Create
cancel
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in

Next challenges

Recent achievements

  • Global
  • Personal

Recognition

  • Give kudos
  • Received
  • Given

Leaderboard

  • Global

Trophy case

Kudos (beta program)

Kudos logo

You've been invited into the Kudos (beta program) private group. Chat with others in the program, or give feedback to Atlassian.

View group

It's not the same without you

Join the community to find out what other Atlassian users are discussing, debating and creating.

Atlassian Community Hero Image Collage

Two JIRA users constantly logged out and prompted for CAPTCHA.

Hi all.

We have a single server hosting Crowd, Stash, FishEye, Bamboo and JIRA anc Crowd is providing active directory authentication for the other four products.

Since changing my domain password, I've found that my JIRA failed login count has gone through the roof. The security log even shows failed logins for times that I've not been in the office. Typically, I'll go to use JIRA and it'll prompt me for a CAPTCHA login, and I'll have to go through the following process before I can get in:

  1. Login with my real credentials and provide CAPTCHA (fails).
  2. Login in with bogus credentials and provide CAPTCHA (fails).
  3. Login in my real credentials, no CAPTCHA required (fails).
  4. Login with my real credentials and provide CAPTCHA (works).

This happens quite frequently, and it's only happening to two of us in the office since we changed our network passwords, and I can't work out why. I even tried setting the CAPTCHA failed login maximum to unlimited, but it still requests it.

Looking at the log files, I also found that when it does decide to randomly fail a login, it doesn't increase the login fail count by one, but by eight, as evidenced by these consecutive log entries:

anonymous /browse/(issue) The user '(Username)' is required to answer a CAPTCHA elevated security check.  Failure count equals 13

anonymous /login.jsp The user '(Username)' is required to answer a CAPTCHA elevated security check.  Failure count equals 14

anonymous /login.jsp The user '(Username)' is required to answer a CAPTCHA elevated security check.  Failure count equals 15

anonymous /captcha The user '(Username)' is required to answer a CAPTCHA elevated security check.  Failure count equals 16

anonymous /rest/helptips/1.0/tips The user '(Username)' is required to answer a CAPTCHA elevated security check.  Failure count equals 17

anonymous /rest/menu/latest/appswitcher The user '(Username)' is required to answer a CAPTCHA elevated security check.  Failure count equals 18

anonymous /rest/nav-links-analytics-data/1.0/ The user '(Username)' is required to answer a CAPTCHA elevated security check.  Failure count equals 19

anonymous /rest/api/2/attachment/meta The user '(Username)' is required to answer a CAPTCHA elevated security check.  Failure count equals 20

This means that my failed login count can reach the thousands, which is crazy.

I tried uninstalling the Atlassian connector from Visual Studio, in the hopes that this was causing the failed logins, but it's still happening. I'm very close to adding a trigger to the right table so that as soon as the failed login count goes up by one, it's immediately set back to zero! But I imagine I'd still be logged out - it's just that I wouldn't be faced with a CAPTCHA request each time.

Any ideas?

1 answer

1 accepted

1 vote
Answer accepted

So it turns out I'm an idiot. I still had my RSS reader running in my system tray using my old credentials!

Still seems like something is off. It makes sense that your RSS reader triggering JIRA to require a CAPTCHA. It doesn't make sense (to me) that step #1 didn't work. If you login with your credentials and provide a CAPTCHA, shouldn't it let you in?

Yeah that's the weird part. Once it requires CAPTCHA, I have to log in with the wrong username first, otherwise it just won't accept my credentials. I can't think why that would be, though. I can only imagine it's a bug either in the application or the database.

and this happens exactly the same way to me... the login doesn't work unless I do a workaround (I found reloading the captcha also works), And I also had an rss reader configured with the wrong password :)

Im running firefox 32 (no, I cant upgrade) it doesn't look like I can even set RSS feeds in it (?) 

Yet (via looking at the logs) jira seems to continuously try to log me in, even when I am not at work, until I get presented with a captcha fail. 

I am always unable to remedy the captcha fail and have to have the admin reset the account.

Thoughts, guidance, opinions?

@Stacey Sproul  - Same happening for me too. Were you able to fix it?

Suggest an answer

Log in or Sign up to answer
TAGS

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you