Check if http basic authentication is enabled

LJLowry April 23, 2013

I need to verify if http basic authentication is enabled on a particular jira instance. If I run createmeta calls against the REST api I get 401 unauthorized errors, which leads me to believe that http basic is disabled since these same curl calls work against another jira instanse I have access to and I can log in using a browser.

What's the easiest way to confirm in the jira configuration that http basic authentication has been disabled?

1 answer

1 accepted

1 vote
Answer accepted
Joe Clark
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
April 23, 2013

Run curl -v http://jira-urll?os_authType=basic to see the request and response headers when accessing JIRA.

If you see this response header:

WWW-Authenticate: Basic realm="protected-area"

Then you know HTTP Basic authentication is enabled.


As far as I know, there is no way to turn off HTTP Basic authentication in JIRA. You would only be able to achieve this by installing a custom Seraph authenticator in Confluence (eg. to enable single sign-on in your JIRA instance, for example).

LJLowry April 23, 2013

Thank you! This is perfect. I believe this case is one of the Seraph authenticator having been installed, this gives me a much better understanding of what's going on.

Joe Clark
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
April 30, 2013

Oops! Sorry, I've just realised there is a mistake in my answer. You need to run curl -v http://jira-url?os_authType=basic

The parameter on the end is important in order to make Seraph challenge you for basic authentication. Sorry for the confusion and sorry I didn't pick up on this earlier! Hope I didn't waste too much of your time.

Like Johannes Millan likes this
Tanuj Agrawal March 30, 2020

Hi, I am trying to determine whether Basic Auth is enabled or not for my JIRA instance. As per other suggestion I tried below curl command

curl -v https://<JIRA-URL>?os_authType=basic

and got below headers in response.

WWW-Authenticate :Basic realm="protected-area"

WWW-Authenticate : OAuth realm="<JIRA-URL>"

I am bit confused with both Basic and OAuth being present in response.

I am getting 403 for all the REST calls being made with Basic auth even for GET

Like teodustus likes this

Suggest an answer

Log in or Sign up to answer