timja
commented
3 years ago Are the any more infos i can give you to find the cause of this issue?
Closed timja closed 3 years ago
timja
commented
3 years ago Are the any more infos i can give you to find the cause of this issue?
timja
commented
3 years ago Hard to say for sure, but it is unlikely related to the Role Strategy plugin. This plugin handles authoriuzation, but it is not involved in user Authentication.
My best guess is that one of the changes in https://www.jenkins.io/blog/2020/11/10/major-changes-in-weekly-releases/ collides with the login UI. JQuery update seems to be the most likely candidate. I would suggest opening the developer console and checking for errors there when logging in
timja
commented
3 years ago Just tried the update again (2.275 this time), same problem, nothing in the error logs, nothing in the developer console.
The server just returns "401 Unauthorized" and i cannot login.
I have now switched to 2.263.2 LTS, i had this planned anyway and now seems a good time to do so, so fo me this is solved, for now.
I guess we will see if the problem still exists with the next LTS update, if this is the case i will update this ticket, otherwise i will close it.
timja
commented
3 years ago I was unable to duplicate the problem. Jenkins 2.275 recommended upgrading email-ext 2.81, ldap 2.3, and token-macro 2.14. Those three plugin versions are specifically implemented to update with Jenkins 2.265 and beyond.
I enabled role strategy, defined several roles, assigned users to the roles, then logged in as the various users to confirm that the roles were behaving as expected. I did not detect any problem that prevented me from logging in,.
It may have been a problem due to the outdated versions of the plugins, though that seems unlikely to me.
I used the list of plugins to create the following Dockerfile for Jenkins 2.275:
FROM jenkins/jenkins:2.275-slim
RUN jenkins-plugin-cli --verbose --plugins \
Office-365-Connector:4.13.2 \
ace-editor:1.1 \
ant:1.11 \
antisamy-markup-formatter:2.1 \
apache-httpcomponents-client-4-api:4.5.13-1.0 \
bootstrap4-api:4.5.3-1 \
bouncycastle-api:2.18 \
build-blocker-plugin:1.7.3 \
checks-api:1.2.0 \
cloudbees-folder:6.15 \
command-launcher:1.5 \
conditional-buildstep:1.4.1 \
credentials:2.3.14 \
display-url-api:2.3.4 \
durable-task:1.35 \
echarts-api:4.9.0-2 \
email-ext:2.81 \
extended-read-permission:3.2 \
external-monitor-job:1.7 \
font-awesome-api:5.15.1-1 \
icon-shim:2.0.3 \
jackson2-api:2.12.1 \
javadoc:1.6 \
jdk-tool:1.4 \
jquery-detached:1.2.1 \
jquery3-api:3.5.1-2 \
jquery:1.12.4-1 \
jsch:0.1.55.2 \
junit:1.48 \
ldap:2.3 \
mailer:1.32.1 \
mapdb-api:1.0.9.0 \
matrix-auth:2.6.4 \
matrix-project:1.18 \
maven-plugin:3.8 \
pam-auth:1.6 \
parameterized-trigger:2.39 \
pipeline-build-step:2.13 \
pipeline-input-step:2.12 \
pipeline-milestone-step:1.3.1 \
pipeline-stage-step:2.5 \
plain-credentials:1.7 \
plugin-util-api:1.6.1 \
popper-api:1.16.0-7 \
resource-disposer:0.14 \
role-strategy:3.1 \
run-condition:1.5 \
scm-api:2.6.4 \
script-security:1.75 \
shelve-project-plugin:3.1 \
snakeyaml-api:1.27.0 \
sonar:2.13 \
ssh-credentials:1.18.1 \
structs:1.20 \
swarm:3.24 \
throttle-concurrents:2.1 \
timestamper:1.11.8 \
token-macro:2.14 \
trilead-api:1.0.13 \
windows-slaves:1.7 \
workflow-api:2.40 \
workflow-basic-steps:2.23 \
workflow-cps:2.87 \
workflow-durable-task-step:2.37 \
workflow-job:2.40 \
workflow-scm-step:2.11 \
workflow-step-api:2.23 \
workflow-support:3.7 \
ws-cleanup:0.38
timja
commented
3 years ago Is Jenkins running standalone, or in Tomcat or similar?
timja
commented
3 years ago Its running standalone, default windows installation.
timja
commented
3 years ago To clarify, this broke in Jenkins 2.265, NOT Jenkins 2.266?
timja
commented
3 years ago I am not sure if i ever tried updating to 2.265, i can say for sure that i tried updating to 2.266 and 2.274 and the problem occured.
timja
commented
3 years ago So you are using the built-in security realm? Have you by any chance been running with the same user list since 2012 (Jenkins 1.470-)? If so, your saved passwords are invalid and will need to be recreated.
timja
commented
3 years ago How to recreate passwords? Some of our users where created before 2012
I rolled back to 2.263.4 (apt-get install jenkins=2.263.4) and changed my password. We have one other user with a password hash that does not start with {
{#jbcrypt}
}
timja
commented
3 years ago Probably same as JENKINS-65107.
timja
commented
3 years ago So long as one administrative user can login, that user can assign a new password to other users.
