Details
-
Type:
Bug
-
Status: Open (View Workflow)
-
Priority:
Blocker
-
Resolution: Unresolved
-
Component/s: oic-auth-plugin
-
Labels:
-
Environment:Jenkins version: 2.164.3
OIC : 1.7
Matrix Authorization Strategy Plugin : 2.5
-
Similar Issues:
Description
I am using Jenkins Login with Openid Connect (Amazon Cognito). I am able to use group-based authorization. I can see my groups in Granted Authorities: authenticated,<cognito group>
But when I try making API call, it gives me a "403" error saying "Missing overall read permissions".
I am using API token created using <Jenkins url>/configure/me
It is only allowing in case I give "Read" access to the anonymous group in Jenkins, which I couldn't give in my production environment.
Issue::
Jenkins is not able to read neither SSO users authorized in groups nor in the authenticated group.