Jira REST API get myself returns 401 after user was locked and the jira admin unlocked it

We have a weird situation here. The setup is as follows:

  • Jira Server with SSO authentication
  • an internal application that pings JIRA rest api with basic authentication credentials
    When user is by accident locked out in jira after 6 attempts (response 403), the jira admin resets manually his failed login counter. Seconds after reset, he tries to login with correct credentials and the rest api is still returning 401.

Anyone has any idea what is causing the issue?
I am 100% sure the credentials in request header are set correct because I debugged the internal app, copied the header and decoded to check the values.
Another check that I’ve done, after the failed attempts are reset, I tried to execute a curl command, not use the internal application and have exactly the same response 401.
And one more note - even after a success login, the current login failures counter doesn’t reset.

Hello @DianaR

You didn’t say if the basic authentication to the Jira Server is being done with usernames and passwords, or with access tokens.

If it’s tokens, did the problem persist after the user generated a new access token and tried that instead of the old token.

@sunnyape it is encoded username:password header value

@DianaR

Well, that’s about the limit of the help I can provide. Essentially speaking, for requests to the REST API to work using basic auth with usernames and passwords, the session must be allowed to bypass the SSO authentication. Your SSO solution may have made some other change to the user’s account to block basic auth as a consequence of having blocked that user.

You’ll have to work with your ITS team and the SSO solution provider to troubleshoot the problem for that affected user.

2 Likes

@sunnyape thank you for your reply. Ok, I will dig it further with our ITS team.