Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-60942

swarm plugin requires anonymous/overall/read if not started with user/password

    Details

    • Similar Issues:

      Description

      Hi,

      I'm a heavy user of the Jenkins swarm plugin.

      we are using the plugin to enable users to connect their own machines to the server upon request, perform a check, and then disconnect it.

      since we don't require username/password to connect the machines, we had to enable the "anonymous/overall/read" in the global security security (we are using project based matrix authorization).

      what I recently discovered is that the jenkins server is not redirecting non-logged in users to the login page if they are trying to access the server using a link sent to them from a failed job execution. they get a 404 error instead.

      removing the anonymous/overall/read from global security - fixed that problem.

      however, now users are unable to connect their machines to the server unless they provide username and password.

      is there a way to make the swarm plugin NOT use the anonymous/overall/read from global security? maybe there is another way to make this combination work?

      this is a really weird behavior....

      I can provide additional info upon request.

        Attachments

          Activity

          Hide
          basil Basil Crow added a comment -

          Hey Amit Dar, sorry for the late response. Are you saying that you are using Project-based Matrix Authorization granting anonymous users Agent/Create and Agent/Connect but not Overall/Read, and starting Swarm without a -username argument? This is unsupported. The recommended Project-based Matrix Authorization configuration for Swarm is to have a user with a Jenkins API token (or, less desirable, a password) with the Agent/Create and Agent/Connect permissions. In addition, either this dedicated user or the "Anonymous Users" or "Authenticated Users" groups must have the Overall/Read permission.

          Show
          basil Basil Crow added a comment - Hey Amit Dar , sorry for the late response. Are you saying that you are using Project-based Matrix Authorization granting anonymous users Agent/Create and Agent/Connect but not Overall/Read, and starting Swarm without a -username argument? This is unsupported. The recommended Project-based Matrix Authorization configuration for Swarm is to have a user with a Jenkins API token (or, less desirable, a password) with the Agent/Create and Agent/Connect permissions. In addition, either this dedicated user or the "Anonymous Users" or "Authenticated Users" groups must have the Overall/Read permission.
          Show
          basil Basil Crow added a comment - FYI I have documented the recommended configuration for Project-based Matrix Authorization Strategy .

            People

            • Assignee:
              Unassigned
              Reporter:
              amidar Amit Dar
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated: