Debian Question posted in
The oficial documentation can be found here.

Jenkins Active Directory broke. Cannot login, No valid crumb – Debian

I’m running Jenkins on Debian buster for nearly two years in a secure network and I use LDAP/Active Directory for authentication.

A few days ago Jenkins had some notifications that a new version of Jenkins was available and a bunch of plugins should be upgraded including the Active Directory plugin. I started the installation of the plugins, waited for everything to stabilize, then ran:

sudo apt update 
sudo apt upgrade 
sudo systemctl restart jenkins

Now when I try to login to jenkins I get:

HTTP ERROR 403 No valid crumb was included in the request

Even if I try this manually:

$ curl -v -X GET http://jenkins-url:8080/crumbIssuer/api/json --user user:password
{
  "_class":"hudson.security.csrf.DefaultCrumbIssuer",
  "crumb":"2eacfe24ff306c0c68211736cf3c02d3c9e5d675800aec59002ffdc9bcc28301",
  "crumbRequestField":"Jenkins-Crumb"
}
$ curl -X POST http://jenkins-url:8080/job/a330-latest/build --user user:password -H 'Jenkins-Crumb: 2eacfe24ff306c0c68211736cf3c02d3c9e5d675800aec59002ffdc9bcc28301'
<title>Error 403 No valid crumb was included in the request</title>

How do I troubleshoot this? /var/lib/jenkins/secrets/initialAdminPassword is no longer available and there is no jenkins internal user database.

Tags:

2

Answers


  1. Chosen as BEST ANSWER
    0

    The plugins probably hadn't finished installing when you ran sudo apt upgrade.

    In /var/lib/jenkins/config.xml, set <useSecurity>true</useSecurity> to <useSecurity>false</useSecurity> and systemctl restart jenkins.

    Now when you load the jenkins webpage, you'll have administration rights without the need to log-in.

    At this point go to "Manage Jenkins" > "Manage Plugins" and make sure that all plugins are updated. Restart jenkins if necessary after upgrading everything (if ldap/AD plugins are updated, you MUST restart jenkins.

    Next, go to "Manage Jenkins">"Configure Global Security" and re-add your active-directory or LDAP settings. Be sure to use the "Test Domain" function to ensure it works.

    Try logging in to ensure that your AD connection is working.

    If all is successful, then finally go to "Manage Jenkins">"Configure Global Security" and remake your "Authorization" requirements. It's probably on "Anyone can do anything", so flip it back over to Matrix-based security (or whatever you want) and you're done.


  2. 0

    In case someone else has the same issue, the "Oh Sh$t Im Locked out" section from the link below worked for me.

    I a nutshell, edit $JENKINS_HOME/config.xml and change
    <useSecurity>true</useSecurity> to `false

    Reference: https://sqlnotesfromtheunderground.wordpress.com/2017/01/27/connecting-jenkins-to-active-directory-and-how-to-reset-access-to-jenkins/

    Login or Signup to reply.
Please signup or login to give your own answer.

Back To Top
Search