Come for the products,
stay for the community

The Atlassian Community can help you and your team get more value out of Atlassian products and practices.

Atlassian Community about banner
4,366,104
Community Members
 
Community Events
168
Community Groups

2FA for Jira: U2F & TOTP

Edited

You may discuss "2FA for Jira: U2F & TOTP" app here.

7 comments

Will this plug-in work if we are using Crowd as a user directory?

Hi @Brian Tullio Yes, our app supports Crowd. 

I see you have a plug-in for Confluence also but not Bitbucket.

Are there plans to accommodate Bitbucket?

@Brian Tullio Bitbucket natively support U2F devices (https://bitbucket.org/blog/universal-2nd-factor), so there's no need in additional plugin

As far as I can tell, this only applies to Bitbucket cloud.

U2F for server has been a requested feature since 2015 but has received no love.

https://jira.atlassian.com/browse/BSERV-7815?focusedCommentId=999206&page=com.atlassian.jira.plugin.system.issuetabpanels%3Acomment-tabpanel

@Anton Storozhuk Any thought on my last post? I can see that other vendors offer Bitbucket plugins.

I like yours since it works very well, but would prefer to go with the same vendor cross our Jira/Confluence/Bitbucket installation.

Hi @Brian Tullio We started to work on Bitbucket 2FA plugin. The functionality will be exactly the same as Jira & Confluence versions. I'll keep you posted. Thanks!

@Anton Storozhuk Fantastic! I would like to work this into my IT schedule, any ETA? I would be happy to be a part of testing once you have something working, even if it is beta.

@Brian Tullio ETA for beta is around 4-5 weeks. I've scheduled a contact with you already. Thanks for letting me know that you're ready to be a part of testing.

Hi @Brian Tullio we've finished to work on Bitbucket 2FA app and submitted it to Atlassian Marketplace. I'll let you know when the app is reviewed and available to download.

@Anton Storozhuk - that's great news, thanks!

Hi @Brian Tullio our Bitbucket Server 2FA solution is finally arrived: https://marketplace.atlassian.com/apps/1220942/2fa-for-bitbucket-u2f-totp?hosting=server&tab=overview please try it our and share your feedback with me.

 

Thanks,

Anton.

Hi @Anton Storozhuk 

I downloaded the add-on and everything installed fine.

However, when attempting to setup the 2FA for my own account, I get a 500 error.

I get the QR code screen, and scan it with the Google Authenticator. It does not ask me for the secret key, it just adds the account immediately.

Then, Google Authenticator gives me a 6 digit code. But, when I put that code into the 2FA screen on Bitbucket, it gives me the 500 error. It looks like it's trying to access this page - plugins/servlet/authplugin/tfaconfiguration?wrongcode=true

 

I tried it a bunch of times, and made sure the code was correct.

@Brian Tullio thanks for being so fast! Contacting you to get more details on this...

Issue has been resolved.

May I know how to fix this issue?

 

Then, Google Authenticator gives me a 6 digit code. But, when I put that code into the 2FA screen on Bitbucket, it gives me the 500 error. It looks like it's trying to access this page - plugins/servlet/authplugin/tfaconfiguration?wrongcode=true

 

We're trying this addon and some user report the same issue.

 

Thanks

Hello @franky064991 ,

Since we use the Time-based One-Time Password algorithm (TOTP) there is an assumption that the time on the phone may be unsynchronised.
Could you please make sure that the time synchronized (accurate to the minute and second) with your Bitbucket instance and mentioned phone?


Please let us know if this helped.

Otherwise could you please send us the log files from your Bitbucket instance  to support@alpha-serve.com ?

 

Thank you.

Like Anton Storozhuk likes this

Hello @franky064991 ,

Are you still experiencing the same issue?

Please let me know. 

Regards,

Liubov

Hi Liubov,

 

Problem solved, thx for the suggestion.

Like Anton Storozhuk likes this

When adding a U2F key, the plugin almost immediately opens a Chrome dialog to insert and tap the key before I have a chance to type a name for it. Then, the plugin complains that I have not given it a name and repeats the process. The only workaround I have found is to type a name in notepad, copy it, and then paste it into the form before the dialog appears. If I press cancel in the dialog, it reports an error and returns to the 2FA configuration page.

Hey @Colin King

What device are you using?

Hi, I am using Chrome 76 in a Windows 10 desktop. I just installed the plugin and was trying it with the default settings.

@Colin King thanks for the info. What type of U2F hardware key you were trying to add?

Yubikey 5 NFC and Yubikey Security Key. I was able to get them both working using the workaround.

@Colin King Both HW keys are used in our regular regression testing. I'll pass this to our QA dept and come back to you when I know more. Can you please share your contact info with me? Please email me at a.storozhuk@alpha-serve.com. Thanks, Anton.

@Colin King we've released app update v.3.1.5 which should fix the issue. Could you please update your instance and recheck? Thanks, Anton.

