search

jenkinsci / gitlab-plugin

A Jenkins plugin for interfacing with GitLab
https://plugins.jenkins.io/gitlab-plugin/
GNU General Public License v2.0
1.44k stars 612 forks source link

Authentication in Jenkins does not work #1596

Closed fidelski closed 8 months ago

fidelski commented 8 months ago

Jenkins and plugins versions report

Authentication on Jenkins does not work ```text Jenkins: 2.426.1 OS: Linux - 6.6.3-arch1-1 Java: 17.0.9 - Eclipse Adoptium (OpenJDK 64-Bit Server VM) --- analysis-model-api:11.13.0 ant:497.v94e7d9fffa_b_9 antisamy-markup-formatter:162.v0e6ec0fcfcf6 apache-httpcomponents-client-4-api:4.5.14-208.v438351942757 authentication-tokens:1.53.v1c90fd9191a_b_ basic-branch-build-strategies:81.v05e333931c7d blueocean:1.27.9 blueocean-autofavorite:1.2.5 blueocean-bitbucket-pipeline:1.27.9 blueocean-commons:1.27.9 blueocean-config:1.27.9 blueocean-core-js:1.27.9 blueocean-dashboard:1.27.9 blueocean-display-url:2.4.2 blueocean-events:1.27.9 blueocean-git-pipeline:1.27.9 blueocean-github-pipeline:1.27.9 blueocean-i18n:1.27.9 blueocean-jwt:1.27.9 blueocean-personalization:1.27.9 blueocean-pipeline-api-impl:1.27.9 blueocean-pipeline-editor:1.27.9 blueocean-pipeline-scm-api:1.27.9 blueocean-rest:1.27.9 blueocean-rest-impl:1.27.9 blueocean-web:1.27.9 bootstrap5-api:5.3.2-2 bouncycastle-api:2.29 branch-api:2.1135.v8de8e7899051 build-timeout:1.31 caffeine-api:3.1.8-133.v17b_1ff2e0599 checks-api:2.0.2 cloudbees-bitbucket-branch-source:856.v04c46c86f911 cloudbees-folder:6.858.v898218f3609d command-launcher:107.v773860566e2e commons-lang3-api:3.13.0-62.v7d18e55f51e2 commons-text-api:1.11.0-94.v3e1f4a_926e49 configuration-as-code:1752.v0ccc3b_6064b_0 configuration-as-code-groovy:1.1 credentials:1309.v8835d63eb_d8a_ credentials-binding:642.v737c34dea_6c2 data-tables-api:1.13.8-1 display-url-api:2.200.vb_9327d658781 docker-commons:439.va_3cb_0a_6a_fb_29 docker-workflow:572.v950f58993843 durable-task:523.va_a_22cf15d5e0 echarts-api:5.4.3-1 email-ext:2.102 emailext-template:1.5 embeddable-build-status:412.v09da_db_1dee68 favorite:2.4.3 font-awesome-api:6.5.1-1 forensics-api:2.3.0 generic-webhook-trigger:1.88.2 git:5.2.1 git-client:4.6.0 github:1.37.3.1 github-api:1.318-461.v7a_c09c9fa_d63 github-branch-source:1752.vc201a_0235d80 gitlab-api:5.3.0-91.v1f9a_fda_d654f gitlab-branch-source:684.vea_fa_7c1e2fe3 gitlab-logo:1.1.2 gitlab-plugin:1.7.16 gradle:2.9 handy-uri-templates-2-api:2.1.8-22.v77d5b_75e6953 htmlpublisher:1.32 instance-identity:185.v303dc7c645f9 ionicons-api:56.v1b_1c8c49374e jackson2-api:2.15.3-372.v309620682326 jakarta-activation-api:2.0.1-3 jakarta-mail-api:2.0.1-3 javax-activation-api:1.2.0-6 javax-mail-api:1.6.2-9 jaxb:2.3.9-1 jdk-tool:73.vddf737284550 jenkins-design-language:1.27.9 jersey2-api:2.41-133.va_03323b_a_1396 jjwt-api:0.11.5-77.v646c772fddb_0 job-dsl:1.87 jquery3-api:3.7.1-1 jsch:0.2.8-65.v052c39de79b_2 junit:1240.vf9529b_881428 ldap:711.vb_d1a_491714dc lockable-resources:1215.v895f61d7f794 mailer:463.vedf8358e006b_ mapdb-api:1.0.9-28.vf251ce40855d matrix-auth:3.2.1 matrix-project:818.v7eb_e657db_924 mina-sshd-api-common:2.11.0-86.v836f585d47fa_ mina-sshd-api-core:2.11.0-86.v836f585d47fa_ okhttp-api:4.11.0-157.v6852a_a_fa_ec11 pam-auth:1.10 pipeline-build-step:516.v8ee60a_81c5b_9 pipeline-github-lib:42.v0739460cda_c4 pipeline-graph-analysis:202.va_d268e64deb_3 pipeline-groovy-lib:689.veec561a_dee13 pipeline-input-step:477.v339683a_8d55e pipeline-milestone-step:111.v449306f708b_7 pipeline-model-api:2.2151.ve32c9d209a_3f pipeline-model-definition:2.2151.ve32c9d209a_3f pipeline-model-extensions:2.2151.ve32c9d209a_3f pipeline-rest-api:2.34 pipeline-stage-step:305.ve96d0205c1c6 pipeline-stage-tags-metadata:2.2151.ve32c9d209a_3f pipeline-stage-view:2.34 plain-credentials:143.v1b_df8b_d3b_e48 plugin-util-api:3.6.0 prism-api:1.29.0-9 publish-over:0.22 publish-over-cifs:0.16 pubsub-light:1.18 resource-disposer:0.23 scm-api:683.vb_16722fb_b_80b_ script-security:1294.v99333c047434 snakeyaml-api:2.2-111.vc6598e30cc65 sse-gateway:1.26 ssh-credentials:308.ve4497b_ccd8f4 ssh-slaves:2.916.vd17b_43357ce4 sshd:3.312.v1c601b_c83b_0e structs:325.vcb_307d2a_2782 subversion:2.17.3 text-finder:1.26 timestamper:1.26 token-macro:384.vf35b_f26814ec trilead-api:2.84.v72119de229b_7 variant:60.v7290fc0eb_b_cd warnings-ng:10.5.2 workflow-aggregator:596.v8c21c963d92d workflow-api:1283.v99c10937efcb_ workflow-basic-steps:1042.ve7b_140c4a_e0c workflow-cps:3817.vd20b_7e2b_692b_ workflow-durable-task-step:1289.v4d3e7b_01546b_ workflow-job:1385.vb_58b_86ea_fff1 workflow-multibranch:756.v891d88f2cd46 workflow-scm-step:415.v434365564324 workflow-step-api:639.v6eca_cd8c04a_a_ workflow-support:865.v43e78cc44e0d ws-cleanup:0.45 ```

