I'm at a loss on this one. I have ONE user who can't seem to log into JIRA (server 7.4.3). They were able to log in back in July, but can't now. I get the following in the log:
'vandala' tried to login but they do not have USE permission or weren't found. Deleting remember me cookie.
2017-09-05 16:38:42,143 http-nio-80-exec-500 anonymous 998x1090914x1 1ngbs20 10.70.57.20 /login.jsp The user 'vandala' has FAILED authentication. Failure count equals 33
I've checked their groups - all correct. I've removed them from all groups and re-added. Still the same error. They've changed their active directory password and tried again. Still not working.
And yes, I know it "feels" like they're typing the wrong password. But I've tried their password and can't get it. And the service desk has changed it and had them try the new one, and still not luck.
All other users are working as expected. I don't know what else to try. I have submitted a support ticket, but they're waiting for logs from when the user tries to log in - but the user is on vaca for now. Thought I'd try the community. :-) THANKS!
Got the same error after turning off com.atlassian.confluence.user.ConfluenceAuthenticator and turning on com.atlassian.confluence.user.ConfluenceCrowdSSOAuthenticator
What should i check ?
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Can you tell us the basics of the setup of your user directories?
What directories do you have, and in what order? I suspect vandala may be duplicated and it's trying to log in as the wrong one...
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
The order is:
My user would be in the Columbus operations group.
Don't know if it matters, but he's off shore and would be using VPN to come in and logging into JIRA from that VPN client. Although we have other users who are coming in that way.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Ok, great. Can you check if there is a duplicate in the internal directory? Same login id.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Nope. The only ID I have in the internal directory is admin.
I did get a perplexing error early this AM when he tried to log in. Looks like my Cincinnati domain was having issues syncing and threw this error:
2017-09-25 05:04:27,143 http-nio-80-exec-758 ERROR anonymous 304x652104x1 14fhbvj 10.70.57.20 /login.jsp [c.a.c.manager.application.ApplicationServiceGeneric] Directory 'LUK BIND AD' is not functional during authentication of 'vandala@netjets.com'. Skipped.
What confuses me is that vandala is in the Columbus domain, so why would it care if LUK (Cincinnati) was having issues?
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Also, he's been able to log in before. That's what really confuses me. Something has changed. I just can't figure out what!
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You're right, Columbus shouldn't care if another domain is failing. Does vandala only exist in Columbus?
Also, can you try getting the lines of logs above and below the line you gave in the question (only 5 either side at most)
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Yep, I checked and he only exists in Columbus. Here is a chunk between two of his login attempts. Sorry it's so huge:
2017-09-25 04:42:44,387 Caesium-1-3 INFO ServiceRunner [c.a.crowd.directory.DbCachingRemoteDirectory] INCREMENTAL synchronisation complete for directory [ 10200 ] in [ 23977ms ]
2017-09-25 04:42:49,348 Caesium-1-2 INFO ServiceRunner [c.a.c.d.ldap.cache.UsnChangedCacheRefresher] scanned and compared [ 0 ] groups for delete in DB cache in [ 0ms ]
2017-09-25 04:42:49,364 Caesium-1-2 INFO ServiceRunner [c.a.crowd.directory.DbCachingRemoteChangeOperations] removing [ 0 ] groups
2017-09-25 04:42:49,364 Caesium-1-2 INFO ServiceRunner [c.a.crowd.directory.DbCachingRemoteChangeOperations] removed [ 0 ] groups successfully in [ 0ms ]
2017-09-25 04:42:49,364 Caesium-1-2 INFO ServiceRunner [c.a.crowd.directory.DbCachingRemoteDirectory] INCREMENTAL synchronisation complete for directory [ 10400 ] in [ 28564ms ]
2017-09-25 04:48:43,671 http-nio-80-exec-769 ERROR anonymous 288x652016x1 1gjzfaq 10.70.57.20 /login.jsp [c.a.c.manager.application.ApplicationServiceGeneric] Directory 'LUK BIND AD' is not functional during authentication of 'vandala@netjets.com'. Skipped.
