My Crumb.sh file is :
crumb=$(curl -u "jenkins:pwd" -s 'http://yuvi_jenkins:8080/crumbIssuer/api/xml?xpath=concat(//crumbRequestField,":",//crumb)')
echo $crumb
curl -u "jenkins:pwd" -H "$crumb" -X POST http://yuvi_jenkins:8080/job/ansible-project/build?delay=0sec
The Output I get is :
Jenkins-Crumb:d3950e9f61bc9dd88fba532c17dba1ce220be11b92d78e720464afd38021a3fb
<html>
<head>
<meta http-equiv="Content-Type" content="text/html;charset=utf-8"/>
<title>Error 403 No valid crumb was included in the request</title>
</head>
<body><h2>HTTP ERROR 403</h2>
<p>Problem accessing /job/ansible-project/build. Reason:
<pre> No valid crumb was included in the request</pre></p><hr>Powered by Jetty:// 9.4.z-SNAPSHOT<hr/>
</body>
</html>
Solutions that I have tried :
1) Probably you are accessing jenkins by proxy server, please do following
Go to "Global Security Settings"
Check "Enables the Compatibilty Mode for proxies".
Restart
2) To resolve this issue I unchecked "Prevent Cross Site Request Forgery exploits" in jenkins.com/configureSecurity section.
I have tried the above solutions but still I am getting the same error.
According to the Jenkins Documentation here, crumbs are now only valid for the web session in which they were created. To get around this you can store your cookies when making the crumb request, and then use those stored cookies when making subsequent API calls. So your script would become:
crumb=$(curl --cookie-jar ./cookie -u "jenkins:pwd" -s 'http://yuvi_jenkins:8080/crumbIssuer/api/xml?xpath=concat(//crumbRequestField,":",//crumb)')
curl --cookie ./cookie -u "jenkins:pwd" -H "$crumb" -X POST http://yuvi_jenkins:8080/job/ansible-project/build?delay=0sec
Alternatively the documentation I linked suggests setting the system property hudson.security.csrf.DefaultCrumbIssuer.EXCLUDE_SESSION_ID to true, or using the Strict Crumb Issuer Plugin to change crumb validation to use something like time rather than session ID
Thanks to https://github.com/spinnaker/spinnaker/issues/2067#issuecomment-544993648 for helping me solve the same problem
Related
I'm running Jenkins 2.150.2 in an Openshift Cluster.I'm using a plugin called Jenkins-openshift-login-plugin to login into the Jenkins account.
When I enable Csrf protection and try to do the curl to trigger a job.It fails and give the error as
<html>
<head>
<meta http-equiv="Content-Type" content="text/html;charset=utf-8"/>
<title>Error 403 No valid crumb was included in the request</title>
</head>
<body><h2>HTTP ERROR 403</h2>
<p>Problem accessing /job/OpenShift%20Sample/. Reason:
<pre> No valid crumb was included in the request</pre></p><hr>Powered by Jetty:// 9.4.z-SNAPSHOT<hr/>
</body>
</html>
I have the valid crumb and token but still, I'm getting the error.
The command that I'm using for the request is
curl -X POST -H "Authorization: Bearer <Token>" -H "Jenkins-Crumb: <Crumb>" <Jenkins URL>/job/myProject
I do not know what am I doing wrong.
I'm trying configure my Jenkins to allow remote job trigger using REST API. If I pass username and password using basic authentication header param, I'm able to trigger the job
-u <username>:<api token> http://localhost:8080/job/kp-push-example/build
However if I pass username and api token in url, Jenkins is unable to authenticate, it uses anonymous user and throws error, as anonymous user does not have prevailage to execute the job.
http://<username>:<apitoken>#localhost:8080/job/kp-push-example/build
Below is the error message.
<html>
<head>
<meta http-equiv='refresh' content='1;url=/login?from=%2Fjob%2Fkp-push-example%2Fbuild'/>
<script>window.location.replace('/login?from=%2Fjob%2Fkp-push-example%2Fbuild');</script>
</head>
<body style='background-color:white; color:white;'>
Authentication required
<!--
You are authenticated as: anonymous
Groups that you are in:
Permission you need to have (but didn't): hudson.model.Hudson.Read
... which is implied by: hudson.security.Permission.GenericRead
... which is implied by: hudson.model.Hudson.Administer
-->
</body>
</html>
How to configure Jenkins to allow url basic auth?
Jenkins version: 2.129
Could you please share in which user your are actually using and if it has a valid token?
Also how are you triggering it? Are you using a script, call it with some Server-Logic, ...?
