Jira Installation and first steps
Two-Factor Authentication with SecSign ID Plugin
Find out why our Two-Factor Authentication is the best, some key-facts for developers and why you should upgrade to SecSign for your business.
Learn more about the options of on-premise use and your own customized ID App in your corporate design.
Download the plugin as cloud version for a free and convenient protection.
JIRA is a web application for project management, bug tracking, respectively issue tracking and troubleshooting and was developed and published by the company Altassian.
JIRA is based on Java servlets and uses common databank systems (DBMS). As web application JIRA runs on server side and uses, for example, Apache Tomcat as Java servlet platform. In this case users access the system via the browser. JIRA is used most frequently for software development, respectively for the project management of it. Primarily, the system gets so-called tickets (issues). These tickets represent the significant information for the project management.
Effectively protect your company with SecSign ID Two-Factor Authentication for your app
Table of contents
SecSign ID is a plugin for real two-factor authentication (2FA) for Jira. 2FA adds another layer of security to your installation by using a second token. In this case the physical token is your smartphone.
If you seek for more information about about two-factor authentication have a look at the Jira Marketplace or our Github site.
Questions? Feel free to get in touch with us if you need help setting up your SecSign ID plugin or to request a plugin for a not yet supported environment.
1. Installation
For Altassian´s installation instructions for JIRA please see JIRA Installation and Upgrade Guide.
Requirements
- Java: On server side Java is required in a runtime environment which is up to date (java runtime environment: JRE) or in a valid Java development kit (JDK). 32-bit and 64-bit JRE-versions for Windows and Linux are supported. The run time environment which was adapted to MacOSX by Apple is not officially supported by JIRA.
- Application server: Apart from a web server, an application server is required in order to process the Java classes, respectively Java servlets. A familiar application server in this context is Apache Tomcat. JIRA is delivered with a build-in Apache Tomcat application server.
1.1 Installation of Jira on Linux (Mac OSX)
The description of the installation of JIRA uses Linux as example. Please see Installing JIRA on Windows for installation instructions concerning Windows systems and here for installation on Solaris.
1Java must be installed and the environment variable $JAVA_HOME must be set. Using the command ‚print_env‘, respectively ‘set‘ all environment variables for a user can be issued. Please use the following commands to define the environment variable $JAVA_HOME: find /usr/lib /usr/bin/ | grep -Ei “java” Please add the following lines in the file /etc/profile: export JAVA_HOME=/usr/lib/path-that-was-found-for-java export PATH=$JAVA_HOME/bin:$PATH Depending on the used shell the lines can also be entered into the user´s .bashrc under which JIRA is supposed to run later on.
2Unpacking of the archive: tar -xvzf atlassian-jira-6.4.4.tar.gz
3JIRA home must be defined. The JIRA instance must know in which directory it can be found so that JIRA can work properly. For this JIRA home is definite for each JIRA installation. In the file ‘jira-application.properties‘ the value ‚jira.home’ must be set. After unpacking the file can be found in the directory ‘./atlassian-jira/WEB-INF/classes/’ jira.home=/home/jira/ Please keep in mind that the value of the home directory must not be a parent directory of the servlet directory: Configured jira.home ‘…/jira’ must not be a parent directory of the webapp servlet path ‘…/jira/atlassian-jira‘ Besides, the environment variable $JIRA_HOME can also be defined for the separate users if plugins and add-ons are supposed to be developed later on using the JIRA installation.
export JIRA_HOME=/home/jira/
3.1For the unambiguousness of the JIRA home directory it is advisable to generate a user for each installation, e.g. the user „jira“
useradd jira
passwd jira
Under MacOSX:
dscl . -create /Users/jira UserShell /bin/bash
passwd jira
The home directory of the new user will be defined as JIRA home. Afterwards, please change to the user „jira“
sh-3.2# su – jira
Now JIRA has (as user „jira“) complete access rights for the directory JIRA home and (possibly) unlimited rights for the JIRA installation directory. The access rights are necessary so that JIRA can load all templates, plugins/modules, etc. See Troubleshooting.
