JIRA CLI CLient commandline Not Authenticating Properly

Roberto Olivares April 18, 2018

Hi everyone,

I'm having a few problems getting this JIRA commandline to work:

C:\tools\atlassian-cli-7.8.0>jira.bat --debug --verbose --options basicAuthentication --server "https://jira01.COMPANY.com" --user FIRST.LAST@COMPANY.COM --password PASSWORD --action getServerInfo

It connects to the JIRA server, but gives this error:

org.swift.common.cli.CliClient$RemoteDisallowedException: User 'FIRST.LAST@COMPANY.COM' is not allowed to log in at this point in time perhaps due to CAPTCHA requirements or too many failed login requests.

 This error always occurs despite the fact:

  • JIRA Web > Profile > Username is what I'm using to log in.
  • JIRA Web > Profile > Groups is jira-software-users
  • The password provided to the commandline is indeed the one that works when I login via the web.
  • I have tried this both with and without --options basicAuthentication 
  • This occurs regardless of how many times I successfully log out / log in to the JIRA web UI.
  • Whenever I go to JIRA Web > Profile > Change Password, it says: "Too many incorrect login attempts: Please log out and log in again to access this function." This also occurs regardless of how many times I successfully log out / log in to the JIRA web UI.
  • A CAPTCHA is never shown on the JIRA Web UI's login.

NOTE: When we login to JIRA web ui, our company appears to defer to federated authentication via "https://login.microsoftonline.com" into which we provide the credentials we're providing the script, which then takes us into JIRA.

Questions:

  • How to get the commandline tool / jira server to accept the same credentials the jira web ui does?
  • Is this a permissions issue or something involving the password federation?
  • Suggestions for how to get this to work? 
  • How to get it to actually clear the "too many incorrect logins" issue?

Cheers & Thanks!
-Roberto

Full trace of command is:

URL requested: https://jira01.COMPANY.com/rest/org.swift.jira.cli/latest/validatelicense
Request type: GET
Content type: application/json
options: basicauthentication
URL requested: https://jira01.COMPANY.com/rest/auth/1/session
Request type: POST
Content type: application/json
Using basic authentication.
Request property X-Atlassian-Token, value: [no-check]
Request property Content-Language, value: [en-US]
Request property Content-Type, value: [application/json]
json: {}
Problem determination - response: 403: null
Problem determination - response url: https://jira01.COMPANY.com/rest/auth/1/session
Problem determination - request url: https://jira01.COMPANY.com/rest/auth/1/session
Problem determination - response data: <html>

<head>
<title>Forbidden (403)</title>

...

Remote error: User 'FIRST.LAST@COMPANY.COM' is not allowed to log in at this point in time perhaps due to CAPTCHA requirements or too many failed login requests. Go to the user interface and login to clear the problem.


org.swift.common.cli.CliClient$RemoteDisallowedException: User 'FIRST.LAST@COMPANY.com' is not allowed to log in at this point in time perhaps due to CAPTCHA requirements or too many failed login requests. Go to the user interface and login to clear the problem.
at org.swift.jira.cli.helpers.AuthenticationHelper.login(AuthenticationHelper.java:196)
at org.swift.jira.cli.helpers.AuthenticationHelper.login(AuthenticationHelper.java:157)
at org.swift.common.cli.helpers.DefaultAuthenticationHelper.handleCookies(DefaultAuthenticationHelper.java:124)
at org.swift.jira.cli.JiraClient.getAuthenticationHelper(JiraClient.java:185)
at org.swift.jira.cli.JiraClient.getAuthenticationHelper(JiraClient.java:107)
at org.swift.common.cli.helpers.DefaultRequestHelper.setConnectionProperties(DefaultRequestHelper.java:1043)
at org.swift.common.cli.helpers.DefaultRequestHelper.setConnectionProperties(DefaultRequestHelper.java:1030)
at org.swift.common.cli.helpers.DefaultRequestHelper.makeRequestWithUrlConnection(DefaultRequestHelper.java:724)
at org.swift.common.cli.helpers.DefaultRequestHelper.makeUrlRequest(DefaultRequestHelper.java:690)
at org.swift.common.cli.helpers.DefaultRequestHelper.makeRequest(DefaultRequestHelper.java:660)
at org.swift.common.cli.helpers.DefaultRequestHelper.makeStandardRequest(DefaultRequestHelper.java:648)
at org.swift.common.cli.helpers.AppfireRequestHelper.getServerInfo(AppfireRequestHelper.java:118)
at org.swift.jira.cli.JiraClient.getRemoteServerInfo(JiraClient.java:2493)
at org.swift.jira.cli.JiraClient.getServerInfo(JiraClient.java:2455)
at org.swift.jira.cli.JiraClient.handleRequest(JiraClient.java:840)
at org.swift.common.cli.DefaultRemoteClient.process(DefaultRemoteClient.java:729)
at org.swift.common.cli.CliClient.doWork(CliClient.java:674)
at org.swift.common.cli.CliClient.doWork(CliClient.java:631)
at org.swift.jira.cli.JiraClient.main(JiraClient.java:166)

1 answer

0 votes
Bob Swift {Appfire} April 19, 2018

Your custom authenticator is getting in the way here as evident by your comment about the change password UI running into the same type of CAPTCHA problem. Under the covers, we are trying to authenticate with Jira and Jira is returning the error due to the CAPTCHA problem. 

Roberto Olivares April 22, 2018

Hi Bob, thanks for your response.

Is there a way to have the CLI use the federation system wired into our Jira server to do the auth?

Or is there some way of adding a JIRA password to my account (separate from the federated password) so that the CLI can accept that?

Any suggestions on workarounds?

Thanks,
-Roberto

Bob Swift {Appfire} April 23, 2018

Sorry, I don't really know. The bottom line is you need a way for your authenticator to allow Jira REST APIs through or provide a url path that can be used to bypass the authenticator. 

Suggest an answer

Log in or Sign up to answer
TAGS
AUG Leaders

Atlassian Community Events