2017-09-25 04:48:43,780 http-nio-80-exec-769 ERROR anonymous 288x652016x1 1gjzfaq 10.70.57.20 /login.jsp [c.a.j.security.login.JiraSeraphAuthenticator] Error occurred while trying to authenticate user 'vandala@netjets.com'.
com.atlassian.crowd.exception.runtime.OperationFailedException
at com.atlassian.crowd.embedded.core.CrowdServiceImpl.convertOperationFailedException(CrowdServiceImpl.java:945)
at com.atlassian.crowd.embedded.core.CrowdServiceImpl.authenticate(CrowdServiceImpl.java:87)
at com.atlassian.jira.security.login.JiraSeraphAuthenticator.crowdServiceAuthenticate(JiraSeraphAuthenticator.java:75)
at com.atlassian.jira.security.login.JiraSeraphAuthenticator.authenticate(JiraSeraphAuthenticator.java:49)
at com.atlassian.seraph.auth.DefaultAuthenticator.login(DefaultAuthenticator.java:88)
... 33 filtered
at com.atlassian.jira.servermetrics.CorrelationIdPopulatorFilter.doFilter(CorrelationIdPopulatorFilter.java:30)
... 10 filtered
at com.atlassian.web.servlet.plugin.request.RedirectInterceptingFilter.doFilter(RedirectInterceptingFilter.java:21)
... 4 filtered
at com.atlassian.web.servlet.plugin.LocationCleanerFilter.doFilter(LocationCleanerFilter.java:36)
... 26 filtered
at com.atlassian.jira.servermetrics.MetricsCollectorFilter.doFilter(MetricsCollectorFilter.java:25)
... 23 filtered
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
at java.lang.Thread.run(Thread.java:745)
Caused by: org.springframework.ldap.ConfigurationException: java.naming.provider.url property does not contain a URL; nested exception is javax.naming.ConfigurationException: java.naming.provider.url property does not contain a URL
at org.springframework.ldap.support.LdapUtils.convertLdapException(LdapUtils.java:111)
at org.springframework.ldap.core.support.AbstractContextSource.createContext(AbstractContextSource.java:356)
at org.springframework.ldap.core.support.AbstractContextSource.doGetContext(AbstractContextSource.java:140)
at org.springframework.ldap.core.support.AbstractContextSource.getReadWriteContext(AbstractContextSource.java:175)
at org.springframework.ldap.transaction.compensating.manager.TransactionAwareContextSourceProxy.getReadWriteContext(TransactionAwareContextSourceProxy.java:88)
at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:357)
at com.atlassian.crowd.directory.ldap.SpringLdapTemplateWrapper$9.timedCall(SpringLdapTemplateWrapper.java:337)
at com.atlassian.crowd.directory.ldap.SpringLdapTemplateWrapper$9.timedCall(SpringLdapTemplateWrapper.java:334)
at com.atlassian.crowd.directory.ldap.SpringLdapTemplateWrapper$TimedCallable.call(SpringLdapTemplateWrapper.java:146)
at com.atlassian.crowd.directory.ldap.SpringLdapTemplateWrapper.invokeWithContextClassLoader(SpringLdapTemplateWrapper.java:109)
at com.atlassian.crowd.directory.ldap.SpringLdapTemplateWrapper.search(SpringLdapTemplateWrapper.java:334)
at com.atlassian.crowd.directory.ldap.SpringLdapTemplateWrapper.searchWithLimitedResults(SpringLdapTemplateWrapper.java:376)
at com.atlassian.crowd.directory.SpringLDAPConnector.searchEntitiesWithRequestControls(SpringLDAPConnector.java:503)
at com.atlassian.crowd.directory.SpringLDAPConnector.searchEntities(SpringLDAPConnector.java:464)
at com.atlassian.crowd.directory.SpringLDAPConnector.searchUserObjects(SpringLDAPConnector.java:685)
at com.atlassian.crowd.directory.SpringLDAPConnector.findUserWithAttributesByName(SpringLDAPConnector.java:634)
