HTTP Status 403 – Forbidden error

[Mk]

Hello Jenkins Community team,

I am using Jenkins - 2.263.1(LTS) deployed through tomcat.

I have upgraded few of the plugins yesterday since then i am facing following issue whenever i modify any settings under Manage Jenkins --> Configure Systems section if i click save button. it takes few mins and throws the below error.

HTTP Status 403 – Forbidden
Type Status Report
Message No valid crumb was included in the request
Description The server understood the request but refuses to authorize it.
Apache Tomcat/9.0.30

From jenkins systems log below message shown.

Feb 18, 2021 7:52:13 AM WARNING hudson.ExpressionFactory2$JexlExpression evaluate

Caught exception evaluating: h.filterDescriptors(it,attrs.descriptors) in /jenkins/configure. Reason: java.lang.NullPointerException: Descriptor list is null for context 'class hudson.model.Hudson' in thread 'Handling GET /jenkins/configure from 206.25.26.27 : http-nio-8080-exec-2 Jenkins/configure.jelly GlobalLibraries/config.jelly LibraryConfiguration/config.jelly SCMRetriever/DescriptorImpl/config.jelly MultiSCM/DescriptorImpl/config.jelly'
java.lang.NullPointerException: Descriptor list is null for context 'class hudson.model.Hudson' in thread 'Handling GET /jenkins/configure from 206.25.26.27 : http-nio-8080-exec-2 Jenkins/configure.jelly GlobalLibraries/config.jelly LibraryConfiguration/config.jelly SCMRetriever/DescriptorImpl/config.jelly MultiSCM/DescriptorImpl/config.jelly'
    at hudson.model.DescriptorVisibilityFilter.apply(DescriptorVisibilityFilter.java:73)
    at hudson.Functions.filterDescriptors(Functions.java:2122)
    at sun.reflect.GeneratedMethodAccessor308.invoke(Unknown Source)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
    at java.lang.reflect.Method.invoke(Method.java:498)

Under Configure Global security --> CSRF Protection -->Enable proxy compatibility(Enabled). Still same problem persists. Therefore please help me to solve this issue.

Thanks in advance.

[Mark Waite]

That null pointer exception seems likely to have been caused by one of the plugins that was updated.  Since it is mentioning LibraryConfiguration, SCMRetriever, and MultiSCM, you might first look at the workflow-cps-global-lib and the multiple-scms plugin to see if either of them were recently upgraded.

The MultipleSCMs plugin has been deprecated.  Jenkins Pipeline is the better way to implement multiple SCM support from within a single job.

Mark Waite

--
You received this message because you are subscribed to the Google Groups "Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-use...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/5813788e-3157-45f5-b2d4-f906b3ce8228n%40googlegroups.com.

[Mk]

Thanks Mark. I have uninstalled the MultiSCM plugin and restarted the service. However still i am experiencing the same problem. Under Manage Jenkins --> Configure Systems section post any modification if i click save button it fails. Now from systems log i can below error message.

Feb 19, 2021 10:56:05 AM WARNING hudson.security.csrf.CrumbFilter doFilter
No valid crumb was included in request for /jenkins/configSubmit by vasanth.guru. Returning 403.

The account i am using has Admin privilege.

[Mark Waite]

You may need to investigate the settings on your tomcat server.  I would guess that it is somehow disrupting the flow of the crumb from Jenkins to the browser or from the browser to Jenkins.  I don't run Jenkins in tomcat, so I have no experience with diagnosing issues in tomcat.

On Thu, Feb 18, 2021 at 10:35 PM Mk <moha...@gmail.com> wrote:

Thanks Mark. I have uninstalled the MultiSCM plugin and restarted the service. However still i am experiencing the same problem. (Manage Jenkins --> Configure Systems section post any modification if i click save button it fails). Now from systems log i can below above errors disappeared.

Feb 19, 2021 10:56:05 AM WARNING hudson.security.csrf.CrumbFilter doFilter
No valid crumb was included in request for /jenkins/configSubmit by vasanth.guru. Returning 403.

On Friday, February 19, 2021 at 10:31:23 AM UTC+5:30 Mark Waite wrote:

To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/3f23087f-d1cd-4fbb-9a6b-30d4bf96dafbn%40googlegroups.com.

[Mohan]

It looks security feature included in 2.263.1(LTS) version,and that required authentication even for tomcat.

1) Under Configure Global security --> CSRF Protection -->Enable proxy compatibility( Tick marked Enabled). 
2) hudson.security.csrf.GlobalCrumbIssuerConfiguration.DISABLE_CSRF_PROTECTION = true
3) Installed the Strict Crumb Issuer plugin.
   Enabled this plugin and uncheck Check the session ID from its configuration (Under Jenkins Configure Global Security).
4) Restated the Jenkins.

Have tried above workaround, however it didn't help.

Any other pointer to solve this would be helpful.

You received this message because you are subscribed to a topic in the Google Groups "Jenkins Users" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/jenkinsci-users/AXmM72EnnaU/unsubscribe.
To unsubscribe from this group and all its topics, send an email to jenkinsci-use...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/CAO49JtGYgfHx6S5V2VseOCe0rkSLE4Nj1fCJSAmSwgcq4vqQ9w%40mail.gmail.com.