits, branches and PRs appearing in the development panel, or the source tab appearing at the bottom of the issue, or JIRA issues being able to be viewed in Stash, all require more correct connections. If you can let us know which of the above are working and which aren't, it'll help us in diagnosing the problem (it may be that opening a support ticket at https://support.atlassian.com and getting a support engineer's help is a better approach), thanks, Matt Watson (Integration Development Manager)
Issue happening in 6.4.1. Stash commits show up in source tab and the development panel shows up (create branches and view commits in Jira) and Jira issue information shows up in Stash with the commit. However, when trying to add a workflow trigger, we experience the issue of "Jira is not able to communicate with Stash"
Note: our Developer Tools page in project overview does not have any warnings
matthew gimbl
added a comment - - edited Issue happening in 6.4.1. Stash commits show up in source tab and the development panel shows up (create branches and view commits in Jira) and Jira issue information shows up in Stash with the commit. However, when trying to add a workflow trigger, we experience the issue of "Jira is not able to communicate with Stash"
Note: our Developer Tools page in project overview does not have any warnings This is happening on version 6.3.15 as well for us. The interesting part is that we can create branches from JIRA in Stash, it's only the workflow triggers that do not work.
Michael Bellomo
added a comment - - edited This is happening on version 6.3.15 as well for us. The interesting part is that we can create branches from JIRA in Stash, it's only the workflow triggers that do not work.
Hi chasberndt, it might be best then if you open a support ticket at https://suport.atlassian.com so we can get the full details to diagnose the problem,
Thanks,
Matt Watson