1. Login in JIRA
2. Unable to Login into Jira Admin(System,User Management etc)
https://dev3-atlassian.sapient.com/jira/secure/admin/WebSudoAuthenticate.jspa
I am also unable to provide support zip file to you
Getting following below error
2014-12-12 14:38:55,665 http-bio-8081-exec-23 WARN amehr1 878x93x1 d0vl5e 10.202.99.247,10.207.11.132 /secure/admin/WebSudoAuthenticate.jspa[apache.commons.httpclient.HttpMethodBase] Going to buffer response body of large or unknown size. Using getResponseBodyAsStream instead is recommended.
We'll need more of the log - what you've posted is just a warning, not the error.
More importantly, what error do you get on screen?
Only following message is coming on the screen - "The password you entered is incorrect."
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Ah, well, get the password right then. If you've lost it, then have a look at https://confluence.atlassian.com/display/JIRA/Retrieving+the+JIRA+Administrator
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
But the problem is that - I am able to login in Jira,but can't go to Admin Section
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Then you are not an administrator. Check your groups, and refer to the page I mentioned for how to get yourself back into the admin groups
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
All this religious discussion about security is fun and all, but I'm still trying to get the a REST call to create a user account to work.
Websudo as implemented to stop walk by issues seems pointless for a 10ms API call. So how *do* we get around WebSudo issues for REST calls?
BTW I'm looking at the rest docs, and there are plenty of admin features in there.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You also can try to disable the websudo in the jpm.xml, but the hint from Nic is better^^
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
I say disable websudo. Its evil. https://confluence.atlassian.com/display/JIRA/Configuring+Secure+Administrator+Sessions
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Actually, it's more secure. Well intentioned. Mildly inconvenient. But I suspect the problem is that the password is wrong.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
To each ... Atlassian has a long way to go to get security right. The Captcha implementation breaks often and adds no value for in house installations. The websudo is another (oh isn't this cool.) feature that has negative effects like breaking REST API. I would argue that it doesn't add any real security. Adding support for masking database password would be a good basic security feature that should be implemented before these "gee wiz that cool" features.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Mmm. - You can turn Captcha off. I generally do for internal systems, as you say, it's useless, especially when you move to external directories. Even if you leave it on, I'm afraid it's an obsolete security measure - there are at least two "expert systems" out there that are 95% effective against the more commonly used Captcha systems currently used, and you can buy Captcha breaking farm time really cheaply too. - Websudo is intended to stop walk by unlocked computer attacks. It's not an "oh isn't this cool", it's a level of security that a lot of large organisations mandate in their software, to the point where I've seen software under evaluation dropped from the list because it doesn't have it. Sure, turn it off if you're in a secure/trusted environment, but saying it's a useless feature is absolutely incorrect. - Websudo breaking REST doesn't matter - REST doesn't expose admin functions. And even if you do expose them, it doesn't "break" them, it just requires you to implement security better - Masked database passwords - I'd agree they're a good thing, but the structure of these applications is such that if someone is reading your installed password, you've got MUCH bigger problems because they have direct access to your servers...
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Sorry Nic, but your just simply wrong. You can not turn Captcha off in 6.3. It defaults to 3 tries. If you set the number of attempts to "blank" it resets it to 3. If you go into the database and set it to null, it resets it to 3 tries. REST does expose "admin" functions and Websudo is an issue, not better security. Masked DB password is a big deal if you work for a corporation that gets audited for PCI or any other security compliance.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
<sigh> You can turn off Captcha, just not in the GUI config. The database changes are working fine for me on several 6.3 installs What admin functions do you think REST exposes? Websudo is a legal requirement in some places, and it is better security, so you're absolutely wrong on that Also wrong - remember to expose the password, the bad guy already has full access to your server. It's bolting the stable door after the horse has run, and died of old age...
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.