at com.atlassian.crowd.directory.SpringLDAPConnector.findUserByName(SpringLDAPConnector.java:620)
at com.atlassian.crowd.directory.SpringLDAPConnector.authenticate(SpringLDAPConnector.java:1119)
at com.atlassian.crowd.directory.DbCachingRemoteDirectory.authenticateAndUpdateInternalUser(DbCachingRemoteDirectory.java:272)
at com.atlassian.crowd.directory.DbCachingRemoteDirectory.performAuthenticationAndUpdateAttributes(DbCachingRemoteDirectory.java:208)
at com.atlassian.crowd.directory.DbCachingRemoteDirectory.authenticate(DbCachingRemoteDirectory.java:186)
at com.atlassian.crowd.manager.directory.DirectoryManagerGeneric.authenticateUser(DirectoryManagerGeneric.java:311)
at com.atlassian.crowd.manager.application.ApplicationServiceGeneric.authenticateUser(ApplicationServiceGeneric.java:198)
at com.atlassian.crowd.embedded.core.CrowdServiceImpl.authenticate(CrowdServiceImpl.java:75)
... 107 more
Caused by: javax.naming.ConfigurationException: java.naming.provider.url property does not contain a URL
at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:78)
at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:684)
at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:313)
at javax.naming.InitialContext.init(InitialContext.java:244)
at javax.naming.ldap.InitialLdapContext.<init>(InitialLdapContext.java:154)
at org.springframework.ldap.core.support.AbstractContextSource.createContext(AbstractContextSource.java:344)
... 130 more
2017-09-25 05:04:27,143 http-nio-80-exec-758 ERROR anonymous 304x652104x1 14fhbvj 10.70.57.20 /login.jsp [c.a.c.manager.application.ApplicationServiceGeneric] Directory 'LUK BIND AD' is not functional during authentication of 'vandala@netjets.com'. Skipped.
2017-09-25 05:04:27,642 http-nio-80-exec-758 ERROR anonymous 304x652104x1 14fhbvj 10.70.57.20 /login.jsp [c.a.j.security.login.JiraSeraphAuthenticator] Error occurred while trying to authenticate user 'vandala@netjets.com'.
com.atlassian.crowd.exception.runtime.OperationFailedException
at com.atlassian.crowd.embedded.core.CrowdServiceImpl.convertOperationFailedException(CrowdServiceImpl.java:945)
at com.atlassian.crowd.embedded.core.CrowdServiceImpl.authenticate(CrowdServiceImpl.java:87)
at com.atlassian.jira.security.login.JiraSeraphAuthenticator.crowdServiceAuthenticate(JiraSeraphAuthenticator.java:75)
at com.atlassian.jira.security.login.JiraSeraphAuthenticator.authenticate(JiraSeraphAuthenticator.java:49)
at com.atlassian.seraph.auth.DefaultAuthenticator.login(DefaultAuthenticator.java:88)
... 33 filtered
at com.atlassian.jira.servermetrics.CorrelationIdPopulatorFilter.doFilter(CorrelationIdPopulatorFilter.java:30)
... 10 filtered
at com.atlassian.web.servlet.plugin.request.RedirectInterceptingFilter.doFilter(RedirectInterceptingFilter.java:21)
... 4 filtered
at com.atlassian.web.servlet.plugin.LocationCleanerFilter.doFilter(LocationCleanerFilter.java:36)
... 26 filtered
at com.atlassian.jira.servermetrics.MetricsCollectorFilter.doFilter(MetricsCollectorFilter.java:25)
... 23 filtered
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
at java.lang.Thread.run(Thread.java:745)
Caused by: org.springframework.ldap.ConfigurationException: java.naming.provider.url property does not contain a URL; nested exception is javax.naming.ConfigurationException: java.naming.provider.url property does not contain a URL
at org.springframework.ldap.support.LdapUtils.convertLdapException(LdapUtils.java:111)
