2FA for Jira: U2F & TOTP

Anton Storozhuk January 15, 2019

You may discuss "2FA for Jira: U2F & TOTP" app here.

7 comments

Comment

Log in or Sign up to comment
Brian Tullio May 30, 2019

Will this plug-in work if we are using Crowd as a user directory?

Anton Storozhuk May 31, 2019

Hi @Brian Tullio Yes, our app supports Crowd. 

Brian Tullio June 6, 2019

I see you have a plug-in for Confluence also but not Bitbucket.

Are there plans to accommodate Bitbucket?

Anton Storozhuk June 6, 2019

@Brian Tullio Bitbucket natively support U2F devices (https://bitbucket.org/blog/universal-2nd-factor), so there's no need in additional plugin

Brian Tullio June 6, 2019

As far as I can tell, this only applies to Bitbucket cloud.

U2F for server has been a requested feature since 2015 but has received no love.

https://jira.atlassian.com/browse/BSERV-7815?focusedCommentId=999206&page=com.atlassian.jira.plugin.system.issuetabpanels%3Acomment-tabpanel

Brian Tullio June 14, 2019

@Anton Storozhuk Any thought on my last post? I can see that other vendors offer Bitbucket plugins.

I like yours since it works very well, but would prefer to go with the same vendor cross our Jira/Confluence/Bitbucket installation.

Anton Storozhuk June 14, 2019

Hi @Brian Tullio We started to work on Bitbucket 2FA plugin. The functionality will be exactly the same as Jira & Confluence versions. I'll keep you posted. Thanks!

Brian Tullio June 18, 2019

@Anton Storozhuk Fantastic! I would like to work this into my IT schedule, any ETA? I would be happy to be a part of testing once you have something working, even if it is beta.

Anton Storozhuk June 18, 2019

@Brian Tullio ETA for beta is around 4-5 weeks. I've scheduled a contact with you already. Thanks for letting me know that you're ready to be a part of testing.

Anton Storozhuk July 25, 2019

Hi @Brian Tullio we've finished to work on Bitbucket 2FA app and submitted it to Atlassian Marketplace. I'll let you know when the app is reviewed and available to download.

Brian Tullio July 25, 2019

@Anton Storozhuk - that's great news, thanks!

Anton Storozhuk August 28, 2019

Hi @Brian Tullio our Bitbucket Server 2FA solution is finally arrived: https://marketplace.atlassian.com/apps/1220942/2fa-for-bitbucket-u2f-totp?hosting=server&tab=overview please try it our and share your feedback with me.

 

Thanks,

Anton.

Brian Tullio August 28, 2019

Hi @Anton Storozhuk 

I downloaded the add-on and everything installed fine.

However, when attempting to setup the 2FA for my own account, I get a 500 error.

I get the QR code screen, and scan it with the Google Authenticator. It does not ask me for the secret key, it just adds the account immediately.

Then, Google Authenticator gives me a 6 digit code. But, when I put that code into the 2FA screen on Bitbucket, it gives me the 500 error. It looks like it's trying to access this page - plugins/servlet/authplugin/tfaconfiguration?wrongcode=true

 

I tried it a bunch of times, and made sure the code was correct.

Anton Storozhuk August 28, 2019

@Brian Tullio thanks for being so fast! Contacting you to get more details on this...

Anton Storozhuk September 16, 2019

Issue has been resolved.

franky064991 March 30, 2020

May I know how to fix this issue?

 

Then, Google Authenticator gives me a 6 digit code. But, when I put that code into the 2FA screen on Bitbucket, it gives me the 500 error. It looks like it's trying to access this page - plugins/servlet/authplugin/tfaconfiguration?wrongcode=true

 

We're trying this addon and some user report the same issue.

 

Thanks

Liubov Topchyi
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
March 30, 2020

Hello @franky064991 ,

Since we use the Time-based One-Time Password algorithm (TOTP) there is an assumption that the time on the phone may be unsynchronised.
Could you please make sure that the time synchronized (accurate to the minute and second) with your Bitbucket instance and mentioned phone?


