[JENKINS-29515] Github oauth breaks "Trigger builds remotely"

Type: Bug
Resolution: Duplicate
Priority: Major
Component/s: build-token-root-plugin, github-oauth-plugin
Labels:
None

Similar Issues:
Powered by SuggestiMate

Show

The github-oauth-plugin does not allow one to trigger builds remotely with or without a token passed along. It instead takes the person to the Github auth page. I did install the most recent release, 0.21.2, and tried out the new "Grant ViewStatus permissions for Anonymous Users" option but no success.

- - Sort By Name
  - Sort By Date
  - Ascending
  - Descending
  - Thumbnails
  - List
  - Download All

screenshot-1.png
44 kB
2015-07-20 19:37

duplicates

JENKINS-25791 User.impersonate throws ClassCastException when using GitHub auth

Resolved

is related to

JENKINS-25791 User.impersonate throws ClassCastException when using GitHub auth

Resolved

Elijah Lynn created issue - 2015-07-20 15:54

Sam Gleske added a comment - 2015-07-20 19:29 - edited

What token are you using? A Jenkins generated token or a GitHub personal access token?

ViewedStatus option only takes effect if you have the Embeddable Build Status Plugin installed. It has nothing to do with triggering builds.

Sam Gleske added a comment - 2015-07-20 19:29 - edited What token are you using? A Jenkins generated token or a GitHub personal access token? ViewedStatus option only takes effect if you have the Embeddable Build Status Plugin installed. It has nothing to do with triggering builds.

Elijah Lynn made changes - 2015-07-20 19:37

Attachment

New: screenshot-1.png [ 30193 ]

Elijah Lynn added a comment - 2015-07-20 19:37

So, in the job configuration there is a place to enter a token. I just use that token. Here is a screenshot.

Elijah Lynn added a comment - 2015-07-20 19:37 So, in the job configuration there is a place to enter a token. I just use that token. Here is a screenshot.

Sam Gleske made changes - 2015-07-21 00:00

Component/s

New: build-token-root-plugin [ 17622 ]

Sam Gleske added a comment - 2015-07-21 00:03

This is by design in Jenkins. You would need something like the Build Authorization Token Root Plugin. I tried with the build token root plugin and still got errors.

<html><head><meta http-equiv='refresh' content='1;url=/securityRealm/commenceLogin?from=%2FbuildByToken%2Fbuild%3Fjob%3Dtest'/><script>window.location.replace('/securityRealm/commenceLogin?from=%2FbuildByToken%2Fbuild%3Fjob%3Dtest');</script></head><body style='background-color:white; color:white;'>


Authentication required
<!--
You are authenticated as: anonymous
Groups that you are in:
  
Permission you need to have (but didn't): hudson.model.Item.Build
 ... which is implied by: hudson.security.Permission.GenericUpdate
 ... which is implied by: hudson.security.Permission.GenericWrite
 ... which is implied by: hudson.model.Hudson.Administer
-->

</body></html>

It doesn't appear to bypass the security realm. Any thoughts jglick?

Sam Gleske added a comment - 2015-07-21 00:03 This is by design in Jenkins. You would need something like the Build Authorization Token Root Plugin . I tried with the build token root plugin and still got errors. <html><head><meta http-equiv= 'refresh' content= '1;url=/securityRealm/commenceLogin?from=%2FbuildByToken%2Fbuild%3Fjob%3Dtest' /><script>window.location.replace( '/securityRealm/commenceLogin?from=%2FbuildByToken%2Fbuild%3Fjob%3Dtest' );</script></head><body style= 'background-color:white; color:white;' > Authentication required  </body></html> It doesn't appear to bypass the security realm. Any thoughts jglick ?

Sam Gleske added a comment - 2015-07-21 00:10 - edited

elijah_lynn did this used to work for you in prior versions? If so, I have a feeling it's related to Pull Request #37. michaelneale, your thoughts on this? I doubt this ever worked but am hoping michaelneale can give some insight.

