We have a weird situation here. The setup is as follows:
- Jira Server with SSO authentication
- an internal application that pings JIRA rest api with basic authentication credentials
When user is by accident locked out in jira after 6 attempts (response 403), the jira admin resets manually his failed login counter. Seconds after reset, he tries to login with correct credentials and the rest api is still returning 401.
Anyone has any idea what is causing the issue?
I am 100% sure the credentials in request header are set correct because I debugged the internal app, copied the header and decoded to check the values.
Another check that I’ve done, after the failed attempts are reset, I tried to execute a curl command, not use the internal application and have exactly the same response 401.
And one more note - even after a success login, the current login failures counter doesn’t reset.