Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-21882

v1.551 + GitHub OAuth == broken api token access

    XMLWordPrintable

Details

    Description

      I've reproduced this by setting up a fresh Jenkins install.

      Here are my notes from that install:

      On Ubuntu 12.04.4 LTS

      sudo sh -c 'echo deb http://pkg.jenkins-ci.org/debian binary/ > /etc/apt/sources.list.d/jenkins.list'
      wget -q -O - http://pkg.jenkins-ci.org/debian/jenkins-ci.org.key | sudo apt-key add -
      sudo apt-get update
      sudo apt-get install jenkins

      Visit http://host:8080/configureSecurity/
      Check "Enable security"
      Under the "Access Control" section choose the option "Jenkins’ own user database" under the "Security Realm" header.
      Choose "Save" at the bottom of the page.

      Visit http://host:8080/signup
      Fill out form matching the username to your github username.

      Return to Visit http://host:8080/configureSecurity/
      Under the "Access Control" section unselect "Allow users to sign up" under "Jenkins’ own user database" which is under the "Security Realm" header.
      Under the "Authorization" heading select the option "Logged-in users can do anything".
      Choose "Save" at the bottom of the page.

      Visit http://host:8080/pluginManager/
      Select all plugins with available updates using the link at the bottom of the page and then "install without restart".
      On the subsequent screen choose "Restart Jenkins when installation is complete and no jobs are running."

      At this point running the following produces no error:

      curl --url http://host:8080/user/mr-c --user mr-c:${api_token}

      Install the Github OAuth Plugin (grabs the GitHub API Plugin)
      Return to Visit http://host:8080/configureSecurity/
      Under the "Access Control" section choose the option "Github Authentication Plugin" under the "Security Realm" header.
      GitHub Web URI: https://github.com
      GitHub API URI: https://api.github.com
      Client ID: <masked for security>
      Client Secret: <masked for security>
      Under the "Authorization" heading select the option "Github Commiter Authorization Strategy".
      Admin User Names: mr-c
      Participant in Organization: ged-lab
      Grant READ permissions to all Authenticated Users: yes
      Grant READ permissions for /github-webhook: yes
      Grant READ permissions for Anonymous Users: yes
      Choose "Save" at the bottom of the page.

      Now the command:

      curl --url http://host:8080/user/mr-c --user mr-c:${api_token}

      produces this output:

      HTTP ERROR 401

      Problem accessing /user/mr-c. Reason:
      Unexpected authentication type: org.acegisecurity.providers.UsernamePasswordAuthenticationToken@23fcf1a8: Username: mr-c; Password: [PROTECTED]; Authenticated: false; Details: org.acegisecurity.ui.WebAuthenticationDetails@ffffa64e: RemoteIpAddress: <masked for privacy>; SessionId: null; Not granted any authorities

      This became a problem for me while trying to update my OS X slave using rhwood's jenkins-slave-osx script. I've filed a ticket there:
      https://github.com/rhwood/jenkins-slave-osx/issues/33

      Attachments

        Activity

          mcrusoe Michael Crusoe created issue -
          skottler Sam Kottler made changes -
          Field Original Value New Value
          Fix Version/s current [ 10162 ]
          Resolution Fixed [ 1 ]
          Status Open [ 1 ] Resolved [ 5 ]
          michaelglass Michael Glass made changes -
          Resolution Fixed [ 1 ]
          Status Resolved [ 5 ] Reopened [ 4 ]
          skottler Sam Kottler made changes -
          Resolution Fixed [ 1 ]
          Status Reopened [ 4 ] Resolved [ 5 ]
          rtyler R. Tyler Croy made changes -
          Workflow JNJira [ 153883 ] JNJira + In-Review [ 194738 ]

          People

            skottler Sam Kottler
            mcrusoe Michael Crusoe
            Votes:
            7 Vote for this issue
            Watchers:
            16 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: