Unable to do Admin Login in JIRA

1. Login in JIRA
2. Unable to Login into Jira Admin(System,User Management etc)
I am also unable to provide support zip file to you
Getting following below error

2014-12-12 14:38:55,665 http-bio-8081-exec-23 WARN amehr1 878x93x1 d0vl5e, /secure/admin/WebSudoAuthenticate.jspa[apache.commons.httpclient.HttpMethodBase] Going to buffer response body of large or unknown size. Using getResponseBodyAsStream instead is recommended.

3 answers

1 vote

We'll need more of the log - what you've posted is just a warning, not the error.

More importantly, what error do you get on screen? 

Only following message is coming on the screen - "The password you entered is incorrect."

Ah, well, get the password right then. If you've lost it, then have a look at https://confluence.atlassian.com/display/JIRA/Retrieving+the+JIRA+Administrator

But the problem is that - I am able to login in Jira,but can't go to Admin Section

Then you are not an administrator. Check your groups, and refer to the page I mentioned for how to get yourself back into the admin groups

You also can try to disable the websudo in the jpm.xml, but the hint from Nic is better^^

Actually, it's more secure. Well intentioned. Mildly inconvenient. But I suspect the problem is that the password is wrong.

To each ... Atlassian has a long way to go to get security right. The Captcha implementation breaks often and adds no value for in house installations. The websudo is another (oh isn't this cool.) feature that has negative effects like breaking REST API. I would argue that it doesn't add any real security. Adding support for masking database password would be a good basic security feature that should be implemented before these "gee wiz that cool" features.

Mmm. - You can turn Captcha off. I generally do for internal systems, as you say, it's useless, especially when you move to external directories. Even if you leave it on, I'm afraid it's an obsolete security measure - there are at least two "expert systems" out there that are 95% effective against the more commonly used Captcha systems currently used, and you can buy Captcha breaking farm time really cheaply too. - Websudo is intended to stop walk by unlocked computer attacks. It's not an "oh isn't this cool", it's a level of security that a lot of large organisations mandate in their software, to the point where I've seen software under evaluation dropped from the list because it doesn't have it. Sure, turn it off if you're in a secure/trusted environment, but saying it's a useless feature is absolutely incorrect. - Websudo breaking REST doesn't matter - REST doesn't expose admin functions. And even if you do expose them, it doesn't "break" them, it just requires you to implement security better - Masked database passwords - I'd agree they're a good thing, but the structure of these applications is such that if someone is reading your installed password, you've got MUCH bigger problems because they have direct access to your servers...

Sorry Nic, but your just simply wrong. You can not turn Captcha off in 6.3. It defaults to 3 tries. If you set the number of attempts to "blank" it resets it to 3. If you go into the database and set it to null, it resets it to 3 tries. REST does expose "admin" functions and Websudo is an issue, not better security. Masked DB password is a big deal if you work for a corporation that gets audited for PCI or any other security compliance.

<sigh> You can turn off Captcha, just not in the GUI config. The database changes are working fine for me on several 6.3 installs What admin functions do you think REST exposes? Websudo is a legal requirement in some places, and it is better security, so you're absolutely wrong on that Also wrong - remember to expose the password, the bad guy already has full access to your server. It's bolting the stable door after the horse has run, and died of old age...

All this religious discussion about security is fun and all, but I'm still trying to get the a REST call to create a user account to work.

Websudo as implemented to stop walk by issues seems pointless for a 10ms API call. So how *do* we get around WebSudo issues for REST calls?

BTW I'm looking at the rest docs, and there are plenty of admin features in there.

Suggest an answer

Log in or Sign up to answer
Community showcase
Published Jan 08, 2019 in Jira

How to Jira for designers

I’m a designer on the Jira team. For a long time, I’ve fielded questions from other designers about how they should be using Jira Software with their design team. I’ve also heard feedback from other ...

1,234 views 5 10
Read article

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you