its-jira SSO connection problems

254 views
Skip to first unread message

Cédric LE COZ

unread,
Nov 11, 2024, 9:41:25 AM11/11/24
to Repo and Gerrit Discussion
Hi all,
Our jira instance was migrated to SSO (Okta) authentication. Usernames are now emails, and MFA is enforced. 
At the moment I managed to get a non MFA credential for my gerrit instance however, Gerrit is not able to sign into Jira at init. 
email / password are valid, I can log-in via my web-browser. 
Last time I had a similar issue, I think it was because there was a symbol in the password.
In this one, there are also symbols (in email @, and in password (SSO enforced)) so I cannot get rid of those.

Jira has a PAT mechanism, using "Authorisation: Bearer  pat_token" in headers however looking at the plugin doc I don't think it can be used.

Anyone using emails and password with symbols to sign-in from gerrit to Jira ?




[2024-11-10T17:05:41.943Z] [main] ERROR com.googlesource.gerrit.plugins.its.jira.JiraItsStartupHealthcheck : its-jira plugin failed to start: unable to connect to Jira (https://jira.example.com/jira/)
java.io.IOException: Request failed: https://jira.example.com/jira/rest/api/2/serverInfo/ - 401 - null
at com.googlesource.gerrit.plugins.its.jira.restapi.JiraRestApi.validateResponse(JiraRestApi.java:169)
at com.googlesource.gerrit.plugins.its.jira.restapi.JiraRestApi.doGet(JiraRestApi.java:75)
at com.googlesource.gerrit.plugins.its.jira.restapi.JiraRestApi.doGet(JiraRestApi.java:85)
at com.googlesource.gerrit.plugins.its.jira.JiraClient.sysInfo(JiraClient.java:238)
at com.googlesource.gerrit.plugins.its.jira.JiraClient.healthCheckSysinfo(JiraClient.java:264)
at com.googlesource.gerrit.plugins.its.jira.JiraItsFacade.lambda$healthCheck$0(JiraItsFacade.java:49)
at com.googlesource.gerrit.plugins.its.jira.JiraItsFacade.execute(JiraItsFacade.java:130)
at com.googlesource.gerrit.plugins.its.jira.JiraItsFacade.healthCheck(JiraItsFacade.java:44)
at com.googlesource.gerrit.plugins.its.jira.JiraItsStartupHealthcheck.start(JiraItsStartupHealthcheck.java:47)
at com.google.gerrit.lifecycle.LifecycleManager.start(LifecycleManager.java:95)
at com.google.gerrit.server.plugins.ServerPlugin.startPlugin(ServerPlugin.java:254)
at com.google.gerrit.server.plugins.ServerPlugin.start(ServerPlugin.java:183)
at com.google.gerrit.server.plugins.PluginLoader.runPlugin(PluginLoader.java:513)
at com.google.gerrit.server.plugins.PluginLoader.rescan(PluginLoader.java:427)
at com.google.gerrit.server.plugins.PluginLoader.start(PluginLoader.java:332)
at com.google.gerrit.lifecycle.LifecycleManager.start(LifecycleManager.java:95)
at com.google.gerrit.pgm.Daemon.start(Daemon.java:398)
at com.google.gerrit.pgm.Daemon.run(Daemon.java:291)
at com.google.gerrit.pgm.util.AbstractProgram.main(AbstractProgram.java:62)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.base/java.lang.reflect.Method.invoke(Method.java:566)
at com.google.gerrit.launcher.GerritLauncher.invokeProgram(GerritLauncher.java:252)
at com.google.gerrit.launcher.GerritLauncher.mainImpl(GerritLauncher.java:148)
at com.google.gerrit.launcher.GerritLauncher.main(GerritLauncher.java:93)
at Main.main(Main.java:30)

Michelle Pogado

unread,
Dec 18, 2024, 2:42:47 AM12/18/24
to Repo and Gerrit Discussion
Using PAT and it is indeed not working :(

I’ve read from atlassian community that they have deprecated usage of username+password in their rest api communication.

Cédric LE COZ

unread,
Dec 19, 2024, 12:42:16 AM12/19/24
to Repo and Gerrit Discussion
On Wednesday 18 December 2024 at 08:42:47 UTC+1 Michelle Pogado wrote:
Using PAT and it is indeed not working :(

I’ve read from atlassian community that they have deprecated usage of username+password in their rest api communication.

Yes in my case to unblock quickly, I did a rebuild of the plugin having modified the Authorisation from Basic: auth    to «Bearer: PAT».  Using the pat itself directly instead of using auth which uses an encode of uname:pass).
File modified was [1].

Chunlin Zhang

unread,
Feb 18, 2025, 1:19:39 AMFeb 18
to Repo and Gerrit Discussion
I create a change for support PAT, I have verified locally it is OK:
Reply all
Reply to author
Forward
0 new messages