Unable to do Admin Login in JIRA

Ankur Mehrotra December 11, 2014

1. Login in JIRA
2. Unable to Login into Jira Admin(System,User Management etc)
https://dev3-atlassian.sapient.com/jira/secure/admin/WebSudoAuthenticate.jspa
I am also unable to provide support zip file to you
Getting following below error

2014-12-12 14:38:55,665 http-bio-8081-exec-23 WARN amehr1 878x93x1 d0vl5e 10.202.99.247,10.207.11.132 /secure/admin/WebSudoAuthenticate.jspa[apache.commons.httpclient.HttpMethodBase] Going to buffer response body of large or unknown size. Using getResponseBodyAsStream instead is recommended.

3 answers

1 vote
Nic Brough -Adaptavist-
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
December 12, 2014

We'll need more of the log - what you've posted is just a warning, not the error.

More importantly, what error do you get on screen? 

Ankur Mehrotra December 12, 2014

Only following message is coming on the screen - "The password you entered is incorrect."

Nic Brough -Adaptavist-
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
December 12, 2014

Ah, well, get the password right then. If you've lost it, then have a look at https://confluence.atlassian.com/display/JIRA/Retrieving+the+JIRA+Administrator

Ankur Mehrotra December 12, 2014

But the problem is that - I am able to login in Jira,but can't go to Admin Section

Nic Brough -Adaptavist-
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
December 12, 2014

Then you are not an administrator. Check your groups, and refer to the page I mentioned for how to get yourself back into the admin groups

0 votes
paulboomgaart January 1, 2016

All this religious discussion about security is fun and all, but I'm still trying to get the a REST call to create a user account to work.

Websudo as implemented to stop walk by issues seems pointless for a 10ms API call. So how *do* we get around WebSudo issues for REST calls?

BTW I'm looking at the rest docs, and there are plenty of admin features in there.

0 votes
Andre Lehmann
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
December 12, 2014

You also can try to disable the websudo in the jpm.xml, but the hint from Nic is better^^

Nic Brough -Adaptavist-
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
December 12, 2014

Actually, it's more secure. Well intentioned. Mildly inconvenient. But I suspect the problem is that the password is wrong.

Paul Fink December 12, 2014

To each ... Atlassian has a long way to go to get security right. The Captcha implementation breaks often and adds no value for in house installations. The websudo is another (oh isn't this cool.) feature that has negative effects like breaking REST API. I would argue that it doesn't add any real security. Adding support for masking database password would be a good basic security feature that should be implemented before these "gee wiz that cool" features.

Nic Brough -Adaptavist-
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
December 12, 2014

Mmm. - You can turn Captcha off. I generally do for internal systems, as you say, it's useless, especially when you move to external directories. Even if you leave it on, I'm afraid it's an obsolete security measure - there are at least two "expert systems" out there that are 95% effective against the more commonly used Captcha systems currently used, and you can buy Captcha breaking farm time really cheaply too. - Websudo is intended to stop walk by unlocked computer attacks. It's not an "oh isn't this cool", it's a level of security that a lot of large organisations mandate in their software, to the point where I've seen software under evaluation dropped from the list because it doesn't have it. Sure, turn it off if you're in a secure/trusted environment, but saying it's a useless feature is absolutely incorrect. - Websudo breaking REST doesn't matter - REST doesn't expose admin functions. And even if you do expose them, it doesn't "break" them, it just requires you to implement security better - Masked database passwords - I'd agree they're a good thing, but the structure of these applications is such that if someone is reading your installed password, you've got MUCH bigger problems because they have direct access to your servers...

Paul Fink December 12, 2014

Sorry Nic, but your just simply wrong. You can not turn Captcha off in 6.3. It defaults to 3 tries. If you set the number of attempts to "blank" it resets it to 3. If you go into the database and set it to null, it resets it to 3 tries. REST does expose "admin" functions and Websudo is an issue, not better security. Masked DB password is a big deal if you work for a corporation that gets audited for PCI or any other security compliance.

Nic Brough -Adaptavist-
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
December 12, 2014

<sigh> You can turn off Captcha, just not in the GUI config. The database changes are working fine for me on several 6.3 installs What admin functions do you think REST exposes? Websudo is a legal requirement in some places, and it is better security, so you're absolutely wrong on that Also wrong - remember to expose the password, the bad guy already has full access to your server. It's bolting the stable door after the horse has run, and died of old age...

Suggest an answer

Log in or Sign up to answer