Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-60918

OIC user not able to make API calls

    XMLWordPrintable

    Details

    • Similar Issues:

      Description

      I am using Jenkins Login with Openid Connect (Amazon Cognito). I am able to use group-based authorization. I can see my groups in Granted Authorities: authenticated,<cognito group>

      But when I try making API call, it gives me a "403" error saying "Missing overall read permissions". 

      I am using API token created using <Jenkins url>/configure/me

      It is only allowing in case I give "Read" access to the anonymous group in Jenkins, which I couldn't give in my production environment.

      Issue::

      Jenkins is not able to read neither SSO users authorized in groups nor in the authenticated group.

       

        Attachments

          Activity

          Hide
          brendanh Brendan Holmes added a comment - - edited

          Not adding much value other than to say we have this problem too. Users are in a group with the correct permissions to make API calls, yet get this "Missing <permission>" error. The permission mentioned has been granted to the group. If we grant the user to the same role (using Folder Authorization Strategy), API access works fine.

          The user's https://<jenkins_url>/WhoAmI page displays all their groups fine.

          Show
          brendanh Brendan Holmes added a comment - - edited Not adding much value other than to say we have this problem too. Users are in a group with the correct permissions to make API calls, yet get this "Missing <permission>" error. The permission mentioned has been granted to the group. If we grant the user to the same role (using Folder Authorization Strategy), API access works fine. The user's https://<jenkins_url>/WhoAmI page displays all their groups fine.

            People

            Assignee:
            Unassigned Unassigned
            Reporter:
            isha2504 Isha Garg
            Votes:
            1 Vote for this issue
            Watchers:
            2 Start watching this issue

              Dates

              Created:
              Updated: