We are using shared AD server for Jira Server and Confluence Server, and have Confluence integrated with Jira using Application Links, where Confluence authenticates users via the Jira user directory.
Recently, we replaced our proxy server with Azure Application Gateway. As a result:
The source IP seen by Jira for Confluence requests has changed.
Confluence’s hostname remains the same, but its apparent IP (as seen by Jira) is now different.
Since this change, Jira is returning 403 Forbidden responses when Confluence tries to authenticate via the user directory.
We disabled IP allowlisting, assuming no further IP-based restrictions were in place.
Problem : Even though IP allowlisting is off at the infrastructure level, Jira itself is rejecting the requests of confluence login.
Additional Finding
We noticed that:
We do not have the “Application Server Password” configured in Jira for Confluence.
This password is typically set under:
Jira Admin → User Management → User Directories
When setting up a "Remote Crowd or Jira Directory", Confluence provides an Application Name and Password that Jira must recognize and trust.
Without this password set in Jira:
Confluence's authentication requests will be rejected with a 403, even if the application link exists.
This is separate from OAuth or IP trust — it’s a dedicated trust mechanism for directory access.
Can someone help us to find what could possible cause for 403 error in confluence login request?