jira:~ jira$ cat .bashrc
JAVA_HOME=/usr/bin/java
JIRA_HOME=/Users/jira
ATLAS_HOME=/usr/share/atlassian-plugin-sdk-5.0.13
export JAVA_HOME
export JIRA_HOME
export ATLAS_HOME
4After the installation of JIRA it can be started via the shell script ‘bin/start-jira.sh’ During this process JIRA will start all required components:
– Apache
– Apache Tomcat
– Apache Catalina (Servlet-Container by Tomcat)
– HSQLDB
For issue tracking you can find the log files, for example, in logs/catalina.out or for Apache Tomcat logs/catalina-YYYY-MM-DD.log, respectively for the web server under logs/access_log.YYYY-MM-DD
JIRA can also be started in the foreground instead of as demon. For this, JIRA is processed with the rights of the current user. The output is shown on the console and facilitates the troubleshooting. See [#troubleshooting]
./start-jira.sh -fg
Analogical to the start script a script is available for stopping JIRA, if it was not started in the foreground:
./stop-jira.sh
After the start the JIRA server runs on port 8080 (default setting), available in the browser under http://localhost:8080/
If port 8080 is already used by another application, e.g. a Node.js Webserver, settings for JIRA can be made in the file ‘conf/server.xml’ If JIRA starts without any error, JIRA can now be installed under http://localhost:8080/secure/SetupMode!default.jspa
2. Jira Implementation
The installation is carried out via the JIRA setup wizard. JIRA can be basically installed either automatically or manually. The following text describes the manual installation.
- Database: For test purposes the integrated database HSQLDB can be used. If you intend to use your own database, you will have to define database users as well as which DBMS will be available and on which server / under which port the database can be found, etc.
- Publicity: Do you want to allow public access to JIRA or should only administrators allow defined users to create, add and process?
- Selection of the options: Do you intend to use JIRA only for project monitoring or should it also be used for the installation of agile workflows for software development (JIRA Agile)? Should it be possible to use JIRA also as helpdesk (JIRA Service Desk)?
- Licensing
- Setting up the administrator
- Setting up email notifications + Avatar selection
Afterwards, JIRA will give you a short tour. JIRA is now installed and set up.
4. Troubleshooting
- Please keep in mind that the value of the home directory must not be parent directory of the servlet directory: Configured jira.home ‘…/jira’ must not be a parent directory of the webapp servlet path ‘…/jira/atlassian-jira‘
- JiraLockedError: If the following exception occurs during the invocation of http://localhost:8080/, the file permissions are incorrect. The user for whom JIRA is performed, must possess the permission to read, write and execute for all used directories .
"JIRA startup failed, JIRA has been locked." [https://answers.atlassian.com/questions/15301147/http-status-500---exception-occurred-while-rendering-template-templatesjiraappconsistencyjiralocked.vm.] 2015-05-20 15:28:38,773 http-bio-8080-exec-1 ERROR anonymous 928x1x1 - 0:0:0:0:0:0:0:1%0 /JiraLockedError [jira.template.velocity.VelocityEngineFactory$Default] Exception initialising Velocity: java.lang.RuntimeException: org.apache.velocity.util.ClassConstructionException: Cannot instantiate class for introspector.cache.classes java.lang.RuntimeException: org.apache.velocity.util.ClassConstructionException: Cannot instantiate class for introspector.cache.classes at com.atlassian.velocity.htmlsafe.introspection.AnnotationBoxingUberspect.init(AnnotationBoxingUberspect.java:59) at org.apache.velocity.runtime.RuntimeInstance.initializeIntrospection(RuntimeInstance.java:366) at org.apache.velocity.runtime.RuntimeInstance.init(RuntimeInstance.java:255) at org.apache.velocity.runtime.RuntimeInstance.init(RuntimeInstance.java:588) at org.apache.velocity.app.VelocityEngine.init(VelocityEngine.java:135) at com.atlassian.jira.template.velocity.VelocityEngineFactory$Default.initialise(VelocityEngineFactory.java:70) at com.atlassian.jira.template.velocity.VelocityEngineFactory$Default.access$000(VelocityEngineFactory.java:24) at com.atlassian.jira.template.velocity.VelocityEngineFactory$Default$1.create(VelocityEngineFactory.java:35) at com.atlassian.jira.template.velocity.VelocityEngineFactory$Default$1.create(VelocityEngineFactory.java:30) at com.atlassian.util.concurrent.LazyReference$Sync.run(LazyReference.java:325) at com.atlassian.util.concurrent.LazyReference.getInterruptibly(LazyReference.java:143) at com.atlassian.util.concurrent.LazyReference.get(LazyReference.java:112) at com.atlassian.jira.template.velocity.VelocityEngineFactory$Default.getEngine(VelocityEngineFactory.java:47) at com.atlassian.jira.startup.JiraStartupChecklistFilter.getVelocityEngine(JiraStartupChecklistFilter.java:117) at com.atlassian.jira.startup.JiraStartupChecklistFilter.doFilter(JiraStartupChecklistFilter.java:98) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208) at com.atlassian.jira.web.filters.MultipartBoundaryCheckFilter.doFilter(MultipartBoundaryCheckFilter.java:41) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208) at com.atlassian.jira.web.filters.steps.ChainedFilterStepRunner.doFilter(ChainedFilterStepRunner.java:87) at com.atlassian.jira.web.filters.JiraFirstFilter.doFilter(JiraFirstFilter.java:61) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208) at com.atlassian.gzipfilter.GzipFilter.doFilterInternal(GzipFilter.java:115) at com.atlassian.gzipfilter.GzipFilter.doFilter(GzipFilter.java:92) at