I was setting up authentication mechanism for our organization jenkins, which had no security mechanism, "ananoumos" can do anything, delete jobs,build etc.
I did
-
Install github-oauth jenkins plugin
-
In my https://github..com/
a. OAuthApplication –> created new Application
b. provided all details, main thing was
the authorization callback –> http://myserver.example.com:8080/securityRealm/finishLogin
myserver.example.com = my jenkin server -
Ok
-
It created , "ClientId" and "Client secrete" –> Noted down
- Go to Jenkins and configure "Global security: like mentioned here
When I clicked "Save" in Jenkin security configuration,
It trowed big scary error
STDERR: hudson.security.AccessDeniedException2: anonymous is missing the Overall/Administer permission
at hudson.security.ACL.checkPermission(ACL.java:57)
and then when I clicked jekins home page, it tried to redirect me to my org github but failed with "404"
Way out in "Answer" section
Best Answer
Inspired by Jenkins: Accessed denied after turning on global security. How to revert?:
Since in above issue, they haven't used Github Auth plugin, my Jenkins config.xml had other tags, this is what I did:
JENKIN_HOME/config.xml
First under
<authorizationStrategy>
, set true for belowThen I was at least able to view Jenkins jobs as "Anonymous" user
Then I created a new Auth in my organization's GitHub --> My profile --> setting --> "OAuth Application" --> Developers Application and provided similar input, mainly Authorization callback URL:
http://myjenkinsserver:8080/securityRealm/finishLogin
Generated new Client Id and Secrete
tried to login Jenkins, this time it redirected to my org GitHub and asks that Jenkins wants to Authentical, I "Granted" but got new error
Found that this API is not correct,
Modified jenkins
config.xml
and this time it worked :)