Menu
I'm having a problem with triggering builds in Jenkins with authentication enabled and wondering if anyone has ideas.
I have Global Security configured to use LDAP with "Project-based Matrix Authorization Strategy" enabled. The "Anonymous" user has the "Job > Build" privilege, and no other privileges (in particular, the "Anonymous" user does NOT have "Overall > Read" privilege, since I don't want everyone to be able to view the list of jobs and other general information).
I want an automated script to be able to trigger a build using the "Trigger Builds Remotely" feature, where I specify a ?token=[token] value in the URL and the standard authentication should be bypassed, as long as the [token] value matches the one I set in the job's Configure page. The goal is to NOT need to provide a regular username/password in the request but simply provide the token for this specific job.
The documentation seems to indicate this should work:
https://wiki.jenkins-ci.org/display/JENKINS/Quick+and+Simple+Security
So specifically, I am expecting this HTTP request to work:
curl -i https://jenkinsHost/job/ProjectName/build?token=test
But I get:
[~]$ curl -i https://jenkinsHost/job/ProjectName/build?token=test
HTTP/1.1 403 Forbidden
Date: Sat, 27 Apr 2013 23:17:03 GMT
Server: Winstone Servlet Engine v0.9.10
Content-Type: text/html;charset=UTF-8
Content-Length: 629
X-Powered-By: Servlet/2.5 (Winstone/0.9.10)
Set-Cookie: JSESSIONID.e9bc4765=e1f0a30b9f04b3740bae527a7822b2d5; Path=/; HttpOnly
Connection: close
<html><head><meta http-equiv='refresh' content='1;url=/login?from=%2Fjob%2FProjectName%2Fbuild%3Ftoken%3Dtest'/>
<script>
window.location.replace('/login?from=%2Fjob%2FProjectName%2Fbuild%3Ftoken%3Dtest');</script>
</head>
<body style='background-color:white; color:white;'>
Authentication required
</body></html>
When I DO use API authentication, the request works:
curl --username "test_user:API_KEY" https://hostname/job/ProjectName/build?token=test
But again, according to the documentation I think it is supposed to bypass the global authentication if ?token is present and matches the project token I configure. Why is this not working? What other information/logs can I provide?
673
Create a remote Jenkins build trigger in three stepsCreate a Jenkins build job and enable the Trigger builds remotely checkbox. Provide an authentication token; This can be any text string of your choice. Invoke the Jenkins build URL to remotely trigger the build job.
In the new Jenkins Pipeline, under Build Triggers, select the checkbox Trigger builds remotely (e.g., from scripts). Then give Jenkins a token that will be required when triggering the build.
A plugin for Jenkins CI that gives you the ability to trigger parameterized builds on a remote Jenkins server as part of your build.
There's a new plugin that allows you to do that even when Jenkins prohibits anonymous read access:
Build Token Root Plugin
Use:
$ curl 'http://jenkins/buildByToken/build?job=jobname&token=mytoken'
Scheduled.
Likewise with buildWithParameters.
101
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
