Details
-
Type:
Bug
-
Status: Open (View Workflow)
-
Priority:
Blocker
-
Resolution: Unresolved
-
Component/s: oic-auth-plugin
-
Labels:
-
Environment:Jenkins version: 2.164.3
OIC : 1.7
Matrix Authorization Strategy Plugin : 2.5
-
Similar Issues:
Description
I am using Jenkins Login with Openid Connect (Amazon Cognito). I am able to use group-based authorization. I can see my groups in Granted Authorities: authenticated,<cognito group>
But when I try making API call, it gives me a "403" error saying "Missing overall read permissions".
I am using API token created using <Jenkins url>/configure/me
It is only allowing in case I give "Read" access to the anonymous group in Jenkins, which I couldn't give in my production environment.
Issue::
Jenkins is not able to read neither SSO users authorized in groups nor in the authenticated group.
Not adding much value other than to say we have this problem too. Users are in a group with the correct permissions to make API calls, yet get this "Missing <permission>" error. The permission mentioned has been granted to the group. If we grant the user to the same role (using Folder Authorization Strategy), API access works fine.
The user's https://<jenkins_url>/WhoAmI page displays all their groups fine.