Open sanith01988 opened 1 month ago
I think you need Graph API permission for the API to work.
@timja Do I need to set graph api permission to the app registration which is using in security relam of Jenkins.
This is used for:
- Jenkins looking up the user, e.g. when you use the Rest API
@timja
I've enabled the entra id permission. Still I'm getting 403 error. `403
Authentication required ` In jenkins log I couldn't see any errors related to it.can you talk me through step by step what you've got setup?
@timja
jenkins:
securityRealm:
azureSecurityRealm:
clientId: ''
clientSecret: ''
tenant: ''
cacheduration: 0
fromrequest: true
authorizationStrategy:
projectMatrix:
entries:
- group:
name: <object-id>
permissions:
- Overall/Administer
- user:
name: <object-id>
permissions:
- Overall/Administer
api_response = requests.get(url, headers=headers, verify=False)
The Jenkins API uses a Jenkins API token and not a Microsoft access token.
Go to the Users profile in Jenkins and generate an API token
Jenkins and plugins versions report
Environment
```text Paste the output here ```What Operating System are you using (both controller, and any agents involved in the problem)?
docker jenkins
Reproduction steps
We're using azure ad app as security relam for our jenkins.Using the azure ad plugin through browser we're able to access the jenkins without any issue(We're not using graph api permission, instead our azure ad app assigned group configured via matrix authorization strategy). Now we need to call the jenkins api,for this we're having a technical account in entra and we're able to create access token for this user.But when we're using this access token for the jenkins api request we're getting 'Error accessing the API: 403 Client Error: Forbidden'.
Expected Results
Jenkins api access with azure ad access token
Actual Results
Error accessing the API: 403 Client Error: Forbidden
Anything else?
No response
Are you interested in contributing a fix?
No response