Here's a tested and working example for cURL:
curl -s -XPOST 'http://localhost:8080/job/kp-push-example/build?token=TOKEN' -u "admin:0000ADMIN-TOKEN00000"
I've been trying to trigger a build via the Jenkins API so far with no success. I configured a job on 'Trigger builds remotely' and set a token, 'abc'.
Then in postman I did a post to:
$jenkinsurl:$port/job/$jobname/build?token=abc
And the response is:
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8"/>
<title>Error 403 No valid crumb was included in the request</title>
</head>
<body>
<h2>HTTP ERROR 403</h2>
<p>Problem accessing /job/DCD%20Specifications/build. Reason:
<pre> No valid crumb was included in the request</pre>
</p>
<hr>
<i>
<small>Powered by Jetty://</small>
</i>
<hr/>
</body>
I also tried to use basic authentication with a valid username and password, but to no avail.
I can use gets to retrieve whatever information I want from the Jenkins API just fine; it's only this post that gives me this problem.
I had Jenkins 2.7 and updated to 2.19.4 and both versions give me this problem. What am I doing wrong here?
Pass in POST headers, "Jenkins-Crumb:5740ac1b614ca59f5dd5ef151b2895b3".
Your Crumb can be obtained from the URL http://jenkins:8080/crumbIssuer/api/xml
In the POST body, use the appropriate Jenkins XML API request.
Here is my Postman images with parameters:
This worked for me:
Obtain crumb
$ wget -q --auth-no-challenge --user yourUserName --password yourPassword--output-document - 'http://myJenkins:8080/crumbIssuer/api/xml?xpath=concat(//crumbRequestField,":",//crumb)'
Now run the Jenkins job
$ curl -I -X POST http://yourUserName:yourPassword#myJenkins:8080/job/JOBName/build -H "Jenkins-Crumb:44e7038af70da95a47403c3bed5q10f8"
HTTP/1.1 201 Created
Date: Fri, 28 July 2017 09:15:45 GMT
X-Content-Type-Options: nosniff
Location: http://myJenkins:8080/queue/item/17/
Content-Length: 0
I need to implement OAuth against an IBM WebSphere server. For that purpose I built a docker environment https://github.com/hhoechtl/websphere-oauth according to http://www.ibm.com/developerworks/websphere/techjournal/1305_odonnell2/1305_odonnell2.html
But if I try to get a token
curl -X POST -H "Accept-Charset: UTF-8" -H "Content-Type: application/x-www-form-urlencoded" -d 'grant_type=password&client_id=LibertyRocks&client_secret=AndMakesConfigurationEasy&username=admin&password=admin' "https://192.168.99.100:9443/oauth2/endpoint/DemoProvider/token"
I get the error
{
"error_description": "CWWKS1406E: The token request had an invalid client credential. The request URI was /oauth2/endpoint/DemoProvider/token.",
"error": "invalid_client"
}
But according to my server.xml that should be correct. What am I missing?
Would you be able to turn on and provide the server trace for that invocation? The message indicates that either credentials weren't found in the request, or credentials were found but were invalid for that client. It would be useful to know which is the case here.
You can enable trace by adding this snippet to your server.xml:
<logging traceSpecification="*=info=enabled:com.ibm.ws.security.*=all=enabled:com.ibm.oauth.*=all=enabled" />
The next day it just worked, no idea why.
I am reading documentation of symfony1.4 becouse I've to learn it due to a legacy code. At some point documentation says:
Then, download the symfony configuration checker script at the following URL:
So I'd tried to run
$ curl -d "" http://sf-to.org/1.4/check.php
I received the message:
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>301 Moved Permanently</title>
</head><body>
<h1>Moved Permanently</h1>
<p>The document has moved here.</p>
</body></html>
Then, I've tried to run
$ curl -d "" http://svn.symfony-project.com/branches/1.4/data/bin/check_configuration.php
getting this error:
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>401 Authorization Required</title>
</head><body>
<h1>Authorization Required</h1>
<p>This server could not verify that you
are authorized to access the document
requested. Either you supplied the wrong
credentials (e.g., bad password), or your
browser doesn't understand how to supply
the credentials required.</p>
</body></html>
In my opinion it's best to use the git repository of symfony:
https://github.com/symfony/symfony1
The check_configuration.php file can be found here:
https://github.com/symfony/symfony1/blob/1.4/data/bin/check_configuration.php
or if you want just the contents of the file:
https://raw.github.com/symfony/symfony1/1.4/data/bin/check_configuration.php