-
Bug
-
Resolution: Not a bug
-
Low (View bug fix roadmap)
-
None
-
Unknown
-
Severity 3 - Minor
-
Sometimes, when establishing applinks between JIRA and Stash using OAuth and disabling user impersonation, the application link fails with the following message in JIRA logs:
2014-06-10 20:50:07,143 StreamsCompletionService::thread-14 WARN admin 1250x464x3 htcrst 127.0.0.1 /plugins/servlet/streams [apache.commons.httpclient.HttpMethodDirector]
Unable to respond to any of these challenges: {oauth=OAuth realm="http%3A%2F%2Flocalhost%3A7990%2Fstash", oauth_token="", oauth_consumer_key="jira%3Acd66d2ec-86a3-4f3f-a70f-03718e2afa86", oauth_signature_method="RSA-SHA1", oauth_timestamp="1402404607", oauth_nonce="24587940252542", oauth_version="1.0", oauth_signature="QBNVrsQn5DyL70O09jYZ9fX5Izl6UPBwp%2F8JXL3UxcaHWEmMsrAh2gc%2BfJRWp5b9CI8vS2wgv%2FTNYtBJlfxZj0ijGRSwPE3vq%2B28SLktp4dA0PKNpa%2BuND0RsxeeyWUJKxGQBeLgtAI%2FHVIphl7fS%2BB2Sp8tuMZBcbDtU1X5T6o%3D"}
And the following in Stash logs:
2014-06-10 20:50:44,704 WARN [http-bio-7990-exec-5] admin 1250x179x0 16b7q5o 127.0.0.1 "GET /rest/jira-integration/latest/issues HTTP/1.1" o.a.c.httpclient.HttpMethodDirector Unable to respond to any of these challenges: {oauth=OAuth realm="http%3A%2F%2Flocalhost%3A8075%2Fjira", oauth_token="", oauth_consumer_key="Stash%3A3302494873", oauth_signature_method="RSA-SHA1", oauth_timestamp="1402404644", oauth_nonce="24625460778834", oauth_version="1.0", oauth_signature="k1a%2Fe3NxLJFpSAMdM%2F5FNgHRD0wG62Wuq8xKZvFi4bP6i5r4P%2BLFodc8Ma9lt7z9eUK8KnfeITnjOXJStregPFFOLGAKb6Tkayzjfwu2D1wPSzSTkCuBk7Ja1R3tHTwyOHay5x2U2LHrAki2HMpFm%2Fs8vxrjMMyyDFvmJ8HnCoQ%3D"}
2014-06-10 20:50:44,714 WARN [http-bio-7990-exec-5] admin 1250x179x0 16b7q5o 127.0.0.1 "GET /rest/jira-integration/latest/issues HTTP/1.1" c.a.i.i.jira.DefaultJiraService Problem communicating with JIRA
java.io.EOFException: No content to map to Object due to end of input
at org.codehaus.jackson.map.ObjectReader._initForReading(ObjectReader.java:640) ~[atlassian-rest-module-2.9.5_1393789126000.jar:1.9.13]
at org.codehaus.jackson.map.ObjectReader._bindAndClose(ObjectReader.java:562) ~[atlassian-rest-module-2.9.5_1393789126000.jar:1.9.13]
at org.codehaus.jackson.map.ObjectReader.readValue(ObjectReader.java:333) ~[atlassian-rest-module-2.9.5_1393789126000.jar:1.9.13]
at com.atlassian.internal.integration.jira.DefaultJiraService$JiraResponseHandler.filter(DefaultJiraService.java:977) [jira-integration-plugin-1.5.7_1395330838000.jar:na]
at com.atlassian.internal.integration.jira.DefaultJiraService$JiraResponseHandler.handle(DefaultJiraService.java:965) [jira-integration-plugin-1.5.7_1395330838000.jar:na]
at com.atlassian.internal.integration.jira.DefaultJiraService$JiraResponseHandler.handle(DefaultJiraService.java:934) [jira-integration-plugin-1.5.7_1395330838000.jar:na]
at com.atlassian.applinks.core.auth.oauth.OAuthApplinksResponseHandler.handle(OAuthApplinksResponseHandler.java:61) [applinks-plugin-4.1.1_1389424034000.jar:na]
at com.atlassian.applinks.core.auth.ApplicationLinkRequestAdaptor$1.handle(ApplicationLinkRequestAdaptor.java:87) [applinks-plugin-4.1.1_1389424034000.jar:na]
Steps to reproduce (not 100% reproducible, but it CAN happen randomly):
- Install JIRA and Stash.
- Establish applinks using OAuth and disable user impersonation.
Expected behavior:
- Applinks established successfully.
Actual behavior:
- Approving tokens in JIRA fails, e.g. the token was never generated.
- Approving tokens in Stash fails as well.
Solution
- Make sure that if "impersonation" is enabled in the outgoing authentication on one side of the link, the other side has it enabled in its incoming authentication
- If affected by https://ecosystem.atlassian.net/browse/APL-1151, then simply delete and recreate the link. You may need to delete the link separately on each side before recreating it.
- is related to
-
APL-1225 Updating 2LO and 2LOi flags on incoming authentication does not update corresponding outgoing authentication on opposite site of link and vice versa
- Done
- mentioned in
-
![[Atlassian Documentation] Page](/images/icons/generic_link_16.png "[Atlassian Documentation] Page")
Page
No Confluence page found with the given URL.
-
Page Failed to load
-
Page
Failed to load
- relates to
-
- Done
| Form Name | |||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
[JSWSERVER-14908] Disabling user impersonation sometimes causes Stash applinks to fail
Pierre-Yves Aquilanti
added a comment - This problem prevented our users to view issues in the pull requests pages, the workaround worked.
Pierre-Yves Aquilanti
added a comment - This problem prevented our users to view issues in the pull requests pages, the workaround worked.
This is actually caused by a mismatch in configuration between the ends of the application link, which has been made possible by a bug in applinks, where the flags for OAuth are not updated on the other end of the link. I've raised a bug in the Applinks project https://ecosystem.atlassian.net/browse/APL-1225 for this.
Specifically this case is caused by having impersonation disabled in the incoming authentication, while having impersonation enabled in the outgoing authentication of the other end of the link. To reproduce the two above logs, I created the following situations:
If using a version of the AppLinks plugin below 4.0.15, 4.1.4 or 4.2.2, then it may be impossible to edit the configuration to fix this on at least one end of the link, due to https://ecosystem.atlassian.net/browse/APL-1151. In that case you just need to delete and recreate the link, using the correct settings at the time the link is created.