Rocket.chat: Atlassian Crowd integration doesn't work after upgrading Atllasian Crowd from 3.7.1 to 4.0.0

Created on 7 Apr 2020  Â·  24Comments  Â·  Source: RocketChat/Rocket.Chat

Description:

Our Rocket.Chat server worked correctly with Atlassian Crowd 3.7.1.
However, after upgrading Crowd from 3.7.1 to 4.0.0, Crowd integration doesn't work.
Atlassian Crowd itself works correctly with other applications (Jira, Confluence and GitLab) after upgrading to 4.0.0.

Steps to reproduce:

  1. Upgrade Atlassian Crowd to 4.x.
  2. Open Rocket.Chat in browser and move to Administration => Atlassian Crowd.
  3. Click 'Test connection'. The result says 'Invalid connectiondetails'.

Expected behavior:

Crowd integration works with Atlassian Crowd 4.0.x.

Actual behavior:

Crowd integration doesn't work with Atlassian Crowd 4.0.x.

Server Setup Information:

  • Version of Rocket.Chat Server: 3.0.12
  • Operating System: Red Hat Enterprise Linux Server release 7.6 (Maipo)
  • Deployment Method: Manual (tar)
  • Number of Running Instances: 1
  • DB Replicaset Oplog: configured
  • NodeJS Version: 12.14.0
  • MongoDB Version: 3.6.3

Client Setup Information

  • Desktop App or Browser Version: any
  • Operating System: any

Additional context

Relevant logs:



Rocket.Chat log:
I20200407-15:10:36.568(9) server.js:204 CROWD âž” error Invalid crowd connection details, check the url and application username/password and make sure this server is allowed to speak to crowd

Atlassian Crowd log:
2020-04-07 16:02:02,255 http-nio-XXXX-exec-9 INFO [plugin.rest.filter.BasicApplicationAuthenticationFilter] Invalid authentication for application with name 'APP_USERNAME'

integration / plugin
Source
picture karl-in-office
👍5 😕1

Most helpful comment

@karl-in-office, @flover97, @gabriellsh (@gammpamm, @fbuchmeier, @almasch)
It may happens because Crowd 4.0.0 returns Content-Type header as application/json;charset=UTF-8, but atlassian-crowd (aka node-atlassian-crowd) in the method ping which call the method _doRequest expects header Content-Type only as application/json.

So, for temporary fix this issue manually, we just have to replace the condition from
if (response.headers['content-type'] !== "application/json")
to something like
if ( !(response.headers['content-type'].includes('application/json')) )
or
if ( !(/application\/json/.test(response.headers['content-type'])) )
or as you wish.

In my case, I've just edit
/opt/Rocket.Chat/programs/server/npm/node_modules/atlassian-crowd/lib/index.js
and restart rocketchat.service.

picture codemighty on 15 May 2020
👍4 🚀1

All 24 comments

Same problem on 3.0.12 and 3.1.0

flover97 picture flover97 on 14 Apr 2020

@karl-in-office, @flover97, @gabriellsh (@gammpamm, @fbuchmeier, @almasch)
It may happens because Crowd 4.0.0 returns Content-Type header as application/json;charset=UTF-8, but atlassian-crowd (aka node-atlassian-crowd) in the method ping which call the method _doRequest expects header Content-Type only as application/json.

So, for temporary fix this issue manually, we just have to replace the condition from
if (response.headers['content-type'] !== "application/json")
to something like
if ( !(response.headers['content-type'].includes('application/json')) )
or
if ( !(/application\/json/.test(response.headers['content-type'])) )
or as you wish.

In my case, I've just edit
/opt/Rocket.Chat/programs/server/npm/node_modules/atlassian-crowd/lib/index.js
and restart rocketchat.service.

codemighty picture codemighty on 15 May 2020
👍4 🚀1

@codemighty
Thank you for great tips!
I'll try suggested workaround in this week.

karl-in-office picture karl-in-office on 17 May 2020

The above workaround works with Rocket.Chat 3.1.1.
Many thanks @codemighty !

FYI, that doesn't work with Rocket.Chat 3.2.2.
'Test connection' returns 'Connection success', but Rocket.Chat do nothing with Atlassian Crowd. Rocket.Chat doesn't do crowd authentication and syncing name.

karl-in-office picture karl-in-office on 22 May 2020

Here is a log when crowd user tried to login. 

I20200522-20:56:34.096(9) CROWD âž” info Init CROWD login CROWD_VALID_USER 
I20200522-20:56:34.098(9) CROWD âž” info Extracting crowd_username 
I20200522-20:56:34.101(9) CROWD âž” debug Local user found, redirecting to fallback login 
I20200522-20:56:34.103(9) CROWD âž” debug User CROWD_VALID_USER is not a valid crowd user, falling back 
I20200522-20:56:34.106(9) CROWD âž” info Fallback to default account system { username: 'CROWD_VALID_USER' }
karl-in-office picture karl-in-office on 22 May 2020

The above workaround works with Rocket.Chat 3.1.1.
Many thanks @codemighty !

You're welcome!

FYI, that doesn't work with Rocket.Chat 3.2.2.

