Hi, I am trying to determine whether Basic Auth is enabled or not for my JIRA instance. As per other suggestion I tried below curl command
curl -v https://<JIRA-URL>?os_authType=basic
and got below headers in response.
WWW-Authenticate :Basic realm="protected-area"
WWW-Authenticate : OAuth realm="<JIRA-URL>"
I am bit confused with both Basic and OAuth being present in response.
I am getting 403 for all the REST calls being made with Basic auth even for GET
There are apps in the Marketplace that allow you to stop Basic Auth requests from taking place. We have included such a feature in the Kantega SSO Enterprise app.
https://kantega-sso.atlassian.net/wiki/spaces/KSE/pages/1868002/Forced+SSO+and+MFA
Our next public release will support creation of API tokens, -allowing users to authenticate API requests without using and exposing user account passwords: https://kantega-sso.atlassian.net/wiki/spaces/KSE/pages/28180485/API+Tokens. This feature can be used while any other basic auth requests are stopped.
Cheers,
Jon Espen
Kantega SSO
I don't believe that there is any way to disable Basic Auth. Both Basic and OAUTH are always available. Which one you use is up to you.
You should be getting a 401 error with this call since you are not passing in any authentication information. The "os_authType=basic" is a meaningless parameter.
The 403 error probably indicates that you have exceeded your failed logins and you need to enter a Captcha. If that is the case, you will need to reset your failed login count before you can do anything else.
The following curl statement works for my environment:
curl -u <username>:<password> -v https://jira.rightstar.com > /dev/null
This gives me the expected 200 return code.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.