[OCFD-SRV045] signature_invalid

Applies to

• OSLC Connect for Jira 2.7+

• OSLC Connect for Confluence 1.1+

Problem

OSLC Connect for Jira is rejecting the OAuth consumer key.

With the corresponding error when trying to create a project association:

Cause

This error tells us that the OAuth dance cannot be completed for the signature base string, aka the string that is computed by both the OAuth client (the OSLC Connect application) and the OAuth server (the remote OSLC application) to sign on the communication, is different. This can be caused by any difference in one of the components of this base signature string.

Resolution

To determine which component is faulty, you would ideally need to retrieve both the server and client’s base signature string, then compare them. That is unfortunately not possible in with the library we are using to date.

• retrieve the client (the OSLC Connect application) base signature string

  • enable the logs for the org.apache.http package, as described in the appropriate Debugging errors using logs

  • reproduce the problem

  • retrieve the logs

  • identify the URL that triggers the signature_invalid error inside the logs

• retrieve the server (the remote OSLC application) base signature string

  • this is present in the detailed error message displayed by OSLC Connect

  • when you see the error, click Show details and identify the base_signature_string

• carefully review the different parameters of the base signature string

  • we have mostly seen errors in the URL parameter, with missing HTTPS, possible invalid URL

Once you have identified the component causing the difference, you can usually solve the issue. Typical underlying issues are:

• invalid based URL declared in the configuration

• problem with the reverse proxy’s forwarding configuration