I'm using that workaround with Rocket.Chat 3.2.2 + Crowd 4.0.0 right now, and it works as it should; all directory's users that mapped to rocket-chat-app in Crowd are able to log in with no problem. I guess, the problem in your Crowd configuration or you didn't sync users' data between Rocket.Chat and Crowd. It's complicated to locate a cause without more information about your configuration.

codemighty picture codemighty on 26 May 2020

Really?
I'll take a look again in next week.

karl-in-office picture karl-in-office on 27 May 2020

debug User CROWD_VALID_USER is not a valid crowd user, falling back

I found the root cause of the above. It is an another issue.
As far as I can remember, users who were pre-registered on Rocket.Chat could login via Crowd also.
However, it seems that such users cannot login via Crowd in recent versions.

The workaround is:

  1. Ask new users to login Rocket.Chat with Crowd username/password for creating Crowd integrated accounts on Rocket.Chat.
  2. Once confirmed that all users are registered, change channel configurations (adding them, changing roles and etc.)
karl-in-office picture karl-in-office on 8 Jun 2020

Hi, I'm a staff member under @karl-in-office .
I've tried your code with Rocket.chat 3.3.0 and it works successfully.
Thank you @codemighty :)

atshim picture atshim on 9 Jun 2020

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

github-actions[bot] picture github-actions[bot] on 8 Aug 2020

Aren't there any plan to fix this issue?
It's very frustrating that we need to patch this for every Rocket.Chat update... :-(

karl-in-office picture karl-in-office on 8 Aug 2020

I can confirm the connection works properly with Crowd 2, but not with Crowd 4.

The following versions we tried:
Rocket Chat: 3.6.2
Crowd: 4.1.1

When pressing "Test connection" in admin panel the following Toastr appears:
[Invalid connection details]

When checking Rocket Chat log:
sudo service snap.rocketchat-server.rocketchat-server status
server.js:204 CROWD âž” error Invalid crowd connection details, check the url and application username/password and make sure this server is allowed to speak to crowd

Since we use Snaps to maintain updates it is hard to manually patch the source code.

Can someone assign this issue to a Rocket Chat developer so a patch can be applied to resolve this issue?

bvbmedia picture bvbmedia on 23 Sep 2020

FYI, @codemighty 's patch is still effective for Crowd 4.1.1.

karl-in-office picture karl-in-office on 23 Sep 2020

Thanks @karl-in-office, since we use Snap the filesystem is mounted in read-only mode. So not easy to apply the patch. I read some articles but did not help me further.

Do you have any tips about how to apply a patch inside a Snap?

bvbmedia picture bvbmedia on 23 Sep 2020

Tonight I have spent some time on R&D and succeeded with applying the patch inside the Snap image.

Thanks @codemighty & @karl-in-office ! The patch is working good!

If other developers need to know how to apply a patch on their RocketChat Snap then they can read it on my blog:

https://www.basvanbeek.nl/linux/how-to-adjust-files-and-folders-inside-the-snap-file-system/

bvbmedia picture bvbmedia on 24 Sep 2020
👍3

Is it fixed in any currently available releases?

piotrkochan picture piotrkochan on 25 Sep 2020
👍1

I don't think so, because the NPM module "node-atlassian-crowd" is not yet patched:

image

https://github.com/dsn/node-atlassian-crowd/blob/master/lib/index.js

bvbmedia picture bvbmedia on 25 Sep 2020

I forked node-atlassian package with patch from @codemighty and it is available there:
https://www.npmjs.com/package/atlassian-crowd-patched

piotrkochan picture piotrkochan on 25 Sep 2020

I forked node-atlassian package with patch from @codemighty and it is available there:
https://www.npmjs.com/package/atlassian-crowd-patched

@piotrkochan
I think that it would be better if npm information (Homepage and Repository) point to https://github.com/piotrkochan/node-atlassian-crowd

If possible, could you do PR on this repo to change package.json?
https://github.com/RocketChat/Rocket.Chat/blob/af4a21a53ddbf88045db2009384851a074183c0a/package.json#L153
Because it's difficult for me to make changes and do PR due to our company regulation :-(

karl-in-office picture karl-in-office on 25 Sep 2020

Many thanks, @piotrkochan !

karl-in-office picture karl-in-office on 25 Sep 2020

@geekgonecrazy @rodrigok please contact me, I'll give You write permission to this repository

piotrkochan picture piotrkochan on 5 Oct 2020

In which version we have this fixed? or it's still not fixed? (if not any estimates when it could be fixed?)

wysockip picture wysockip on 9 Dec 2020

As you can see #19025, it's still not fixed.
Hence we have to patch up manually so far.
Please see also: https://github.com/RocketChat/Rocket.Chat/issues/17196#issuecomment-629498270

karl-in-office picture karl-in-office on 10 Dec 2020

Thanks for info. I've tried it - (#17196 (comment)) - but it's not working for me . Btw i'm running RC on Docker + Crowd 4.2.2

wysockip picture wysockip on 15 Dec 2020
Was this page helpful?
0 / 5 - 0 ratings

Related issues

marceloschmidt picture marceloschmidt  Â·  3Comments
antn89 picture antn89  Â·  3Comments
ghost picture ghost  Â·  3Comments
danpospisil picture danpospisil  Â·  3Comments
Kiran-Rao picture Kiran-Rao  Â·  3Comments