-
Type:
Bug
-
Resolution: Won't Fix
-
Priority:
Low
-
None
-
Affects Version/s: 9.1.0
-
Component/s: Server - Authentication
-
None
-
Severity 3 - Minor
With atlassian new authentication enabled (since 9.1.0), doauthentication.action with redirection to admin page does not work in non browser env, as the web sudo authenticated jsessionid in cookie from the doauthentication.action response does not work when used in the follow redirect request for the target admin page
Issue Summary
This is reproducible on Data Center: YES
Issue logs
Steps to Reproduce
Using postman or terminal (with curl ) to call `doauthenticate.action` with:
- Authentication
- basic auth using an admin credential
- header:
- X-Atlassian-Token: no-check
- body:
-
- password: your-password
- authenticate: Confirm
- destination: /admin/scheduledjobs/viewscheduledjobs.action (or any admin path)
-
Expected Results
Successfully render the content of destination admin page
Actual Results
Been redirected to admin web sudo authentication dialog again
Workaround 1
Revert back to the legacy authentication mode with jvm property: `-Datlassian.authentication.legacy.mode=true`