The Jenkins 2.277.1 upgrade guide suggests changing the password as another Jenkins user. If no Jenkins administrative user account is available, see "Disabling Security" for more instructions.
timja
commented
2 years ago [Duplicates: JENKINS-65107]
I cannot login anymore after updating jenkins to any version after 2.264 (Last attempt was with 2.274).
I use the role-strategy-plugin for security and i use the built in user directory.
I don't have any errors/warnings in my logs, jenkins just refuses to accept any login after the update.
List of my plugins:
JavaScript GUI Lib: ACE Editor bundle plugin (ace-editor): 1.1 Ant Plugin (ant): 1.11 OWASP Markup Formatter Plugin (antisamy-markup-formatter): 2.1 Apache HttpComponents Client 4.x API Plugin (apache-httpcomponents-client-4-api): 4.5.13-1.0 Bootstrap 4 API Plugin (bootstrap4-api): 4.5.3-1 bouncycastle API Plugin (bouncycastle-api): 2.18 Build Blocker Plugin (build-blocker-plugin): 1.7.3 Checks API plugin (checks-api): 1.2.0 Folders Plugin (cloudbees-folder): 6.15 Command Agent Launcher Plugin (command-launcher): 1.5 Conditional BuildStep (conditional-buildstep): 1.4.1 Credentials Plugin (credentials): 2.3.14 Display URL API (display-url-api): 2.3.4 Durable Task Plugin (durable-task): 1.35 ECharts API Plugin (echarts-api): 4.9.0-2 Email Extension Plugin (email-ext): 2.80 Extended Read Permission Plugin (extended-read-permission): 3.2 External Monitor Job Type Plugin (external-monitor-job): 1.7 Font Awesome API Plugin (font-awesome-api): 5.15.1-1 Icon Shim Plugin (icon-shim): 2.0.3 Jackson 2 API Plugin (jackson2-api): 2.12.0 Javadoc Plugin (javadoc): 1.6 Oracle Java SE Development Kit Installer Plugin (jdk-tool): 1.4 JavaScript GUI Lib: jQuery bundles (jQuery and jQuery UI) plugin (jquery-detached): 1.2.1 jQuery plugin (jquery): 1.12.4-1 JQuery3 API Plugin (jquery3-api): 3.5.1-2 JSch dependency plugin (jsch): 0.1.55.2 JUnit Plugin (junit): 1.48 LDAP Plugin (ldap): 1.26 Mailer Plugin (mailer): 1.32.1 MapDB API Plugin (mapdb-api): 1.0.9.0 Matrix Authorization Strategy Plugin (matrix-auth): 2.6.4 Matrix Project Plugin (matrix-project): 1.18 Maven Integration plugin (maven-plugin): 3.8 Office 365 Connector (Office-365-Connector): 4.13.2 PAM Authentication plugin (pam-auth): 1.6 Parameterized Trigger plugin (parameterized-trigger): 2.39 Pipeline: Build Step (pipeline-build-step): 2.13 Pipeline: Input Step (pipeline-input-step): 2.12 Pipeline: Milestone Step (pipeline-milestone-step): 1.3.1 Pipeline: Stage Step (pipeline-stage-step): 2.5 Plain Credentials Plugin (plain-credentials): 1.7 Plugin Utilities API Plugin (plugin-util-api): 1.6.1 Popper.js API Plugin (popper-api): 1.16.0-7 Resource Disposer Plugin (resource-disposer): 0.14 Role-based Authorization Strategy (role-strategy): 3.1 Run Condition Plugin (run-condition): 1.5 SCM API Plugin (scm-api): 2.6.4 Script Security Plugin (script-security): 1.75 Shelve Project Plugin (shelve-project-plugin): 3.1 Snakeyaml API Plugin (snakeyaml-api): 1.27.0 SonarQube Scanner for Jenkins (sonar): 2.13 SSH Credentials Plugin (ssh-credentials): 1.18.1 Structs Plugin (structs): 1.20 Swarm Plugin (swarm): 3.24 Throttle Concurrent Builds Plug-in (throttle-concurrents): 2.1 Timestamper (timestamper): 1.11.8 Token Macro Plugin (token-macro): 2.13 Trilead API Plugin (trilead-api): 1.0.13 WMI Windows Agents Plugin (windows-slaves): 1.7 Pipeline: API (workflow-api): 2.40 Pipeline: Basic Steps (workflow-basic-steps): 2.23 Pipeline: Groovy (workflow-cps): 2.87 Pipeline: Nodes and Processes (workflow-durable-task-step): 2.37 Pipeline: Job (workflow-job): 2.40 Pipeline: SCM Step (workflow-scm-step): 2.11 Pipeline: Step API (workflow-step-api): 2.23 Pipeline: Supporting APIs (workflow-support): 3.7 Workspace Cleanup Plugin (ws-cleanup): 0.38Originally reported by movedoa, imported from: Cannot login in after 2.264