Closed amaccormack-lumira closed 2 months ago
Hi If curl has same error it looks like an Jenkins issue Can you please create a new API token and test again please? During last week's I saw multiple messages that user have issue with old API token
can you also test it with
curl-v -u user:token https://ci.domain.com/api/json
And if possible and public avaialbe you can send me the server and credentials to test. (can also offer proivate channel like Gitter/Matrix)
Thanks for the superfast response!
Got 500 from /api/json too
I don't have log access on the server so I've asked our support guy to have a look if we can find the error Jenkins version is 2.346.3 if that makes any difference
Jenkins version looks fine I also use against multiple versions. One with lots and one with latest It works normally fine but could be some restrictions in infrastructure
If curl also not work correctly it seem something on network or server
Your curl response not say any more Infos?
Looks like it may be an ActiveDirectory problem, this was in the Jenkins log:
Weird, because I can log in on the GUI fine
May 01 11:40:59 ip-10-245.dev.ci.ldx jenkins[24472]: 2024-05-01 11:40:59.386+0000 [id=12049256] INFO c.a.c.util.logging.ClientLogger#performDeferredLogging: Azure Identity => getToken() result for scopes [https://graph.microsoft.com/.default]: SUCCESS May 01 11:40:59 ip-10-245.dev.ci.ldx jenkins[24472]: 2024-05-01 11:40:59.448+0000 [id=12081601] SEVERE c.m.graph.logger.DefaultLogger#logError: CoreHttpProvider[sendRequestInternal] - 408Graph service exception May 01 11:40:59 ip-10-245.dev.ci.ldx jenkins[24472]: 2024-05-01 11:40:59.448+0000 [id=12081601] SEVERE c.m.graph.logger.DefaultLogger#logError: Throwable detail: com.microsoft.graph.http.GraphServiceException: Error code: Request_ResourceNotFound May 01 11:40:59 ip-10-245.dev.ci.ldx jenkins[24472]: Error message: Resource 'andrew@domain.com' does not exist or one of its queried reference-property objects are not present. May 01 11:40:59 ip-10-245.dev.ci.ldx jenkins[24472]: GET https://graph.microsoft.com/v1.0/users/andrew@domain.com May 01 11:40:59 ip-10-245.dev.ci.ldx jenkins[24472]: SdkVersion : graph-java/v5.31.0 May 01 11:40:59 ip-10-245.dev.ci.ldx jenkins[24472]: 404 : May 01 11:40:59 ip-10-245.dev.ci.ldx jenkins[24472]: [...] May 01 11:40:59 ip-10-245.dev.ci.ldx jenkins[24472]: [Some information was truncated for brevity, enable debug logging for more details] May 01 11:40:59 ip-10-245.dev.ci.ldx jenkins[24472]: 2024-05-01 11:40:59.448+0000 [id=12081601] WARNING j.s.BasicHeaderApiTokenAuthenticator#authenticate2: API token matched for user andrew@domain.com but the impersonation failed May 01 11:40:59 ip-10-245.dev.ci.ldx jenkins[24472]: org.springframework.security.core.userdetails.UsernameNotFoundException: Cannot find user: andrew@domain.com
GUI works because it uses your real credentials to authenticate against the AD
Normally the API token for Our account should be used as additional auth against Jenkins But maybe there is something wrong
I can try to reproduce it to help but I need to setup a simple ad for test Do you use a self hosted ad or a cloud based?
From logs I assume it's a cloud version
What I see in error is that the API token is valid but then no user found. Is the mail andrew@ in Jenkins users to find?
Looks a bit like following Have you tried this? https://github.com/jenkinsci/azure-ad-plugin/issues/171
And https://github.com/jenkinsci/azure-ad-plugin/issues/246
Do you use the azure plugin? Are your rights coming from group or directly for user?
Thanks, I'll put these questions to the admins and try and get back
Ok I also try to reproduce it the days
Yeah, looks like there's a PR on the Azure AD plugin that went in a while back, but we can't pick it up for a while as it cascades into a full Jenkins upgrade. which will go on the backlog..
Happy to close as Jenkins/AzureAD plugin issue, not the jenkins control plugin. Thx for all the help.
Ok Thanks for feedback. Can you tell the pr so that I have it if it happens again for others
It was mentioned in one of the issues you linked: https://github.com/jenkinsci/azure-ad-plugin/pull/165
Thanks This pr is 3 y old So you longer not updated?
If this not help, feel free to reopen it for further assistance
Seem to get a 500 error when trying to connect to Jenkins, but other API tools are working and the authentication seems to be OK (API token screen shows it was used today). Access via Jenkins web interface is all fine.
Tried the curl-v -u user:token https://ci.domain.com/user/login/api/json and get the same 500 error