Jenkins login using GitHub Authentication failed being administrator

security github jenkins oauth

I was setting up authentication mechanism for our organization jenkins, which had no security mechanism, "ananoumos" can do anything, delete jobs,build etc. I did

  1. Install github-oauth jenkins plugin

  2. In my https://github..com/ a. OAuthApplication --> created new Application b. provided all details, main thing was the authorization callback --> http://myserver.example.com:8080/securityRealm/finishLogin myserver.example.com = my jenkin server

  3. Ok

  4. It created , "ClientId" and "Client secrete" --> Noted down

  5. Go to Jenkins and configure "Global security: like mentioned here

When I clicked "Save" in Jenkin security configuration, It trowed big scary error

STDERR: hudson.security.AccessDeniedException2: anonymous is missing the Overall/Administer permission at hudson.security.ACL.checkPermission(ACL.java:57)

and then when I clicked jekins home page, it tried to redirect me to my org github but failed with "404"

Way out in "Answer" section


Inspired by Jenkins: Accessed denied after turning on global security. How to revert?:

Since in above issue, they haven't used Github Auth plugin, my Jenkins config.xml had other tags, this is what I did:

  1. in my Jenkins server, JENKIN_HOME/config.xml

  2. First under <authorizationStrategy>, set true for below

    authenticatedUserReadPermission
useRepositoryPermissions
authenticatedUserCreateJobPermission      
allowAnonymousReadPermission 
allowAnonymousJobStatusPermission

  3. Then I was at least able to view Jenkins jobs as "Anonymous" user

  4. Then I created a new Auth in my organization's GitHub --> My profile --> setting --> "OAuth Application" --> Developers Application and provided similar input, mainly Authorization callback URL: http://myjenkinsserver:8080/securityRealm/finishLogin

  5. Generated new Client Id and Secrete

  6. Modified jekins config.xml
  7. restarted jenkins

  8. tried to login Jenkins, this time it redirected to my org GitHub and asks that Jenkins wants to Authentical, I "Granted" but got new error

    org.kohsuke.github.HttpException: Server returned HTTP response code: -1, message: 'null' for URL: https://ghe.acme.com/api/v3/user

  9. Found that this API is not correct,

  10. Modified jenkins config.xml 

    <githubApiUri>https://github.<myorg>.com/api/v3</githubApiUri>

and this time it worked :)

Related

Permission denied when creating database in Sql Server 2008 express
Credentials caching in OpenLDAP proxy
Dealing with moved documents and sites in Sharepoint
Bandwidth sharing via police exceed-action drop on Cisco Catalyst 3550s: anything less draconian?
How to make sure that in case of our mail server being unreachable (connection down) mail still gets queued and resent once it's back up?
SPF Records - mechanism not recognized by this client. unknown mechanisms:
Applying Transport Rule only if the mail is text/plain and another if it is text/html
Is possible to monitor instant CPU usage in windows7 over SNMP? [closed]
What does <domain name>\<computer name>$ mean?
Cannot communicate between two VM on the same physical machine using NAT IP Addressing
Nginx: bug using if in location, how do I rectify
Check version using Chef