Lockout recovery process without a Bitbucket restart when SSO is configured

Platform Notice: Data Center Only - This article only applies to Atlassian products on the Data Center platform.

Note that this KB was created for the Data Center version of the product. Data Center KBs for non-Data-Center-specific features may also work for Server versions of the product, however they have not been tested. Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.

*Except Fisheye and Crucible

Summary

Commonly the lockout recovery process detailed in this public document is used. Such a lockout process requires a restart to get back access to the application. When SSO fails we may want to retrieve back access without restarting bitbucket. How to proceed?

Solution

Since a restart is not an option. You can make a cURL call to remove SSO temporarily if you have an internal user that is an admin. ℹ️ using a username and password for an administrator configured in your internal user directory

cURL

1 curl -u admin_user:admin_password -X DELETE http://BASE_URL/rest/authconfig/1.0/sso

Reference: SAML single sign-on for Atlassian Data Center applications - Troubleshooting

Updated on April 24, 2025
Platform
Data Center only
Product
Bitbucket Data Center
On this pageSummarySolution

Still need help?

The Atlassian Community is here for you.
Ask the Community