The recently-released Build Token Root Plugin seems to work around this limitation:
https://wiki.jenkins-ci.org/display/JENKINS/Build+Token+Root+Plugin If you're having this issue, try the new plugin. (Thanks to Daniel Beck on stack overflow <http://stackoverflow.com/q/16267060/274008>!) Stuart On Sunday, April 28, 2013 12:26:56 PM UTC-7, Stuart Montgomery wrote: > > Hey folks, > > Having a problem with triggering builds with authentication enabled and > wondering if anyone has ideas. I have Global Security configured to use > LDAP with "Project-based Matrix Authorization Strategy" enabled. The > "Anonymous" user has the "Job > Build" privilege, and no other privileges > (in particular, the "Anonymous" user does NOT have "Overall > Read" > privilege, since I don't want everyone to be able to view the list of jobs > and other general information). > > I want an automated script to be able to trigger a build using the > "Trigger Builds Remotely" feature, where I specify a "?token=[token]" value > and the standard authentication should be bypassed, as long as the [token] > value matches the one I set in the job's Configure page. The goal is to NOT > need to provide a regular username/password in the request but simply > provide the token for this specific job. > > The documentation seems to indicate this should work: > https://wiki.jenkins-ci.org/display/JENKINS/Quick+and+Simple+Security > > So specifically, I am expecting this HTTP request to work: > > curl -i https://jenkinsHost/job/ProjectName/build?token=test > > But I get: > > [~]$ curl -i https://jenkinsHost/job/ProjectName/build?token=test > HTTP/1.1 403 Forbidden > Date: Sat, 27 Apr 2013 23:17:03 GMT > Server: Winstone Servlet Engine v0.9.10 > Content-Type: text/html;charset=UTF-8 > Content-Length: 629 > X-Powered-By: Servlet/2.5 (Winstone/0.9.10) > Set-Cookie: JSESSIONID.e9bc4765=e1f0a30b9f04b3740bae527a7822b2d5; Path=/; > HttpOnly > Connection: close > > <html><head><meta http-equiv='refresh' > content='1;url=/login?from=%2Fjob%2FProjectName%2Fbuild%3Ftoken%3Dtest'/> > <script> > > window.location.replace('/login?from=%2Fjob%2FProjectName%2Fbuild%3Ftoken%3Dtest');</script> > </head> > <body style='background-color:white; color:white;'> > Authentication required > </body></html> > > When I DO use API authentication, the request works: > > curl -i --username "test_user:API_KEY" > https://hostname/job/ProjectName/build?token=test > > But again, according to the documentation I think it is supposed to bypass > the global authentication if ?token is present and matches the project > token I configure. Why is this not working? What other information/logs can > I provide? > > I have filed an issue on Jenkins JIRA, but wanted to ping this group as > well to see if anyone has ideas. Issue is at: > https://issues.jenkins-ci.org/browse/JENKINS-17764 > > Thanks for your help, > Stuart > > -- You received this message because you are subscribed to the Google Groups "Jenkins Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-users+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
