We have a weird situation here. The setup is as follows:
Jira Server with SSO authentication
an internal application that pings JIRA rest api with basic authentication credentials
When user is by accident locked out in jira after 6 attempts (response 403), the jira admin resets manually his failed login counter. Seconds after reset, he tries to login with correct credentials and the rest api is still returning 401.
Anyone has any idea what is causing the issue?
I am 100% sure the credentials in request header are set correct because I debugged the internal app, copied the header and decoded to check the values.
Another check that I’ve done, after the failed attempts are reset, I tried to execute a curl command, not use the internal application and have exactly the same response 401.
And one more note - even after a success login, the current login failures counter doesn’t reset.
Well, that’s about the limit of the help I can provide. Essentially speaking, for requests to the REST API to work using basic auth with usernames and passwords, the session must be allowed to bypass the SSO authentication. Your SSO solution may have made some other change to the user’s account to block basic auth as a consequence of having blocked that user.
You’ll have to work with your ITS team and the SSO solution provider to troubleshoot the problem for that affected user.