Please let us know if this helped.

Otherwise could you please send us the log files from your Bitbucket instance  to support@alpha-serve.com ?

 

Thank you.

Like Anton Storozhuk likes this
Liubov Topchyi
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
April 9, 2020

Hello @franky064991 ,

Are you still experiencing the same issue?

Please let me know. 

Regards,

Liubov

franky064991 April 9, 2020

Hi Liubov,

 

Problem solved, thx for the suggestion.

Like Anton Storozhuk likes this
Colin King September 24, 2019

When adding a U2F key, the plugin almost immediately opens a Chrome dialog to insert and tap the key before I have a chance to type a name for it. Then, the plugin complains that I have not given it a name and repeats the process. The only workaround I have found is to type a name in notepad, copy it, and then paste it into the form before the dialog appears. If I press cancel in the dialog, it reports an error and returns to the 2FA configuration page.

Anton Storozhuk September 24, 2019

Hey @Colin King

What device are you using?

Colin King September 24, 2019

Hi, I am using Chrome 76 in a Windows 10 desktop. I just installed the plugin and was trying it with the default settings.

Anton Storozhuk September 24, 2019

@Colin King thanks for the info. What type of U2F hardware key you were trying to add?

Colin King September 24, 2019

Yubikey 5 NFC and Yubikey Security Key. I was able to get them both working using the workaround.

Anton Storozhuk September 24, 2019

@Colin King Both HW keys are used in our regular regression testing. I'll pass this to our QA dept and come back to you when I know more. Can you please share your contact info with me? Please email me at a.storozhuk@alpha-serve.com. Thanks, Anton.

Anton Storozhuk February 4, 2020

@Colin King we've released app update v.3.1.5 which should fix the issue. Could you please update your instance and recheck? Thanks, Anton.

Beth Starr May 20, 2020

Is there a way to connect the app with a DUO account?

Liubov Topchyi
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
May 21, 2020

Hello @Beth Starr ,

Now you can use Duo Mobile app as a TOTP code generator for third-party accounts. 

We're considering adding support for connecting 2FA for Jira: U2F & TOTP plugin to a Duo account. We let you know the details as soon as they are available. 

Regards,

Liubov

Tamas Juhasz May 28, 2020

Hello,

Is it possible with your plugin to enable 2FA on the user level?
Also, what mobile 2FA apps are supported by it?

Regards,

Tamas Juhasz

Liubov Topchyi
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
May 28, 2020

Hello @Tamas Juhasz ,

Thank you for your question.

After the plugin was installed on your instance by admin (currently we have 2FA plugins for Jira, Confluence, Bitbucket, Crowd and Bamboo; Crucible and FishEye are coming soon) users can enable 2FA on the user level.

Plugins work with mobile applications based on the RFC 6238 standard that generate tokens, such as: Google Authenticator, Microsoft Authenticator, 2STP, OTP Auth, Authy and others.

Please let me know if you have any questions.

Regards,

Liubov

Florian Prabst July 29, 2020

Hello,

 

is there a roadmap for Safari support for U2F devices like Yubikey? Safari DOES support that now, but I still get a "your current browser doesn't support adding security keys" error from 2FA for Jira.

 

Thanks,

Florian

Lars Olav Velle _Polar SSO_ July 29, 2020

Have a look at https://marketplace.atlassian.com/vendors/1216264/polarnight

A brand new security add-on with a lot of features, including 2FA.

Florian Prabst July 29, 2020

Thanks @Lars Olav Velle _Polar SSO_, there we have the slight problem that Amazon as our potential SSO provider also still doesn't support U2F devices in Safari :)

Liubov Topchyi
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
July 29, 2020

Hello @Florian Prabst  ,

We're going to release an update in a week or two. I'll let you know about the release.