at org.springframework.ldap.core.support.AbstractContextSource.createContext(AbstractContextSource.java:356)
at org.springframework.ldap.core.support.AbstractContextSource.doGetContext(AbstractContextSource.java:140)
at org.springframework.ldap.core.support.AbstractContextSource.getReadWriteContext(AbstractContextSource.java:175)
at org.springframework.ldap.transaction.compensating.manager.TransactionAwareContextSourceProxy.getReadWriteContext(TransactionAwareContextSourceProxy.java:88)
at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:357)
at com.atlassian.crowd.directory.ldap.SpringLdapTemplateWrapper$9.timedCall(SpringLdapTemplateWrapper.java:337)
at com.atlassian.crowd.directory.ldap.SpringLdapTemplateWrapper$9.timedCall(SpringLdapTemplateWrapper.java:334)
at com.atlassian.crowd.directory.ldap.SpringLdapTemplateWrapper$TimedCallable.call(SpringLdapTemplateWrapper.java:146)
at com.atlassian.crowd.directory.ldap.SpringLdapTemplateWrapper.invokeWithContextClassLoader(SpringLdapTemplateWrapper.java:109)
at com.atlassian.crowd.directory.ldap.SpringLdapTemplateWrapper.search(SpringLdapTemplateWrapper.java:334)
at com.atlassian.crowd.directory.ldap.SpringLdapTemplateWrapper.searchWithLimitedResults(SpringLdapTemplateWrapper.java:376)
at com.atlassian.crowd.directory.SpringLDAPConnector.searchEntitiesWithRequestControls(SpringLDAPConnector.java:503)
at com.atlassian.crowd.directory.SpringLDAPConnector.searchEntities(SpringLDAPConnector.java:464)
at com.atlassian.crowd.directory.SpringLDAPConnector.searchUserObjects(SpringLDAPConnector.java:685)
at com.atlassian.crowd.directory.SpringLDAPConnector.findUserWithAttributesByName(SpringLDAPConnector.java:634)
at com.atlassian.crowd.directory.SpringLDAPConnector.findUserByName(SpringLDAPConnector.java:620)
at com.atlassian.crowd.directory.SpringLDAPConnector.authenticate(SpringLDAPConnector.java:1119)
at com.atlassian.crowd.directory.DbCachingRemoteDirectory.authenticateAndUpdateInternalUser(DbCachingRemoteDirectory.java:272)
at com.atlassian.crowd.directory.DbCachingRemoteDirectory.performAuthenticationAndUpdateAttributes(DbCachingRemoteDirectory.java:208)
at com.atlassian.crowd.directory.DbCachingRemoteDirectory.authenticate(DbCachingRemoteDirectory.java:186)
at com.atlassian.crowd.manager.directory.DirectoryManagerGeneric.authenticateUser(DirectoryManagerGeneric.java:311)
at com.atlassian.crowd.manager.application.ApplicationServiceGeneric.authenticateUser(ApplicationServiceGeneric.java:198)
at com.atlassian.crowd.embedded.core.CrowdServiceImpl.authenticate(CrowdServiceImpl.java:75)
... 107 more
Caused by: javax.naming.ConfigurationException: java.naming.provider.url property does not contain a URL
at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:78)
at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:684)
at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:313)
at javax.naming.InitialContext.init(InitialContext.java:244)
at javax.naming.ldap.InitialLdapContext.<init>(InitialLdapContext.java:154)
at org.springframework.ldap.core.support.AbstractContextSource.createContext(AbstractContextSource.java:344)
... 130 more
2017-09-25 05:09:43,776 Caesium-1-4 INFO ServiceRunner [c.a.j.p.h.service.ping.RefreshConnectionStatusJobHandler] Running RefreshConnectionStatusJobHandler...
2017-09-25 05:09:44,042 Caesium-1-2 INFO ServiceRunner [c.a.j.p.h.service.connect.InstallGlancesJobHandler] Running InstallGlancesJobHandler...
