I tried connecting Jenkins with Gitlab, while using System hooks in the Gitlab repository.
It is throwing me the following error :
Hook executed successfully but returned HTTP 403 window.location.replace('/login?from=%2Fjenkins%2Fproject%2FContinious_Integration');
Authentication required Hook executed successfully but returned HTTP 403 window.location.replace('/login?from=%2Fjenkins%2Fproject%2FContinious_Integration'); Authentication required
Open Jenkins global configuration -> require authorization for /project endpoint
Copy userid and API key for a Jenkins user who has authorization to
run the job
Create a webhook on GitLab to trigger the job,
Use HTTP basic auth (Below format)
user:apikey#gitlab/project/jobname
This worked for me..!
Related
My Jenkins is running in an azure app service as a java web application. as soon the app service started jenkins started & running successfully.
Im accessing Jenkins UI using the url https://app-service-url/jenkins
I logged into jenkins with initial admin password The next step is to choose install suggested plugin & select plugins to install
upon clicking any of this options im getting "Error ocurred during installation".
However After few retries plugins are installed but for all further operation I do it is giving Http 403- Forbidden.
I tried to add Jdk in Global Tool Configuration before adding values it is throwing error and even I save it ends with 403-forbidden result.
I could not able to do anything in jenkins I failed to install new plugins,setup basic configuration,run commands in jenkins script console etc.
In all the cases periodically receiving Http 403-Forbidden.
In jenkins system log I found the messages.
Solutions Tried:
Tried to enable "Enable proxy compatibility" in GlobalSecurity - but 403-Forbidden
Added hudson.security.csrf.GlobalCrumbIssuerConfiguration.DISABLE_CSRF_PROTECTION = true in my app service Configuration(Similar to setting the Env Variable)
Created init.groovy script in JENKINS_HOME and added below commands
def instance = Jenkins.instance
instance.setCrumbIssuer(null)
Tried to install strict-crumb-issuer jenkins plugin but failed to install
Note: I tried latest jenkins version 2.375 as well as the downgraded version(2.361.2,2.332 etc).
looking for a solution to fix this no valid crumb Http 403- forbidden.
I have a simple jenkins job that just runs aws ssm send-command and it fails with:
"An error occurred (AccessDeniedException) when calling the SendCommand operation: User: arn:aws:sts::1234567890:assumed-role/jenkins-live/i-1234567890abc is not authorized to perform: ssm:SendCommand on resource: arn:aws:ssm:us-east-1:1234567890:document/my-document-name"
However, the IAM permissions are correct. To prove it, I directly SSH onto that instance and run the exact same ssm command, and it works. I verify it's using the instance role by running aws sts get-caller-identity and it returns arn:aws:sts::1234567890:assumed-role/jenkins-live/i-1234567890abc which is the same user mentioned in the error message.
So indeed, this assumed role can run the command.
I even modified the jenkins job to run aws sts get-caller-identity first, and it outputs the same user json.
Does jenkins do some caching that I am unaware of? Why would I get that AccessDeniedException if that jenkins-live user can run the command otherwise?
First, install the AWS Credentials and AWS Steps plugins and register your AWS key and secret access key in Jenkins credential store. Then, the next steps depends if you're using a freestyle or a declarative/scripted pipeline.
If you're using a freestyle pipeline: On "Build Environment", click on "Use secret text(s) or file(s)" and follow the next steps. After that, you're gonna have your credentials as variables in your pipeline;
If you're using a declarative/scripted pipeline: Enclose your aws calls with a withAWS block, something like this:
withAWS(region: 'us-east-1', credentials: 'my-pretty-credentials') {
// let's explode something
}
Best regards.
I have a TFS build that uses a service connection to Jenkins, which contains the username and password (that connection appears to be working when I test it from TFS).
The build itself uses a "Jenkins Queue Job" task, where I provide the job name and any parameters that it might need.
This was working fine up until recently, when Jenkins is now returning :
Error 403 No valid crumb was included in the request</title>\n</head>\n<body><h2>HTTP ERROR 403 No valid crumb was included in the request
It looks like the connection is working, and I cannot see any way that I can provide that crumb?
We had similar issue after upgrade from 2.94 to 2.201.
From https://support.cloudbees.com/hc/en-us/articles/219257077-CSRF-Protection-Explained:
If you authenticate your API calls with a username and a user API
token then a crumb is not required from Jenkins 2.96
Our solution was:
1. Jenkins admin had to generate API token for the user in TFS;
2. Then someone with enough permissions for TFS services endpoints had to replace this user password with the API token (figure 9 here).
Your issue may be caused by CSRF protection in Jenkins Server. You may try the solution in case Jenkins 2.192: HTTP Error 403: No valid crumb was included in the request:
Install the Strict Crumb Issuer plugin (https://plugins.jenkins.io/strict-crumb-issuer/)
Enable this plugin and uncheck 'Check the session ID' from its configuration (Under Jenkins Configure Global Security)
I have been trying to do HTTP request in Jenkins Pipeline Job using HTTPRequest plugin
script{def response = httpRequest authentication: 'CredentialsID', url: "https://host/api/project-summary/kj/?kj=123"}
I have created Credentials with the ID 'CredentialID' in Jenkins.
I am getting the following error when I build the job-
I have already referred to this question on StackOverflow but it didn't help.
Could someone point out the mistake in this or is there some other approach that I can use to make HTTP Request from Jenkins Pipeline Job?
UPDATE: I have also created the Credentials with the ID - 'CredentialsID' in jenkins as shown below:
terraform plan -var-file=uservar.tfvars
[0m[1mRefreshing Terraform state in-memory prior to plan...[0m
The refreshed state will be used to calculate this plan, but will not be
persisted to local or remote state storage.
[0m
[31mError refreshing state: 1 error(s) occurred:
* provider.aws: InvalidClientTokenId: The security token included in the request is invalid.
status code: 403, request id: 39888d7e-b3f1-11e7-b6d2-9b6dc0727868[0m[0m
Build step 'Execute shell' marked build as failure
Finished: FAILURE
You need to run terraform init first, then terraform plan
Go through this document first: terraform Command: init
Secondly, for error The security token included in the request is invalid., please go through aws configuration to make sure you have set the AWS security token properly.
I got resolution for this one.
Do you pull your code form Git? If yes, pull only once
Note: Code on Git does not have access_key and secret_key, so if your jenkins job contains source control for every build the values (access_key and secret_key) are overridden.
-> Pull the code only once
-> In your jenkins/workspaces, set your access_key and secret_Key (or you can also mention it in Jenkins Build)
Before executing Jenkins job, Set aws cli parameters
aws configure
Set access_key, secret_key & region
and then execute
terraform init
terraform plan -var-file=uservar.tfvars