com.atlassian.jira.web.filters.gzip.JiraGzipFilter.doFilter(JiraGzipFilter.java:56) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:220) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:122) at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:501) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:171) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:103) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:116) at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:950) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:408) at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1070) at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:611) at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:314) at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:895) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:918) at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) at java.lang.Thread.run(Thread.java:695) Caused by: org.apache.velocity.util.ClassConstructionException: Cannot instantiate class for introspector.cache.classes at org.apache.velocity.util.introspection.IntrospectorBase.(IntrospectorBase.java:81) at org.apache.velocity.util.introspection.Introspector.(Introspector.java:65) at org.apache.velocity.util.introspection.UberspectImpl.init(UberspectImpl.java:66) at com.atlassian.velocity.htmlsafe.introspection.AnnotationBoxingUberspect.init(AnnotationBoxingUberspect.java:55) ... 43 more Caused by: org.apache.velocity.util.ClassConstructionException: java.lang.reflect.InvocationTargetException at org.apache.velocity.util.ClassUtils.getNewInstance(ClassUtils.java:180) at org.apache.velocity.util.introspection.IntrospectorBase.(IntrospectorBase.java:77) ... 46 more Caused by: java.lang.reflect.InvocationTargetException at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method) at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39) at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:27) at java.lang.reflect.Constructor.newInstance(Constructor.java:513) at org.apache.velocity.util.ClassUtils.getNewInstance(ClassUtils.java:168) ... 47 more Caused by: java.lang.NullPointerException at com.atlassian.velocity.JiraIntrospectorCache.(JiraIntrospectorCache.java:32) ... 52 more
3. Available APIS
We provide an ever growing list of APIs and plugins to easily integrate the SecSign ID Two-Factor Authentication in any project. An overview is available at Plugin and APIs.
We do not only offer APIs in different programming languages but also plugins for CMS, Server and VPN environments, oAuth2 and many more. These plugins use our APIs and offer additional functionalities, for example user management, easy and native installation, logging or integration in firewalls or Active Directory.
The JIRA plugin for example uses the JAVA-API. The PHP-Api and JS-API is used by WordPress, Joomla, Drupal, Typo3 and many more. The ASP.net/C#-API is used for the Windows and Cisco VPN and the C-API is used for protecting Unix SSH services. The Objective-C API is used by our AppleTV and iPhone/iPad apps.
4. See for yourself
You can experience the SecSign ID two-factor authentication and the two-factor login by simply integrating the plugin into your website or test environment. Or you can try out the login process on our website without having to register first. You already have a SecSign ID or you want one? Login now and use the portal or use our hassle free registration.
See for yourself how fast and convenient the login process using challenge-response authentication with 2048-bit key pairs is. There is no need for passwords, and no passwords or other confidential information are ever transmitted. It is easy to integrate and simple to use.
For more information about the patented SafeKey procedure and it's unique security can be found here.
If you are missing an API for the programming language you are working with, feel free to contact us and we’ll find a solution with you. If you need help with the integration into an existing system or you can’t find the plugin for your content management system you are working with, don’t hesitate to contact our support team.
Your own ID-Server
On premise installations of SecSign ID offer the flexibility to connect with your preferred servers, services, and devices. And you can customize the SecSign ID with your own organization’s branding.
Why upgrade to SecSign?
On-premise or in the cloud
Choose between our SecSign ID Cloud or operate your own on-premise Two-Factor Authentication server.
Easy customization
Operate your own YourBrand ID app - Two-Factor Authentication customized to your needs.
Ready-to-use SDK
Integrate SecSign ID Two-Factor Authentication in existing apps with our ready-to-use SDK.
Easy user management
Use the Two-Factor Authentication Server to secure your company Active Directory/LDAP. Your own Identity and Access Management System, for example for mandatory updates and additional security features.
Cover all logins
Integration in any login environment: web, local, VPN, remote desktop, mobile logins and many more.
Plugins for all your needs
No need for complex integration: we have plugins for almost all environments.
Contact Us
Sales
Want to learn more about SecSign’s innovative and highly secure
solutions for protecting your user accounts and sensitive data?
Use our contact form to submit your information, and a SecSign sales representative will contact you within one business day.
Product Support
If you need assistance with an existing SecSign account or product
installation, please see the FAQs for more information on the most common questions. You don’t find the solution to your problem? Don’t hesitate to contact the
Product Support
I am Interested in