2017-09-25 05:09:44,042 Caesium-1-2 INFO ServiceRunner [c.a.j.p.h.service.connect.InstallGlancesJobHandler] There is no link to HipChat, no need to install glances.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Given the error of
Caused by: org.springframework.ldap.ConfigurationException: java.naming.provider.url property does not contain a URL; nested exception is javax.naming.ConfigurationException: java.naming.provider.url property does not contain a URL
That is a pretty clear indication that there is something wrong with the user directory that Jira is storing. The KB JIRA drops LDAP configuration - java.naming.provider.url property does not contain a URL better explains that error and steps you can follow to get around this. I believe it has you recreating a new user directory with the same settings as the potentially corrupted user directory. I recommend following the steps in that KB under the Diagnosis section first to make sure this applies to your instance.
If you follow those steps to fix this error, and you still have users that cannot login to Jira, then I would recommend following Unable to login to Jira Applications.
This KB has additional steps to follow where you can turn on additional logging to better understand why users are unable to login to Jira. But I would try to fix that 'java.naming.provider.url' exception first.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Thanks for that, Andrew. However, that error is in reference to the Domain that user is NOT in, so I believe that is a red herring. I don't disagree that I have an issue with that Domain, but my problem is with the ONE user that cannot log into JIRA who is in my Columbus Domain. These errors today RE the LUK Domain are confusing the issue.
It is my understanding that turning on the logs
com.atlassian.jira.login
& com.atlassian.jira.login.security
will flood my logs, no? I want to coordinate that with my user so that they can be turned on prior to him attempting a login and then turned off. I'll let you know what I find after that attempt.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
I would agree that you don't want to leave the DEBUG level logging on for those two packages long term. It would be best to set them up just before this user tries to login and then take a look at the atlassian-jira-security.log file in your JIRAHOME/log/ folder.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Ok, turned com.atlassian.jira.login
& com.atlassian.jira.login.security to DEBUG.
2017-09-27 09:12:09,325 analyticsEventProcessor:thread-1 kgangaraju Setting JIRA Auth Context to be 'kgangaraju'
2017-09-27 09:12:09,325 analyticsEventProcessor:thread-1 anonymous Setting JIRA Auth Context to be 'anonymous'
2017-09-27 09:12:09,654 http-nio-80-exec-862 anonymous 552x881031x1 bd7j3w 10.81.18.58 /rest/greenhopper/1.0/xboard/work/allData.json The cookie header is '760' characters : 'optimizelyEndUserId=oeu1482934706926r0.3486064234731623; __qca=P0-223010390-1482934707743; rxVisitor=1485353515595VBON37SAPLDT4NO83EI75BDPCTC1GI50; optimizelySegments=%7B%7D; optimizelyBuckets=%7B%7D; s_nr=1504102582326-Repeat; __utma=50468150.799443992.1482873239.1503685203.1504102577.38; __utmz=50468150.1503685203.37.21.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=(not%20provided); __hstc=9489834.365f06d027e4cabcc7fed512036b9c88.1482934709676.1499879167803.1504102584174.34; hubspotutk=365f06d027e4cabcc7fed512036b9c88; _ga=GA1.2.799443992.1482873239; _gid=GA1.2.420850058.1506453916; JSESSIONID=127244E4D175CCD4C458D56D78FDB2AE; atlassian.xsrf.token=BS0B-PWKG-2TLT-KNYW|63bf8f0c385fb1859874640400b4b57cf973e749|lin; jira.editor.user.mode=wysiwyg'.
2017-09-27 09:12:09,891 http-nio-80-exec-886 anonymous 552x881032x1 1miwtnr 10.70.57.20 /rest/gadget/1.0/login The cookie header is '131' characters : 'atlassian.xsrf.token=BS0B-PWKG-2TLT-KNYW|2ba8f7f483186f98471cd9a4e497e78e265b430f|lout; JSESSIONID=286DF7CDB4DF8E4B25AE0EF009F5E109'.
2017-09-27 09:12:09,907 analyticsEventProcessor:thread-1 anonymous Setting JIRA Auth Context to be 'anonymous'
2017-09-27 09:12:09,907 http-nio-80-exec-886 anonymous 552x881032x1 1miwtnr 10.70.57.20 /rest/gadget/1.0/login login : 'vandala' tried to login but they do not have USE permission or weren't found. Deleting remember me cookie.
