Two JIRA users constantly logged out and prompted for CAPTCHA.

Hi all.

We have a single server hosting Crowd, Stash, FishEye, Bamboo and JIRA anc Crowd is providing active directory authentication for the other four products.

Since changing my domain password, I've found that my JIRA failed login count has gone through the roof. The security log even shows failed logins for times that I've not been in the office. Typically, I'll go to use JIRA and it'll prompt me for a CAPTCHA login, and I'll have to go through the following process before I can get in:

  1. Login with my real credentials and provide CAPTCHA (fails).
  2. Login in with bogus credentials and provide CAPTCHA (fails).
  3. Login in my real credentials, no CAPTCHA required (fails).
  4. Login with my real credentials and provide CAPTCHA (works).

This happens quite frequently, and it's only happening to two of us in the office since we changed our network passwords, and I can't work out why. I even tried setting the CAPTCHA failed login maximum to unlimited, but it still requests it.

Looking at the log files, I also found that when it does decide to randomly fail a login, it doesn't increase the login fail count by one, but by eight, as evidenced by these consecutive log entries:

anonymous /browse/(issue) The user '(Username)' is required to answer a CAPTCHA elevated security check.  Failure count equals 13

anonymous /login.jsp The user '(Username)' is required to answer a CAPTCHA elevated security check.  Failure count equals 14

anonymous /login.jsp The user '(Username)' is required to answer a CAPTCHA elevated security check.  Failure count equals 15

anonymous /captcha The user '(Username)' is required to answer a CAPTCHA elevated security check.  Failure count equals 16

anonymous /rest/helptips/1.0/tips The user '(Username)' is required to answer a CAPTCHA elevated security check.  Failure count equals 17

anonymous /rest/menu/latest/appswitcher The user '(Username)' is required to answer a CAPTCHA elevated security check.  Failure count equals 18

anonymous /rest/nav-links-analytics-data/1.0/ The user '(Username)' is required to answer a CAPTCHA elevated security check.  Failure count equals 19

anonymous /rest/api/2/attachment/meta The user '(Username)' is required to answer a CAPTCHA elevated security check.  Failure count equals 20

This means that my failed login count can reach the thousands, which is crazy.

I tried uninstalling the Atlassian connector from Visual Studio, in the hopes that this was causing the failed logins, but it's still happening. I'm very close to adding a trigger to the right table so that as soon as the failed login count goes up by one, it's immediately set back to zero! But I imagine I'd still be logged out - it's just that I wouldn't be faced with a CAPTCHA request each time.

Any ideas?

1 answer

1 accepted

This widget could not be displayed.

So it turns out I'm an idiot. I still had my RSS reader running in my system tray using my old credentials!

Still seems like something is off. It makes sense that your RSS reader triggering JIRA to require a CAPTCHA. It doesn't make sense (to me) that step #1 didn't work. If you login with your credentials and provide a CAPTCHA, shouldn't it let you in?

Yeah that's the weird part. Once it requires CAPTCHA, I have to log in with the wrong username first, otherwise it just won't accept my credentials. I can't think why that would be, though. I can only imagine it's a bug either in the application or the database.

and this happens exactly the same way to me... the login doesn't work unless I do a workaround (I found reloading the captcha also works), And I also had an rss reader configured with the wrong password :)

Suggest an answer

Log in or Sign up to answer
Atlassian Summit 2018

Meet the community IRL

Atlassian Summit is an excellent opportunity for in-person support, training, and networking.

Learn more
Community showcase
Posted Wednesday in New to Jira

Are you planning to trial, or are currently trialling Jira Software? - We want to talk to you!

Hello! I'm Rayen, a product manager at Atlassian. My team and I are working hard to improve the trial experience for Jira Software Cloud. We are interested in   talking to 20 people planning t...

146 views 2 0
Join discussion

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you