Sam Gleske added a comment - 2015-07-21 00:10 - edited elijah_lynn did this used to work for you in prior versions? If so, I have a feeling it's related to Pull Request #37 . michaelneale , your thoughts on this? I doubt this ever worked but am hoping michaelneale can give some insight.

Sam Gleske added a comment - 2015-07-21 00:21 - edited

The build token root issue seems to stem from the inability to impersonate users. The build-token-root-plugin runs a SecurityContext ACL.impersonate. Perhaps related to ~~JENKINS-25791~~.

Sam Gleske added a comment - 2015-07-21 00:21 - edited The build token root issue seems to stem from the inability to impersonate users. The build-token-root-plugin runs a SecurityContext ACL.impersonate . Perhaps related to JENKINS-25791 .

Sam Gleske made changes - 2015-07-21 00:22

Link

New: This issue is related to ~~JENKINS-25791~~ [ ~~JENKINS-25791~~ ]

Michael Neale added a comment - 2015-07-21 08:12 - edited

Yes I was going to suggest that the token root plugin would solve this - but it appears Sam has already tried it. I know build root token plugin has worked for other identity providers.

Based on: https://issues.jenkins-ci.org/browse/JENKINS-25791 - it looks like it is not related to PR#37 - but do you want to try an older version to check? It can't hurt. Maybe some special case code is needed for this.

I don't think people come across this a lot as they tend to either a) use a github oauth token to interact with jenkins or b) use github to trigger builds directly.

If we can confirm it isn't a recent breakage perhaps should close this as a dupe of #25791 and move discussion over to there?

Michael Neale added a comment - 2015-07-21 08:12 - edited Yes I was going to suggest that the token root plugin would solve this - but it appears Sam has already tried it. I know build root token plugin has worked for other identity providers. Based on: https://issues.jenkins-ci.org/browse/JENKINS-25791 - it looks like it is not related to PR#37 - but do you want to try an older version to check? It can't hurt. Maybe some special case code is needed for this. I don't think people come across this a lot as they tend to either a) use a github oauth token to interact with jenkins or b) use github to trigger builds directly. If we can confirm it isn't a recent breakage perhaps should close this as a dupe of #25791 and move discussion over to there?

Assignee:: Sam Gleske

Reporter:: Elijah Lynn

Votes:: 0 Vote for this issue

Watchers:: 4 Start watching this issue

Created:: 2015-07-20 15:54

Updated:: 2015-10-19 10:55

Resolved:: 2015-07-22 06:09

Jenkins

Details

Description

Attachments

Attachments

Issue Links

Activity

Collapse comment: Sam Gleske added a comment - 2015-07-20 19:29, Edited by Sam Gleske - 2015-07-20 19:34

Expand comment: Sam Gleske added a comment - 2015-07-20 19:29, Edited by Sam Gleske - 2015-07-20 19:34

Collapse comment: Elijah Lynn added a comment - 2015-07-20 19:37

Expand comment: Elijah Lynn added a comment - 2015-07-20 19:37

Collapse comment: Sam Gleske added a comment - 2015-07-21 00:03

Expand comment: Sam Gleske added a comment - 2015-07-21 00:03

Collapse comment: Sam Gleske added a comment - 2015-07-21 00:10, Edited by Sam Gleske - 2015-07-21 00:11

Expand comment: Sam Gleske added a comment - 2015-07-21 00:10, Edited by Sam Gleske - 2015-07-21 00:11

Collapse comment: Sam Gleske added a comment - 2015-07-21 00:21, Edited by Sam Gleske - 2015-07-21 00:22

Expand comment: Sam Gleske added a comment - 2015-07-21 00:21, Edited by Sam Gleske - 2015-07-21 00:22

Collapse comment: Michael Neale added a comment - 2015-07-21 08:12, Edited by Michael Neale - 2015-07-21 08:13

Expand comment: Michael Neale added a comment - 2015-07-21 08:12, Edited by Michael Neale - 2015-07-21 08:13

People

Dates