2017-09-27 09:12:09,907 analyticsEventProcessor:thread-1 anonymous Setting JIRA Auth Context to be 'anonymous'
2017-09-27 09:12:09,922 analyticsEventProcessor:thread-1 anonymous Setting JIRA Auth Context to be 'anonymous'
2017-09-27 09:12:09,922 analyticsEventProcessor:thread-1 anonymous Setting JIRA Auth Context to be 'anonymous'
2017-09-27 09:12:09,938 analyticsEventProcessor:thread-1 anonymous Setting JIRA Auth Context to be 'anonymous'
2017-09-27 09:12:09,938 analyticsEventProcessor:thread-1 anonymous Setting JIRA Auth Context to be 'anonymous'
2017-09-27 09:12:09,969 analyticsEventProcessor:thread-1 anonymous Setting JIRA Auth Context to be 'anonymous'
2017-09-27 09:12:09,969 analyticsEventProcessor:thread-1 anonymous Setting JIRA Auth Context to be 'anonymous'
2017-09-27 09:12:09,969 http-nio-80-exec-886 anonymous 552x881032x1 1miwtnr 10.70.57.20 /rest/gadget/1.0/login The user 'vandala' has FAILED authentication. Failure count equals 49
2017-09-27 09:12:09,969 http-nio-80-exec-886 anonymous 552x881032x1 1miwtnr 10.70.57.20 /rest/gadget/1.0/login Gadget login called with lastLoginResult : com.atlassian.jira.bc.security.login.LoginResultImpl@731e243[reason=AUTHENTICATED_FAILED,loginInfo=com.atlassian.jira.bc.security.login.LoginInfoImpl@234f1a57[lastLoginTime=1497453769572,previousLoginTime=1494251526021,loginCount=64,currentFailedLoginCount=49,totalFailedLoginCount=55,lastFailedLoginTime=1506517929907,elevatedSecurityCheckRequired=false,maxAuthenticationAttemptsAllowed=300],userName=vandala,deniedReasons=[]]
2017-09-27 09:12:10,047 http-nio-80-exec-844 anonymous 552x881033x1 1mkqzmt 10.81.18.76 /rest/api/1.0/menus/greenhopper_menu The cookie header is '711' characters : 'optimizelyEndUserId=oeu1482331331335r0.7919635355681773; __qca=P0-553155517-1482331332791; optimizelySegments=%7B%7D; optimizelyBuckets=%7B%7D; __hstc=9489834.857a454fa590d39ae84f415d1c4d801a.1482331333009.1482331333009.1495048673323.2; hubspotutk=857a454fa590d39ae84f415d1c4d801a; s_fid=4E34C13728EBCCBA-19CE4E9506800E93; s_nr=1505409667550-New; __utma=50468150.791325845.1481830887.1502739867.1505409668.8; __utmz=50468150.1502739867.7.7.utmcsr=flydev.netjets.com|utmccn=(referral)|utmcmd=referral|utmcct=/Welcome/; _ga=GA1.2.791325845.1481830887; jira.editor.user.mode=wysiwyg; JSESSIONID=22225AEB9BFB214856E1EEF42D078C4D; atlassian.xsrf.token=BS0B-PWKG-2TLT-KNYW|b050cd72c9a378774c69a90a9398b3eddb862d10|lin'.
