Disable Basic Authentication Method

JFrog Platform Administration Documentation

Content Type
Administration / Platform
ft:sourceType
Paligo

When using all external authentication methods, for example, SAML or LDAP, basic authentication will be disabled by default starting from Artifactrory version 7.104.0. This means that Basic authentication is disabled for both UI and REST API, and that all forms of automations, scripts, and plugins using basic authentication are also disabled.

We recommend to leave basic authentication disabled, in order to avoid double authentication with a less secure password-based method. However, if you need to continue using it, you can continue using it using the following method:

  1. Go to Security > General and find the Basic Authentication section

  2. Deselect the Disable Basic Authentication for JFrog Platform Internal Users checkbox

Before Disabling Basic Authentication

Before disabling, do the following to ensure the external users have the necessary permissions and prevent a system lockout:

Warning

If an external system admin is not configured before basic authentication is disabled, the system will be left without administrators. If this occurs and the system is locked out, contact JFrog Support for assistance.

  1. Configure an external authentication method

  2. Create a user group for the external users, and provide the users with Admin permissions

  3. (Optional) Set one or more users with basic authentication permissions as a failsafe, so that the system will not be locked out

  4. Disable the basic authentication method

Set Individual Basic Authentication Permissions

When disabling basic authentication, you can assign permissions to specific users in your environment to continue using basic authentication:

  1. In the Administration tab, go to Security > General, and find the Basic Authentication section.

  2. In the Internal users allowed to use basic authentication field, enter the users you would like to assign basic authentication permissions to from the drop-down menu

    Internal_users_allowed_to_use_basic_authentication.png
  3. Click Save.

Re-enable Basic Authentication

If you have disabled basic authentication without enabling an external authentication method and were blocked from using the platform, you can take these steps:

  • For Cloud users, contact JFrog Support for assistance

  • For Self-Hosted users, use the following workaround:

    To re-enable basic authentication:

    1. Go to the YAML file /opt/jfrog/artifactory/var/etc/access/access.config.latest.yml and find this section:

      security:
        authentication:
          basic-authentication-enabled: false
    2. Copy the file with the new name access.config.import.yml:

      cp access.config.latest.yml access.config.import.yml
    3. Edit this new access.config.import.yml file and set the basic-authentication-enabled parameter to true:

      security: authentication: basic-authentication-enabled: true
    4. Restart Artifactory.