Regards,

Liubov

Florian Prabst July 29, 2020

Thanks @Liubov Topchyi! 👍

Like # people like this
Greg Lev June 29, 2022

I do understand U can ignore a question from Russia and I accept any type of your response (or any type of your behaviour on my question) with all the respect from my end.

But.

CROWD 5.0.0. 2 nodes cluster.
2FA for Crowd: U2F & TOTP 2.3.1 installed.

Plugin fails to enable with following:

Caused by: org.springframework.beans.factory.NoSuchBeanDefinitionException: No qualifying bean of type 'com.atlassian.crowd.manager.directory.DirectoryManager' available: expected at least 1 bean which qualifies as autowire candidate. Dependency annotations: {}

at org.springframework.beans.factory.support.DefaultListableBeanFactory.raiseNoMatchingBeanFound(DefaultListableBeanFactory.java:1799)

at org.springframework.beans.factory.support.DefaultListableBeanFactory.doResolveDependency(DefaultListableBeanFactory.java:1355)

at org.springframework.beans.factory.support.DefaultListableBeanFactory.resolveDependency(DefaultListableBeanFactory.java:1309)

at org.springframework.beans.factory.support.ConstructorResolver.resolveAutowiredArgument(ConstructorResolver.java:887)

at org.springframework.beans.factory.support.ConstructorResolver.createArgumentArray(ConstructorResolver.java:791)

... 19 more

2022-06-30 02:05:09,454 http-nio-8095-exec-18 url: /crowd/rest/plugins/1.0/com.alphaserve.crowd-authplugin-key; user: ge.lev INFO [atlassian.plugin.manager.PluginEnabler] Plugin 'com.alphaserve.crowd-authplugin' is now DISABLED

2022-06-30 02:05:09,501 http-nio-8095-exec-18 url: /crowd/rest/plugins/1.0/com.alphaserve.crowd-authplugin-key; user: ge.lev INFO [upm.core.log.PluginSettingsAuditLogService] Thu Jun 30 02:05:09 MSK 2022 ge.lev: Failed to enable app 2FA for Crowd: U2F & TOTP (com.alphaserve.crowd-authplugin)
How to fix this?
Aditya_miniOrange July 5, 2022

Hi @Greg Lev 

It seems that you are looking to use 2FA for Crowd.

If yes then you can try our miniOrange Crowd 2FA Add-on on the Marketplace.

You can enable 2FA or MFA for individual users and let users configure 2FA during their first login. It also has the provision to enable 2FA for all existing and new users using Crowd 2FA.

Could you please let me know your use case in detail so that I can point you in the right direction?

You can reach out to me at support-atlassian@miniorange.atlassian.net to discuss this further.

Thanks,
Aditya Kekre

PS: I work for miniOrange, one of the top SSO vendors on Atlassian Marketplace.

Greg Lev July 5, 2022

Unfortunately, it does not support (officially) CROWD DataCenter.

Aditya_miniOrange July 5, 2022

Hi @Greg Lev 

We have submitted the add-on to the Atlassian team, to make it Datacenter compatible and currently it is under the approval process. Once it gets approved it will be reflected in your crowd instance and I will give you an update as well. 

In the meantime, you can continue to use the Server version of the add-on. It has been thoroughly tested on a Crowd DC instance with large datasets and it works fine.

If you have any further questions, please let me know. You can reach out to us at support-atlassian@miniorange.atlassian.net to discuss this further.

Thanks,
Aditya Kekre

Aditya_miniOrange October 7, 2022

Hi @Greg Lev 

As mentioned earlier we are happy to announce that the miniOrange Crowd 2FA Add-on is now Data Center compatible. 

You can enable 2FA or MFA for individual users and let users configure 2FA during their first login. It also has the provision to enable 2FA for all existing and new users using Crowd 2FA.

You can also contact us directly at atlassiansupport@xecurify.com to discuss this further.

Thanks,
Aditya Kekre

TAGS
AUG Leaders

Atlassian Community Events