API token failure authentication using some jenkins ruby library about jenkins-cas-plugin HOT 4 CLOSED

Hello,

Could you please let me know which version of Jenkins you are using, and how permissions of the user you are using are granted? (e.g. explicitly or via group/role membership)

Thanks,
Fabien.

from jenkins-cas-plugin.

Hi,

we use the latest stable version of jenkins (jenkins-1.591-1.1.noarch) on a CentOS 6.5. We tested the persmissions giving through the matrix based on both group and role, by enabling all the permissions..

Thanks in advance,

Jan.

from jenkins-cas-plugin.

With the latest Jenkins I was able to authenticate with an API key from a command line while CAS was enabled, so the problem is more likely to be with authorization rather than authentication.

Here are a few things to try:

• With a browser, login to Jenkins with the test user (via CAS) and check that user has the appropriate permissions.
• With a browser, go to the http://<server>:<port>/whoAmI/api/xml page and copy/paste the results here.
• With a terminal, execute the following command and copy/paste the results here:
  wget -nv -S -O - --auth-no-challenge --http-user=<username>--http-password=<API key> http://<server>:<port>/whoAmI/api/xml

Those two XML results may show differences between "granted authorities" given by a web login and an API key login.

One possibility, if you are only granting permissions based on groups, is that these groups were not stored by Jenkins and cannot be queried with API key authentication. As for Jenkins 1.556 and JENKINS-20064, groups are supposed to be stored after a successful web-based login.

Let me know what you find :-)
Fabien.

from jenkins-cas-plugin.

It's solved, I created a specific script user which doesn't exist in CAS. I forgot to add this user in my matrix based security plan.

Once I added this user to the matrix the scripts are working again.

Many thanks to pointing me out the the whoAmI pages!

from jenkins-cas-plugin.