When I create a new Multibranch Pipeline Project in Jenkins and I set the branch source to GitLab, configure everything and configure the webhook in GitLab with the API Token of the privileged user, I always get the 401 Error.

The only way I can trigger builds on Jenkins is to disable /project endpoint authentication and configure the webhook with the project endpoint (not with /gitlab-webhook/post).

According to the documentation it should work when using a Personal API Token of a Jenkins user that has build permission. This is not the case though, even though a valid API token is provided, Jenkins always returns a 401 error with the following text

Oops!
A problem occurred while processing the request.

What Operating System are you using (both controller, and any agents involved in the problem)?

Linux

Reproduction steps

  1. Create a new Multibranch Pipeline job for a gitlab project
  2. Create an API Key as a Jenkins user with build permission
  3. Create a webhook in GitLab with the corresponding token pointing to /gitlab-webhook/post
  4. See that Jenkins responds with 401

Expected Results

Status code 200 success

Actual Results

Status code 401

Anything else?

No response

Are you interested in contributing a fix?

No response

Nikunj2788 commented 8 months ago

Hii , I can fix this issue. You might be missing the Token authentication. Look into Jenkins logs to gather more information about the authentication failure. Jenkins logs are usually located in the JENKINS_HOME/logs directory. Check for any error messages or stack traces related to the authentication issue. Ensure that the API token you generated for the Jenkins user has the necessary permissions. The token should have at least the "Job > Build" permission. Double-check that there are no typos or issues with the API token. If you can provide me the other resource I can fix this.

fidelski commented 8 months ago

The problem was that I misunderstood - the credentials the plugin uses to authenticate GitLab must not be an API Token of a user but an arbitrary entry in the credentials settings of Jenkins, that the plugin reads and checks against the authentication of GitLab. So I needed to create a new credentials entry in Jenkins and use that for the GitLab authentication and everything works.