It's all about the answers!

Ask a question

Jenkins Authentication Change?


Dan Zentgraf (2178) | asked Nov 06 '14, 11:32 a.m.
We recently had a couple of team upgrade their Jenkins servers to the 1.580.1 LTS version (pushed 10/29 by the Jenkins people). Since they have upgraded, we have had strange behavior authenticating RTC and those machines. The setup has been working for some time using the prior Jenkins LTS version (1.565.x).

The behavior change is in the Authentication piece of the Build Engine definition in RTC.
If we check the "Authentication Required" box, Jenkins will return a 401 error even though the credentials work fine if you log into the Jenkins server directly.
Further, if we UN-check the box, the builds will run fine AND show that the credentials previously entered in the Build Engine definition (i.e. when the "Authentication Required" box was checked) were used to request the build in Jenkins.

We have tested it by:
  1. changing the credentials in the Build Engine
  2. trying a build with the 'Authentication Required' box checked (consistently getting an auth failure 401 error)
  3. unchecking the box
  4. re-requesting the same build (consistently getting successful build start in Jenkins)
The behavior is consistent in multiple project areas.
Our main RTC server is 4.0.7, but we were able to reproduce the behavior using our CLM5.0.1 test server.
Both Jenkins servers are on RedHat Linux and use our LDAP for authentication.

There appear to have been a number of security enhancements in Jenkins quite recently, so we are wondering if there is a lag in compatibility on the RTC side?

We have a workaround - albeit a pretty weak one - for now.
Has anyone else seen this?
Are there any hotfixes we need?

2 answers



permanent link
Dan Zentgraf (2178) | answered Nov 06 '14, 12:29 p.m.
 Hi Nick-

Thanks for the pointer to that Defect. That is exactly the error message set we are getting.

The Jenkins security is set up differently between the two servers, but neither allows anonymous access.
  • Server 1 uses LDAP for authentication, however, the authorization is set to 'logged in users can do anything'.
  • Server 2 uses LDAP for authentication, BUT it also uses the matrix security settings (also derived from LDAP) for authorization.
Neither uses SSL (ie HTTPS).

-Dan


permanent link
Nick Edgar (6.5k711) | answered Nov 06 '14, 11:46 a.m.
JAZZ DEVELOPER
Hi Dan, what are the security settings on the Jenkins side? Do they allow anonymous users to make changes / trigger builds? The latest Jenkins builds have some known issues with LDAP, which we're tracking in RTC Hudson/Jenkins server-side integration doesn't work with Jenkins Version higher then 1.575 (329186)

Your answer


Register or to post your answer.


Dashboards and work items are no longer publicly available, so some links may be invalid. We now provide similar information through other means. Learn more here.