I'm seeing periodic failures when connecting to Jira on premise, using Crowd for authentication, via the REST API. I am using preemptive basic authentication, and I'm also passing the session cookie in subsequent responses. Because the authentication failures are periodic (the same credentials will mostly pass but occasionally fail), I'm thinking that the preemptive basic authentication might be overloading the Crowd servers and causing them to occasionally return authentication failures.
If I pass both the Authorization header and the session cookie, will it cause Crowd to re-authenticate with every request, or will the cookie be used instead? Is preemptive basic authentication not recommended for high load applications where the Crowd servers might be overloaded?
The failures that I'm seeing in Jira access logs are:
login : '<username>' tried to login but they do not have USE permission or weren't found. Deleting remember me cookie.
The user '<username>' has FAILED authentication. Failure count equals 1
The HTTP request I'm sending contains these headers:
Cookie: JSESSIONID=****; atlassian.xsrf.token=****; <crowd.token_key>=****
The HTTP response contains these headers:
Set-Cookie: <crowd.token_key>=****; Domain=****; Expires=****; Path=****; HttpOnly[\r][\n]
Set-Cookie: <crowd.token_key>=****; Domain=****; Path=****; HttpOnly[\r][\n]
A bug bounty program is one of the most powerful post-production tools that any organization can implement to help detect vulnerabilities in their applications and services. Crowdsourcing vulnerabili...
Connect with like-minded Atlassian users at free events near you!Find an event
Connect with like-minded Atlassian users at free events near you!
Unfortunately there are no Community Events near you at the moment.Host an event
You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events