Is there a way to connect the app with a DUO account?

Hello @Beth Starr ,

Now you can use Duo Mobile app as a TOTP code generator for third-party accounts. 

We're considering adding support for connecting 2FA for Jira: U2F & TOTP plugin to a Duo account. We let you know the details as soon as they are available. 

Regards,

Liubov

Hello,

Is it possible with your plugin to enable 2FA on the user level?
Also, what mobile 2FA apps are supported by it?

Regards,

Tamas Juhasz

Hello @Tamas Juhasz ,

Thank you for your question.

After the plugin was installed on your instance by admin (currently we have 2FA plugins for Jira, Confluence, Bitbucket, Crowd and Bamboo; Crucible and FishEye are coming soon) users can enable 2FA on the user level.

Plugins work with mobile applications based on the RFC 6238 standard that generate tokens, such as: Google Authenticator, Microsoft Authenticator, 2STP, OTP Auth, Authy and others.

Please let me know if you have any questions.

Regards,

Liubov

Hello,

 

is there a roadmap for Safari support for U2F devices like Yubikey? Safari DOES support that now, but I still get a "your current browser doesn't support adding security keys" error from 2FA for Jira.

 

Thanks,

Florian

Have a look at https://marketplace.atlassian.com/vendors/1216264/polarnight

A brand new security add-on with a lot of features, including 2FA.

Thanks @Lars Olav Velle _Polar SSO_, there we have the slight problem that Amazon as our potential SSO provider also still doesn't support U2F devices in Safari :)

Hello @Florian Prabst  ,

We're going to release an update in a week or two. I'll let you know about the release.

Regards,

Liubov

Like # people like this

I do understand U can ignore a question from Russia and I accept any type of your response (or any type of your behaviour on my question) with all the respect from my end.

But.

CROWD 5.0.0. 2 nodes cluster.
2FA for Crowd: U2F & TOTP 2.3.1 installed.

Plugin fails to enable with following:

Caused by: org.springframework.beans.factory.NoSuchBeanDefinitionException: No qualifying bean of type 'com.atlassian.crowd.manager.directory.DirectoryManager' available: expected at least 1 bean which qualifies as autowire candidate. Dependency annotations: {}

at org.springframework.beans.factory.support.DefaultListableBeanFactory.raiseNoMatchingBeanFound(DefaultListableBeanFactory.java:1799)

at org.springframework.beans.factory.support.DefaultListableBeanFactory.doResolveDependency(DefaultListableBeanFactory.java:1355)

at org.springframework.beans.factory.support.DefaultListableBeanFactory.resolveDependency(DefaultListableBeanFactory.java:1309)

at org.springframework.beans.factory.support.ConstructorResolver.resolveAutowiredArgument(ConstructorResolver.java:887)

at org.springframework.beans.factory.support.ConstructorResolver.createArgumentArray(ConstructorResolver.java:791)

... 19 more

2022-06-30 02:05:09,454 http-nio-8095-exec-18 url: /crowd/rest/plugins/1.0/com.alphaserve.crowd-authplugin-key; user: ge.lev INFO [atlassian.plugin.manager.PluginEnabler] Plugin 'com.alphaserve.crowd-authplugin' is now DISABLED

2022-06-30 02:05:09,501 http-nio-8095-exec-18 url: /crowd/rest/plugins/1.0/com.alphaserve.crowd-authplugin-key; user: ge.lev INFO [upm.core.log.PluginSettingsAuditLogService] Thu Jun 30 02:05:09 MSK 2022 ge.lev: Failed to enable app 2FA for Crowd: U2F & TOTP (com.alphaserve.crowd-authplugin)
How to fix this?

Hi @Greg Lev 

It seems that you are looking to use 2FA for Crowd.

If yes then you can try our miniOrange Crowd 2FA Add-on on the Marketplace.

You can enable 2FA or MFA for individual users and let users configure 2FA during their first login. It also has the provision to enable 2FA for all existing and new users using Crowd 2FA.

Could you please let me know your use case in detail so that I can point you in the right direction?

You can reach out to me at support-atlassian@miniorange.atlassian.net to discuss this further.

Thanks,
Aditya Kekre

PS: I work for miniOrange, one of the top SSO vendors on Atlassian Marketplace.

Unfortunately, it does not support (officially) CROWD DataCenter.

Hi @Greg Lev 

We have submitted the add-on to the Atlassian team, to make it Datacenter compatible and currently it is under the approval process. Once it gets approved it will be reflected in your crowd instance and I will give you an update as well. 

In the meantime, you can continue to use the Server version of the add-on. It has been thoroughly tested on a Crowd DC instance with large datasets and it works fine.

If you have any further questions, please let me know. You can reach out to us at support-atlassian@miniorange.atlassian.net to discuss this further.

Thanks,
Aditya Kekre

Comment

Log in or Sign up to comment