2017-09-27 09:12:10,094 Navlink Plugin Executor:thread-7 anonymous Setting JIRA Auth Context to be 'anonymous'
2017-09-27 09:12:10,094 Navlink Plugin Executor:thread-7 anonymous Setting JIRA Auth Context to be 'anonymous'
2017-09-27 09:12:10,125 http-nio-80-exec-850 anonymous 552x881034x1 bd7j3w 10.81.18.58 /rest/dev-status/1.0/issue/summary The cookie header is '760' characters : 'optimizelyEndUserId=oeu1482934706926r0.3486064234731623; __qca=P0-223010390-1482934707743; rxVisitor=1485353515595VBON37SAPLDT4NO83EI75BDPCTC1GI50; optimizelySegments=%7B%7D; optimizelyBuckets=%7B%7D; s_nr=1504102582326-Repeat; __utma=50468150.799443992.1482873239.1503685203.1504102577.38; __utmz=50468150.1503685203.37.21.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=(not%20provided); __hstc=9489834.365f06d027e4cabcc7fed512036b9c88.1482934709676.1499879167803.1504102584174.34; hubspotutk=365f06d027e4cabcc7fed512036b9c88; _ga=GA1.2.799443992.1482873239; _gid=GA1.2.420850058.1506453916; JSESSIONID=127244E4D175CCD4C458D56D78FDB2AE; atlassian.xsrf.token=BS0B-PWKG-2TLT-KNYW|63bf8f0c385fb1859874640400b4b57cf973e749|lin; jira.editor.user.mode=wysiwyg'.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
2017-09-27 09:12:09,969 http-nio-80-exec-886 anonymous 552x881032x1 1miwtnr 10.70.57.20 /rest/gadget/1.0/login The user 'vandala' has FAILED authentication. Failure count equals 49
2017-09-27 09:12:09,969 http-nio-80-exec-886 anonymous 552x881032x1 1miwtnr 10.70.57.20 /rest/gadget/1.0/login Gadget login called with lastLoginResult : com.atlassian.jira.bc.security.login.LoginResultImpl@731e243[reason=AUTHENTICATED_FAILED,loginInfo=com.atlassian.jira.bc.security.login.LoginInfoImpl@234f1a57[lastLoginTime=1497453769572,previousLoginTime=1494251526021,loginCount=64,currentFailedLoginCount=49,totalFailedLoginCount=55,lastFailedLoginTime=1506517929907,elevatedSecurityCheckRequired=false,maxAuthenticationAttemptsAllowed=300],userName=vandala,deniedReasons=[]]
That 'AUTHENTICATED_FAILED' just tells us this username/password failed to login to that LDAP instance. The most common reason is that the password doesn't match the username. But this isn't the only reason. Unable to login to Jira Applications lists the other possible causes:
If a specific group of users are having this error consistently, it could be caused by the ldap.user.dn - A group of users are not able to login due to AUTHENTICATED_FAILED error
So if we rule out all of these possible causes list above here, I think the next steps would be to recreate the User directory in Jira once more. Which would be the same steps to follow to fix the other error. I am not yet convinced the other KB of JIRA drops LDAP configuration - java.naming.provider.url property does not contain a URL isn't the cause of this problem yet.
Even though you stated this user does not exist in that other user directory, if that directory in Jira has become corrupted in Jira's database, and Jira believes that username exists in a higher ordered directory, Jira will only allow the user to login to the highest ordered directory where that username exists.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
I haven't been able to redo that configuration, but I was able to disable it and the other configurations, leaving only my Columbus config and he still cannot log in and gets the same error. I'm at a loss at this point.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
As an update - Atlassian had me forcibly delete the user from our database, resync with Active Directory and see if that fixed things. It DIDN'T! Anyone else have thoughts??
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
One more update. The same user is not able to log into our Confluence site either. When trying to log in to either JIRA or Confluence, they get the "username or password incorrect" error.
Another interesting tidbit is that we just changed his password and attempted to log in from onsite with the newly change password and also get the same username/pw error...
Thoughts?
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Mary,
We use the same version 7.4.3, and one of our user is not able to connect.
Do you manage to solve this issue ?
Regards,
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
This turned out to be a configuration issue for the user on our Active Directory side. Had nothing to do with JIRA.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
@Mary Wilson can you elaborate on the config issue? We have the same problem with one of our users and cant figure it out.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi,
I had the same issue an I found out, that in the AD the user got manually set a new password with the checkmark "Force user to change password on next login". This was the reason, why the user could not login on other platforms connected to the AD.
Maybe this helps.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi all
I had the same problem with just one of my user.
I managed to handle the issue : it came from the "logon to" tab of user's AD account.
He had just two computers names instead of nothing (all computers).
Hope this will be usefull for you guys.
Regards
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.