[JIRA] (JENKINS-60918) OIC user not able to make API calls

6 views
Skip to first unread message

garg.ishy746@gmail.com (JIRA)

unread,
Jan 30, 2020, 7:35:02 AM1/30/20
to jenkinsc...@googlegroups.com
Isha Garg assigned an issue to Daniel Beck
 
Jenkins / Bug JENKINS-60918
OIC user not able to make API calls
Change By: Isha Garg
Assignee: Isha Garg Daniel Beck
Add Comment Add Comment
 
This message was sent by Atlassian Jira (v7.13.6#713006-sha1:cc4451f)
Atlassian logo

garg.ishy746@gmail.com (JIRA)

unread,
Jan 30, 2020, 7:35:03 AM1/30/20
to jenkinsc...@googlegroups.com
Isha Garg created an issue
Issue Type: Bug Bug
Assignee: Isha Garg
Components: matrix-auth-plugin, matrix-project-plugin, oic-auth-plugin
Created: 2020-01-30 12:34
Environment: Jenkins version: 2.164.3
OIC : 1.7
Matrix Authorization Strategy Plugin : 2.5
Labels: plugin jenkins oic jenkins-oic matrix-auth
Priority: Blocker Blocker
Reporter: Isha Garg

I am using Jenkins Login with Openid Connect (Amazon Cognito). I am able to use group-based authorization. I can see my groups in Granted Authorities: authenticated,<cognito group>

But when I try making API call, it gives me a "403" error saying "Missing overall read permissions". 

I am using API token created using <Jenkins url>/configure/me

It is only allowing in case I give "Read" access to the anonymous group in Jenkins, which I couldn't give in my production environment.

Issue::

Jenkins is not able to read neither SSO users authorized in groups nor in the authenticated group.

 

dbeck@cloudbees.com (JIRA)

unread,
Jan 30, 2020, 8:47:04 AM1/30/20
to jenkinsc...@googlegroups.com
Daniel Beck assigned an issue to Unassigned
Change By: Daniel Beck
Assignee: Daniel Beck

dbeck@cloudbees.com (JIRA)

unread,
Jan 30, 2020, 8:47:05 AM1/30/20
to jenkinsc...@googlegroups.com
Daniel Beck updated an issue
Change By: Daniel Beck
Component/s: matrix-auth-plugin
Component/s: matrix-project-plugin
Reply all
Reply to author
Forward
0 new messages