Unable to login to Bitbucket via extranet
Hi everyone,
I habe setup Crowd for centralized authentication service. Now I have the problem, that I am not able to login to my Bitbucket aplication from outside the proxy (extranet). If i logon from the local connector (without proxy settings set in bitbucket.properties), I am able to login, so the user credentials and the autnetication with Crowd is fine. But if I set the proxy settings in Bitbucket and try to login from extranet, the login request ends in a HTTP/404 response in URL <http_host>/j_atl_security_check.
Figuring out the logs, I was just able to find these two outputs that seems to be similar to these issue.
<server-ip>:51345,0:0:0:0:0:0:0:1 | https | o@15ASSAKx736x18x1 | - | 2018-05-28 12:16:45,589 | "POST /rest/analytics/1.0/publish/bulk HTTP/1.1" | "https://<bitbucket-application>.<my-domain>.<tld>/login" "Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; Touch; rv:11.0) like Gecko" | 500 | 0 | 31479 | - | 21851 | - |
<server-ip>:51341,0:0:0:0:0:0:0:1 | https | o@15ASSAKx736x19x1 | - | 2018-05-28 12:16:46,823 | "POST /j_atl_security_check HTTP/1.1" | "https://<bitbucket-application>.<my-domain>.<tld>/login" "Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; Touch; rv:11.0) like Gecko" | 404 | 0 | 0 | - | 20140 | - |
Do someone may have a hint for me how to solve this issue? Is it may related to a domain name resolution against Crowd?
Unfortunately I have no further or more specific log entries found. :(
In addition, if I try to access Bitbucket on the server itself and login, the login works though the domain is redirected form the local address (localhost) to the proxy name address. But even if the login works, no content is displayed in Bitbucket: I can only view my logon and the "headline" of the Bitbucket website, like:
For proxy settings, I've used this guide: https://confluence.atlassian.com/kb/proxying-atlassian-server-applications-with-microsoft-internet-information-services-iis-833931378.html
I've set Bitbuckets "server.xml" properties like explained in https://confluence.atlassian.com/bitbucketserver/migrate-server-xml-customizations-to-bitbucket-properties-897811761.html and https://confluence.atlassian.com/bitbucketserver/bitbucket-server-config-properties-776640155.html#BitbucketServerconfigproperties-Server; I am running Bitbucket version 5.10.1 and Crowd in version 3.2.0.
The server and its environment: One Windows Server 2012 R2 runs the Bitbucket application, as well the Crowd application as well the IIS (8.5) proxy, with ARR 3.5 installed.
Thanks in advance
Kevin
2 answers
1 accepted
Hi @Felipe Kraemer,
first of all I would like to thank you very much for your reply.
I have set the IP address to the list of trusted prich servers, though I am not able to login. I have tried to figure out the issue by IIS failed request tracing, but was not able to figure out any issues (just found error codes like 0 and ‘request completed sucessfully’; I set the filter for this log to http error states 502.3 and logged the WWW-Server URL Rewrite).
If I try to login with the administrative user in Bitbuckets internal directory, I am running into the problem, that the username of this user equals the username of my account in Crowd. And I have set crowd in the list of user directives at top. If I try to logon via the server itself, eg http://localhost:1 for Bitbucket and http://localhost:2/crowd for Crowd, I am able to login with the user credential set in Crowd and if I review the sync status of users in Bitbucket, I can see synced users from Crowd. But if I try to logon from any other system, eg my personal computer, I am running into the issue, that https://bitbucket.my-domain.tld/j_atl_security_check respons with eigther http/404 or http/503.2. The following screenshot shows the website (from my mobile device), after logging in from extranet.
Please let me know which of the configuration and log files I can provide for you. Opening a support request therefore is fine for me.
Thank you again very much in advance,
Kevin
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.