-
Bug
-
Resolution: Won't Fix
-
Major
-
Jenkins 1.512, RedHat Linux. Also seeing this on 1.480.3 (current LTS release)
I have Global Security configured to use LDAP with "Project-based Matrix Authorization Strategy" enabled. Anonymous user has the "Job > Build" privilege, and no other privileges (in particular, the "anonymous" user does NOT have "Overall > Read" privilege, since I don't want everyone to be able to view the list of jobs and other general information).
I want an automated script to be able to trigger a build using the "Trigger Builds Remotely" feature, where I specify a "?token=[token]" value and the standard authentication should be bypassed, as long as the [token] value matches the one I set in the job's Configure page.
The documentation seems to indicate this should work:
https://wiki.jenkins-ci.org/display/JENKINS/Quick+and+Simple+Security
So specifically, I am expecting this HTTP request to work:
curl -i https://jenkinsHost/job/ProjectName/build?token=test
But I get
[~]$ curl -i https://jenkinsHost/job/ProjectName/build?token=test HTTP/1.1 403 Forbidden Date: Sat, 27 Apr 2013 23:17:03 GMT Server: Winstone Servlet Engine v0.9.10 Content-Type: text/html;charset=UTF-8 Content-Length: 629 X-Powered-By: Servlet/2.5 (Winstone/0.9.10) Set-Cookie: JSESSIONID.e9bc4765=e1f0a30b9f04b3740bae527a7822b2d5; Path=/; HttpOnly Connection: close <html><head><meta http-equiv='refresh' content='1;url=/login?from=%2Fjob%2FProjectName%2Fbuild%3Ftoken%3Dtest'/> <script> window.location.replace('/login?from=%2Fjob%2FProjectName%2Fbuild%3Ftoken%3Dtest');</script> </head> <body style='background-color:white; color:white;'> Authentication required </body></html>
When I DO use API authentication, the request works:
curl -i --username "test_user:API_KEY" https://hostname/job/ProjectName/build?token=test
But again, according to the documentation I think it is supposed to bypass the global authentication if ?token is present and matches the project token I configure. Why is this not working? What other information/logs can I provide?