Hi,
Today i've been testing with an addition of an AD directory in our existing Crowd to replace an LDAP directory.
Due to disabling the LDAP directory , a certain amount of users was unable to logon as they were removed from Jira
After enabling this again and synchronizing, all users were put back in place in Jira
However unable to logon with their credentials , while they could earlier.
In logs at the Jira side i find entries like:
2018-02-27 17:20:35,651 http-nio-8080-exec-640 anonymous 1040x3562356x1 rrcaim <ip client, ip server>,127.0.0.1 /login.jsp The user 'xxxxxxxx' has FAILED authentication. Failure count equals 3
2018-02-27 17:20:47,522 http-nio-8080-exec-639 anonymous 1040x3562366x1 - <ip client, ip server>,127.0.0.1 /rest/gadget/1.0/login login : 'xxxxxxxx' tried to login but they do not have USE permission or weren't found. Deleting remember me cookie.
On the crowd side:
127.0.0.1 [27/Feb/2018:16:20:48 +0100] "POST /crowd/rest/usermanagement/1/authentication?username=xxxxxxxx HTTP/1.1" 400 160 1574 "-" "Apache-HttpClient/4.5.3 (Java/1.8.0_60)"
No changes were made in directory configuration or applications in Crowd.
Within both Jira and Crowd the users exist and can be found defined as they should be and member of right groups and application.
Anyone encountered this before?
Incognito browser , cache and cooking clearing are performed.
New syncs have taken place but not resolving this weird issue.
Crowd version 2.11.0
Jira version 7.5.1
Thanks in advance!
Regards
Roland
Sorry to hear that you have those kind of problems in your setup.
Did you try to do test user authentication in Crowd? As you were doing some changes in the directory setup, could you check if the group that is allowed to authenticate to application in Crowd is still defined or maybe you just have 'Allow all to authenticate'?
Additionally are there any other entries in Crowd log files that may indicate authentication problem?
Hope that helps,
Marcin Kempa
Hi @Marcin Kempa,
Test authentication from crowd works , from Jira through the User directory it doesn't.
The users/groups are allowed to authenticate to the application.
We did not find any other authentication issues except the 400 on the POST for authenticate so far.
I'm verifying currently if Crowd is the issue , by adding the LDAP to the Jira instance (bypassing Crowd) to see if the users can authenticate in that way.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.