Closed dduportal closed 1 year ago
I have the same issue:
@dduportal: I'm not sure: Should I delete this comment here and create a separate ticket for my issue instead?
same here for olamy
user.
Not sure if we need to create some new issues for that.
All good. Thanks @daniel-beck to fix my issue.
All good. Thanks @daniel-beck to fix my issue.
I would be happy to thank as well, but my issue is still unresolved :-)
@dtbaum Currently looking. You did good to comment here (no problem to have a separated issue if it is ok for you , both are ok 👍 )
@dtbaum your user account tbaum
has been updated: can you retry?
My issue is fixed! Thank you!
Sent an email to Jfrog about this behavioral change, before trying any other action
@smerle33 is there a reason you unpinned this? it's affecting a lot of people so shouldn't it be highlighted?
integer
has issue, could you check?
@smerle33 is there a reason you unpinned this? it's affecting a lot of people so shouldn't it be highlighted?
Stéphane mentioned today that he unpinned an issue by mistake but closed the tab and didn't remember which one it was, thanks for the comment it I've repinned the issue.
integer
has issue, could you check?
@KostyaSha I don't have the necessary permissions on the Artifactory for that but it will be taken care of quickly by someone who does.
@KostyaSha Your account should be fixed.
Update: with the help of JFrog user, we were able to tackle the challenge of the new users.
Since a few days, any new Jenkins LDAP user, when logging in to repo.jenkins-ci.org for the first time, are created with the option "Disable Internal password" to avoid ther problem.
We confirmed that behavior with 2 new users we created in parallel and tested to be sure (cleaned up since through my admin account).
Next step is to batch update all existing users. JFrog support is checking if they have this tooling internally and will come back to us. If they don't, we'll have to write and run a script using the API (https://jfrog.com/help/r/jfrog-rest-apis/update-a-user-partial-update) to to it ourselves.
I have the same issue. Login to https://accounts.jenkins.io/myself/ works but fail to login in repo.jenkins-ci.org and when I run mvn release:perform (HTTP 401)
I'm the maintainer of nodejs, dependency-check and xunit plugins. I get failure on plugin release. Anyone can help?
LDAP username nfalco GitHub username nfalco79 nfalco79(at)hotmail.com
I have the same issue. Login to https://accounts.jenkins.io/myself/ works but fail to login in repo.jenkins-ci.org and when I run mvn release:perform (HTTP 401)
I'm the maintainer of nodejs, dependency-check and xunit plugins. I get failure on plugin release. Anyone can help?
LDAP username nfalco GitHub username nfalco79 nfalco79(at)hotmail.com
Hi @nfalco79 , your account has been updated (and also the account nfalco79
which is using the same email). Can you retry?
(Edit I've seen youe initial message in https://github.com/jenkins-infra/helpdesk/issues/3702 but marked it as off-topic, as well as my answer, as your message here is easier to track and gives more information)
I'm able to login thanks very much!
For info: new problem with Artifactory today when updating "faulty" user profiles: https://github.com/jenkins-infra/helpdesk/issues/3724#issuecomment-1689490695
Gotta check the API
me too
Good news, the APi still works 🎉
Just ran:
curl -X PATCH -v -H "Authorization: Bearer $TOKEN" https://repo.jenkins-ci.org/access/api/v2/users/rsandell -H 'Content-Type: application/json' -H 'Accept: application/json' -d '{"internal_password_disabled": true}'
and now @rsandell 's profile looks good. @rsandell can you retry?
I am able to login to the ui, but I still get a 403 error when trying to deploy an artifact
[ERROR] Failed to execute goal org.apache.maven.plugins:maven-deploy-plugin:3.1.1:deploy (default-deploy) on project active-directory: Failed to deploy artifacts: Could not transfer artifact org.jenkins-ci.plugins:active-directory:hpi:2.32 from/to maven.jenkins-ci.org (https://repo.jenkins-ci.org/releases/): status code: 403, reason phrase: (403)
Hello, we are getting 401 errors releasing the datadog plugin using the datadog
user. Could you update the account? Thanks!
Hello, we are getting 401 errors releasing the datadog plugin using the
datadog
user. Could you update the account? Thanks!
Hello @sarah-witt thanks for raising the concern. The datadog
account in Artifactory has been updated and you should be able to log-in with the Jenkins password (and proceed with the plugin release).
I am able to login to the ui, but I still get a 403 error when trying to deploy an artifact
[ERROR] Failed to execute goal org.apache.maven.plugins:maven-deploy-plugin:3.1.1:deploy (default-deploy) on project active-directory: Failed to deploy artifacts: Could not transfer artifact org.jenkins-ci.plugins:active-directory:hpi:2.32 from/to maven.jenkins-ci.org (https://repo.jenkins-ci.org/releases/): status code: 403, reason phrase: (403)
Thanks @rsandell . The change HTTP/401 -> HTTP/403 shows that the applied change works as expected. The new problem is related to permissions. Ping @daniel-beck were you able to find the cause for this case (or was it a partial release) with @rsandell ?
The 403 is what motivated me asking about better logs elsewhere 😉 Increasing the version number and retrying worked for @rsandell.
Thanks @dduportal, we were able to release!
Hi @dduportal, I also have login issues (vlatombe
) on Artifactory (but not on accounts or jira). Can you fix my account?
@Vlatombe done (you're lucky I am working with the batch update of all users and just see your message ;) )
Thanks @dduportal !
Update: working on the batch updated. A few numbers with my current script:
internal_password_disabled
not set to true
=> I expect to be running the new batch later today. It should take 1 hour:
Update: Currently running the following API call on each LDAP enabled user:
curl --fail --location --silent --show-error --header "Authorization: Bearer <super secret token not stored in clear and valid only 1 day>" \
--header 'Content-Type: application/json' --header 'Accept: application/json' --data '{"internal_password_disabled": true}' \
--request PATCH \
"https://repo.jenkins-ci.org/access/api/v2/users/${ldap_user}"
Result in ~1 hour
Update: all users have been updated to a proper configuration with succes. Running one last check to ensure there are no edge cases.
Last check:
$ bash ./check-artifactory-users.sh
Total # of users: 2724
Total # of LDAP enabled users: 2704
Total # of misconfigured users: 0
=> We can close the issue! Feel free to reopen if you still see HTTP/401 errors
Service(s)
Artifactory
Summary
We recently (past 2 weeks) had a lot of contribuotr users failing to release their plugin due to an authentication problem in Artifactory (repo.jenkins-ci.org): HTTP/401 answered.
settings.xml
).The solution is to update user configuration in Artifactory itself (a "proxy" user is created inside Artifactory database when a LDAP account logs in the first time) by setting the boolean attribute "Disable Internal Password" to true to force Artifactory considering only the LDAP system for password instead of checking the "proxy" user local password (??) as described by https://github.com/jenkins-infra/helpdesk/issues/3680#issuecomment-1651716208.
The following cases where treated with this problem:
This issue is to track the actions required to fix all users:
true
to all usersReproduction steps
No response