Forums
Home Product Q&A Discussion groups Articles Ask a question Search
Learning
Events

Forums

Articles
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

How to stop Jira/Tomcat using authentication credentials from Apache?

Mark James3
Mark James August 21, 2013

I want to set up two layers of password protection on the public facing version of our Jira server. The normal Jira login, and an Apache login.

I've tried various different methods and nothing's worked. The issue seems to be that when I use apache login (virtual host, proxypass to ajp connector, with auth on the proxy element) jira tries to use those credentials which fails with this error in the atlassian-jira-security.log

2013-08-22 16:38:36,161 ajp-bio-8009-exec-4 anonymous 998x427x1 1k0mhp6 10.1.11.112 /secure/MyJiraHome.jspa login : 'mark.james' tried to login but they do not have USE permission or weren't found. Deleting remember me cookie.

If i add a user to apache auth with the same username and password as a jira account it works ok (but then there's only 1 level of login.)

i've tried setting tomcatAuthentication="true" on the connector but it made no diff (true is the default value anyway.)

any suggestions/help much appreciated,

mark

Answer
Watch
Like Be the first to like this
1097 views

4 answers

0 votes
Valentijn Scholten
Valentijn Scholten
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
March 5, 2014

Shouldn't you put the Auth config outside of the Proxy tag?

Don't if that helps, but maybe it prevents Apache from sending the username/password to jira.

Reply
0 votes
Gerrit Griebel
Gerrit Griebel March 4, 2014

I added basic auth to Apache. As long as I had a valid cookie everything was fine, I entered the basic credentials could access Jira. But after logging off from Jira, I got the same problem and was never able to login again.

Reply
0 votes
CelsoA
CelsoA
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
September 5, 2013

Hi Mark,

Could you please add your virtual host here?

This way I can try to reproduce the scenario and help you.

Regards,

Celso Yoshioka

Atlassian Support

View More Comments
Mark James3
Mark James September 5, 2013 
<VirtualHost *:443>

    ServerName  jira....
    ServerAdmin mark.james@...

    SSLEngine on
    SSLCipherSuite ALL:!LOW:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+SSLv2:+EXP

    SSLCertificateFile         /etc/ssl/jira...crt
    SSLCertificateKeyFile   /etc/ssl/jira...key

    ProxyPass               /    ajp://localhost:8009/
    ProxyPassReverse   /    ajp://localhost:8009/

    <Proxy *>
        AuthType Basic
        AuthName "Jira"
        AuthUserFile /etc/apache2/passwd/users        
        Require valid-user
    </Proxy>

    ErrorLog ${APACHE_LOG_DIR}/error.log
    LogLevel warn
    CustomLog ${APACHE_LOG_DIR}/access.log combined

</VirtualHost>

Like
Reply
0 votes
CelsoA
CelsoA
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
August 29, 2013

Hi there,

How is configured your apache vhost?

My shoot was going to add these on apache virtual host:

<Proxy *>

Order deny,allow

Allow from all

AuthType Basic

AuthName "Password Required"

AuthUserFile password.file

AuthGroupFile group.file

Require group usergroup

</Proxy>

Which environment are you using? because this lines above will need a .htpasswd file to be created, but depending on the environment the creating of this file will be different.

Please five it a try and let me know how it goes.

View More Comments
Mark James3
Mark James September 4, 2013

Hi Celso, Thanks for the help, my vhost is configured as above (I've tried various different approaches) and that works fine, apache handles the auth and if i proxy to a test site all is fine, the problem is when i proxy to tomcat it must be using the http header credentials that apache handled. even with the directive tomcatAuthentication="true" which should tell tomcat to do it's own auth, not use apache's. My suspicion is that Jira is bypassing that directive and using the same headers as apache, so as they already exist it's failing because the uid/pw are wrong.

Like
Reply

Suggest an answer

Log in or Sign up to answer
Jira
Jira
TAGS
AUG Leaders

Atlassian Community Events

    See all events
    Community
    Forums
    FAQs Forums guidelines
    Learning
    About learning Resources
    Events
    Copyright © 2025 Atlassian
    Privacy Policy Terms Security
    Welcome illustration

    Welcome to the new Atlassian Community

    Online forums and learning are now in one easy-to-use experience.

    By continuing, you accept the updated Community Terms of Use and acknowledge the Privacy Policy. Your public name, photo, and achievements may be publicly visible and available in search engines.