Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-14524

Slave agent authorization 401

XMLWordPrintable

      I can connect my slave agent using the downloaded jnlp file, but Windows service is not working because of authorization.

      My configuration looks like this:

      -Xrs -jar "%BASE%\slave.jar" -auth xxx:xxx -jnlpUrl http://xxx.dyndns.org/computer/windows/slave-agent.jnlp -cp "%BASE%\lib\commons-codec-1.5.jar" -jnlpCredentials xxx:xxx

      And in logs I see:

      Failing to obtain http://homersoft-ci.dyndns.org/computer/windows/slave-agent.jnlp
java.io.IOException: Failed to load http://xxx.dyndns.org/computer/windows/slave-agent.jnlp: 403 Forbidden
	at hudson.remoting.Launcher.parseJnlpArguments(Launcher.java:230)
	at hudson.remoting.Launcher.run(Launcher.java:192)
	at hudson.remoting.Launcher.main(Launcher.java:168)

      I'm using the GitHub OAuth plugin.

          [JENKINS-14524] Slave agent authorization 401

          Łukasz Nowak added a comment -

          The problem is with GitHub oauth plugin turned on. When using Jenkins own database it is working.

          Łukasz Nowak added a comment - The problem is with GitHub oauth plugin turned on. When using Jenkins own database it is working.

          Craig Ringer added a comment -

          Yeah, the GitHub plugin needs to allow an exception for the JNLP file, or preferably generate a unique per-worker username/password that it displays in the JNLP launch commands and uses automatically in the service. Not trivial to do, though.

          Craig Ringer added a comment - Yeah, the GitHub plugin needs to allow an exception for the JNLP file, or preferably generate a unique per-worker username/password that it displays in the JNLP launch commands and uses automatically in the service. Not trivial to do, though.

          Craig Ringer added a comment -

          Amended report to tag github-oauth, tweak formatting.

          Craig Ringer added a comment - Amended report to tag github-oauth, tweak formatting.

          Craig Ringer added a comment -

          Related to JENKINS-11149

          Craig Ringer added a comment - Related to JENKINS-11149

          Craig Ringer added a comment -

          As a workaround, you can save slave-agent.jnlp from the worker's page on the Jenkins server to c:\jenkins (or wherever your jenkins root on the slave is), then modify jenkins-slave.xml to point to file:///C:/jenkins/slave-agent.jnlp instead of the Jenkins URL.

          This will prevent the slave from getting automatic updates from Jenkins, so you'll have to replace the jnlp file and restart the slave agent yourself if you upgrade Jenkins.

          Alternately, you can enable anonymous READ for all users.

          Craig Ringer added a comment - As a workaround, you can save slave-agent.jnlp from the worker's page on the Jenkins server to c:\jenkins (or wherever your jenkins root on the slave is), then modify jenkins-slave.xml to point to file:///C:/jenkins/slave-agent.jnlp instead of the Jenkins URL. This will prevent the slave from getting automatic updates from Jenkins, so you'll have to replace the jnlp file and restart the slave agent yourself if you upgrade Jenkins. Alternately, you can enable anonymous READ for all users.

          Jakub Czaplicki added a comment -

          The issue also occurs when Active Directory is used as access control (jenkins ver. 1.554).

          For jenkins ver. 1.590 works OK.

          So somewhere between 1.554 and 1.590 the issue has been fixed for Active Dir.

          Jakub Czaplicki added a comment - The issue also occurs when Active Directory is used as access control (jenkins ver. 1.554). For jenkins ver. 1.590 works OK. So somewhere between 1.554 and 1.590 the issue has been fixed for Active Dir.

          Daniel Beck added a comment -

          Newer versions of Jenkins also use a secret URL parameter for authorization by default. Check the slave's index page to see the value.

          Daniel Beck added a comment - Newer versions of Jenkins also use a secret URL parameter for authorization by default. Check the slave's index page to see the value.

          Sam Gleske added a comment -

          Since the latest LTS release of Jenkins is 1.609.1 and it was reported to work okay in 1.590 I'm closing this as resolved. If you feel it is not resolved then feel free to re-open the issue.

          Sam Gleske added a comment - Since the latest LTS release of Jenkins is 1.609.1 and it was reported to work okay in 1.590 I'm closing this as resolved. If you feel it is not resolved then feel free to re-open the issue.

          fayyaz rehman added a comment -

          i am having the same issue

          Failing to obtain https://ci.corvit.lab/jenkins/computer/slave3/slave-agent.jnlp
          java.io.IOException: Failed to load https://ci.corvit.lab/jenkins/computer/slave3/slave-agent.jnlp: 401 Unauthorized
          at hudson.remoting.Launcher.parseJnlpArguments(Launcher.java:275)
          at hudson.remoting.Launcher.run(Launcher.java:219)
          at hudson.remoting.Launcher.main(Launcher.java:192)
          Waiting 10 seconds before retry

          fayyaz rehman added a comment - i am having the same issue Failing to obtain https://ci.corvit.lab/jenkins/computer/slave3/slave-agent.jnlp java.io.IOException: Failed to load https://ci.corvit.lab/jenkins/computer/slave3/slave-agent.jnlp: 401 Unauthorized at hudson.remoting.Launcher.parseJnlpArguments(Launcher.java:275) at hudson.remoting.Launcher.run(Launcher.java:219) at hudson.remoting.Launcher.main(Launcher.java:192) Waiting 10 seconds before retry

            kohsuke Kohsuke Kawaguchi
            lnowak Łukasz Nowak
            Votes:
            3 Vote for this issue
            Watchers:
            6 Start watching this issue

              Created:
              Updated:
              Resolved: