Forums
Home Product Q&A Discussion groups Articles Ask a question Search
Learning
Events
Champions

Forums

Articles
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

How to gets a list of locally authenticating users?

ChristopherChilds
ChristopherChilds
Contributor
March 25, 2022

Hello,

We have recently enabled SAML and dual authentication for our Jira Server instance.
However, we are conscious that it is possible to bypass this authentication by just using the before valid password for the username.

 

Instead of just running a reset password for most users. I would prefer to see who is still accessing Jira via local authentication and not against our ADFS. Is there a database query one can use for this?

 

As I side note. We still have edge cases where SAML can not be users for all users.

Answer
Watch
Like Be the first to like this
1247 views

2 answers

2 accepted

0 votes
Answer accepted
ChristopherChilds
ChristopherChilds
Contributor
March 28, 2022

As per my earlier response to Ed. I have seen that I can use the access logs to do what I want.
In the access logs, I can see that username/password logins are recorded in the following manner:
atlassian-jira-security.log:116053:2022-03-28 13:20:08,717+0200 http-nio-9001-exec-279 url: /login.jsp USERNAME... .../login.jsp The user 'USERNAME' has PASSED authentication.

All I did was to download the logs in a Support zip file and run the following PowerShell command against it:

$output = Select-String -Pattern "url: /login.jsp" -Path "atlassian-jira-security.log" | Select-String -Pattern " has PASSED authentication" | ForEach-Object { [regex]::match($_,"'(.*?)'").Groups[1].Value } | Sort-Object -Unique

So far, this is just an example of how I found the solution. There could be a more refined way of doing it. I am always open to further suggestions.

View More Comments
Ed Letifov _TechTime - New Zealand_
Ed Letifov _TechTime - New Zealand_
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
March 28, 2022

OK, so this relies on the /login.jsp being the "endpoint" where authentication has occurred. This will work, but indeed is not enough for what I was looking for – as I need to also catch rest updates and basic authentication for any endpoint

Like
Reply
0 votes
Answer accepted
Ed Letifov _TechTime - New Zealand_
Ed Letifov _TechTime - New Zealand_
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
March 25, 2022

Hello, @ChristopherChilds 

I am from TechTime, a vendor of EasySSO app, and just yesterday I had to resolve a matter (completely unrelated to SSO) where I needed to identify if the LoginEvent in Jira came from a REST request using basic authentication as opposed to the user actually logging in – I kinda discovered that it's not really possible to see at this level. Especially since that (as well as your question) relates to the default authentication pathway.

A 3rd party or Atlassian's SSO app can certainly record when the SSO login happens, but this is the opposite of what you are after.

I can only suggest to raise a query with Atlassian support.

View More Comments
ChristopherChilds
ChristopherChilds
Contributor
March 28, 2022

Thanks Ed for the response. I think I have actually seen an alternative way to do this.
I am only really interested in seeing the users who are actually still logging in with the Login button and not via SSO.
This is actually recorded in the logs.

Looking at the Access logs, when a user logs in with the username and password and not via SSO I would see the following entry:


atlassian-jira-security.log:116053: 2022-03-28 13:20:08,717+0200 http-nio-9001-exec-279 url: /login.jsp USERNAME ... ... /login.jsp The user 'USERNAME' has PASSED authentication.

 

Via our SSO plugin the authentication is not logged here in this format.

Like
Max Foerster - K15t
Max Foerster - K15t
Community Champion
March 28, 2022

@ChristopherChilds

your initial response and the two others were automatically marked as spam because of their content. I undid that and just wanted to let you know. Have a great day! :) Best, Max

Like ChristopherChilds likes this
Reply

Suggest an answer

Log in or Sign up to answer
Jira
Jira
TAGS
AUG Leaders

Atlassian Community Events

    See all events
    Community
    Forums
    FAQs Forums guidelines
    Learning
    About learning Resources
    Events
    Champions
    Copyright © 2025 Atlassian
    Privacy Policy Terms Security
    Welcome illustration

    Welcome to the new Atlassian Community

    Online forums and learning are now in one easy-to-use experience.

    By continuing, you accept the updated Community Terms of Use and acknowledge the Privacy Policy. Your public name, photo, and achievements may be publicly visible and available in search engines.