Webstorm Authentication Failed. Please Check Your Credentials and Try Again

For security reasons, Bitbucket Server east

Summary

Bitbucket Server end users or Build systems demand their CAPTCHA cleared often

This ways that CAPTCHA verification is enabled and they probably have a script somewhere trying to clone repos with incorrect credentials. Randomly external tools (git clients: sourceTree, TortoiseGit) which effort to admission Repository on Bitbucket server get admission denied - equally Bitbucket is asking for CAPTCHA input. This happens randomly - and it tin can be a big badgerer within our automatic build surroundings.

Nosotros recommend you pin down what is failing to login with the incorrect username/countersign rather than disabling CAPTCHA for security reasons.

Disabling CAPTCHA tin be achieved past following the guide beneath.

How can you place which user is being blocked?

You can enable Audit logging on your instance

• View and configure the audit log

• Await for entries like the i below onBITBUCKET_HOME/log/audit:

                  0:0:0:0:0:0:0:1 | AuthenticationFailureEvent | - | 1392111196025 | username | {"authentication-method":"form","error":"Invalid username or countersign."} | 633x670x0 | 1xzqso0              

  Y'all tin likewise employ the following query on Bitbucket's database:

            SELECT the states.user_name FROM cwd_user_attribute every bit atr Join cwd_user equally us ON atr.user_id=us.id WHERE atr.attribute_name = 'failedAuthenticationAttemptCount' AND CAST(atr.attribute_value as integer) >= 5 ;          

Mutual cause for CAPTCHA triggering users to be blocked:

• _netrc file could be configured and causing invalid requests: Permanent authentication for Git repositories over HTTP(Southward)

Solution

How can I clear CAPTCHA for a specific user?

You can clear captcha for a Bitbucket Server user if y'all have "Organisation Administrator" Global permissions assigned to you directly on the user's page.

How to disable CAPTCHA?

For security reasons, Bitbucket Server end users will be prompted for entering CAPTCHA afterward failing to log in 5 times in a row. This value is ready by default.

Y'all can disable CAPTCHA. Yet, we haven't surfaced this functionality in the Bitbucket Server admin UI as we recollect that it should be enabled by default and there are a few caveats when disabling information technology (e.g. adventure of brute force attacks).

Disabling CAPTCHA will have the following ramifications:

• Your users may lock themselves out of any underlying user directory service (LDAP, Active Directory etc) because Bitbucket Server will pass through all authentication requests (regardless of the number of previous failures) to the underlying directory service.
• For Bitbucket Server installations where you use Bitbucket Server for user management or where you use a directory service with no limit on the number of failed logins earlier locking out users, yous will open Bitbucket Server or the directory service upwardly to brute-force countersign attacks.

In order to disable CAPTCHA equally part of the authentication set the feature.auth.captcha property to false in your BITBUCKET_HOME/shared/bitbucket.properties for Bitbucket Server 3.2+ releases or BITBUCKET_HOME/ bitbucket.properties if you are on a previous release.

Yous volition have to create the bitbucket.properties file in the shared folder of your Bitbucket Server home directory if it doesn't already exist. Add the system property feature.auth.captcha=false.

The default value for it istruthful.

Bitbucket Server must exist restarted after making this change for information technology to accept affect.

What is the "CAPTCHA on Sign up" I see on the UI?

This CAPTCHA employ instance is completely unlike from the CAPTCHA on login as described in a higher place. Read on for more than details.

You tin can find the screen bellow underAdministration Cog Icon >> Hallmark

This screen is related to the "Public Sign upward" feature (whether to enable it or not) in Bitbucket Server. The "Public Sign Upward" feature (when enabled) allows external users to create accounts on your Bitbucket Server case through the login screen. Thus you might be able to make sure only humans are signing upwards to your public instance by enabling CAPTCHA.Notice that the CAPTCHA choice tin only be enable if you "Allow public sign up".

When you enable that feature, the following is added to your Bitbucket Server login screen:

The CAPTCHA option on the first image refers to enabling CAPTCHA during the "Public Sign upwards" procedure has nothing to do with the loginCAPTCHA. See, for example, a sign up screen for an case that's got it enabled:

Which conditions lead to the increase in the count of failed attempts?

• Personal access tokens willNOT trigger captcha fifty-fifty with a repeated auth failures.

The CAPTCHA message is displayed on the adjacent attempt to log-in later on iv incorrect ones. All of the following ways count towards the limit:

• the log-in screen in the user interface
• a git operation that requires authentication using the control line (e.g. a git button)
• a REST API endpoint call

Annotation about AuthenticationFailureEvent and failedAuthenticationAttemptCount
As described in BSERV-9904 - Getting issue details... Condition , in certain weather condition theAuthenticationFailureEvent will be logged twice in the audit log. All the same, this will not increment thefailedAuthenticationAttemptCount on a single login endeavor.

In other words, if the AuthenticationFailureEvent is logged only one time and the clone URL did not contain a password, and so the failedAuthenticationAttemptCount will non exist increased. This ways that users will not run into Captcha messages before than the configured failed authentication count equally a event of this. (I only validated that with the version 5.11.1 of Bitbucket).

The AuthenticationFailureEvent logged twice for the aforementioned user in a brusk timeframe would signal that the authentication really failed.

The post-obit will exist displayed to the users when performing the next log-in:

• the CAPTCHA screen when logging in via the user interface

• the following message when performing a git operation from the command line

                  fatal: remote error: CAPTCHA required Your Bitbucket account has been locked. To unlock information technology and log in again you must solve a CAPTCHA. This is typically caused past too many attempts to login with an wrong password. The business relationship lock prevents your SCM client from accessing Bitbucket and its mirrors until it is solved, even if y'all enter your countersign correctly.  If you are currently logged in to Bitbucket via a browser yous may demand to logout then log dorsum in in gild to solve the CAPTCHA.  Visit Bitbucket at <Bitbucket_Server_url> for more details.              

• the following message when performing a Balance API end betoken call

                  {"errors":[{"context":naught,"message":"Authentication failed. Delight bank check your credentials and endeavor once more.","exceptionName":"com.atlassian.bitbucket.auth.IncorrectPasswordAuthenticationException"}]}[root@localhost tmp]# <REST API end indicate command details> {"errors":[{"context":null,"message":"CAPTCHA required. Your Bitbucket account has been locked. To unlock it and log in again yous must solve a CAPTCHA. This is typically caused by besides many attempts to login with an incorrect password. The account lock prevents your SCM client from accessing Bitbucket and its mirrors until it is solved, even if you enter your password correctly.\n\nIf you are currently logged in to Bitbucket via a browser you lot may demand to logout and then log back in in order to solve the CAPTCHA.\n\nVisit Bitbucket at <Bitbucket_Server_url> for more than details.","exceptionName":"com.atlassian.bitbucket.auth.CaptchaRequiredAuthenticationException"}]}                              

Following weather condition may lead Bitbucket server to continuously ask for CAPTCHA

• CAPTCHA will be reset only afterwards a successful login. If the failed login count configured for Bitbucket server and Ad/LDAP is same , user business relationship may get locked in the AD/LDAP afterward the failed attempts and Bitbucket triggers CAPTCHA. This volition never be cleared as user will never be able to login until the account become unlocked in Advertizing/LDAP. This may be mistaken as Bitbucket server continuously asking CAPTCHA.

bischofmazenvide.blogspot.com

Source: https://confluence.atlassian.com/bitbucketserverkb/how-to-configure-captcha-in-bitbucket-server-779171704.html

Share this post