1

I was setting up authentication mechanism for our organization jenkins, which had no security mechanism, "ananoumos" can do anything, delete jobs,build etc. I did

  1. Install github-oauth jenkins plugin

  2. In my https://github..com/ a. OAuthApplication --> created new Application b. provided all details, main thing was the authorization callback --> http://myserver.example.com:8080/securityRealm/finishLogin myserver.example.com = my jenkin server

  3. Ok

  4. It created , "ClientId" and "Client secrete" --> Noted down

  5. Go to Jenkins and configure "Global security: like mentioned here

When I clicked "Save" in Jenkin security configuration, It trowed big scary error

STDERR: hudson.security.AccessDeniedException2: anonymous is missing the Overall/Administer permission at hudson.security.ACL.checkPermission(ACL.java:57)

and then when I clicked jekins home page, it tried to redirect me to my org github but failed with "404"

Way out in "Answer" section

sandejai
  • 131
  • 1
  • 6

1 Answers1

1

Inspired by Jenkins: Accessed denied after turning on global security. How to revert?:

Since in above issue, they haven't used Github Auth plugin, my Jenkins config.xml had other tags, this is what I did:

  1. in my Jenkins server, JENKIN_HOME/config.xml

  2. First under <authorizationStrategy>, set true for below

    authenticatedUserReadPermission
useRepositoryPermissions
authenticatedUserCreateJobPermission      
allowAnonymousReadPermission 
allowAnonymousJobStatusPermission

  3. Then I was at least able to view Jenkins jobs as "Anonymous" user

  4. Then I created a new Auth in my organization's GitHub --> My profile --> setting --> "OAuth Application" --> Developers Application and provided similar input, mainly Authorization callback URL: http://myjenkinsserver:8080/securityRealm/finishLogin

  5. Generated new Client Id and Secrete

  6. Modified jekins config.xml
  7. restarted jenkins

  8. tried to login Jenkins, this time it redirected to my org GitHub and asks that Jenkins wants to Authentical, I "Granted" but got new error

    org.kohsuke.github.HttpException: Server returned HTTP response code: -1, message: 'null' for URL: https://ghe.acme.com/api/v3/user

  9. Found that this API is not correct,

  10. Modified jenkins config.xml 

    <githubApiUri>https://github.<myorg>.com/api/v3</githubApiUri>

and this time it worked :)

b0fh
  • 3,313
  • 1
  • 20
  • 32
sandejai
  • 131
  • 1
  • 6