Clever Geek Handbook

Spinnaker: 403 Not a single crumb was included in the request

I have configured jenkins in spinnaker as follows and installed spinnaker piping.

 jenkins:
    # If you are integrating Jenkins, set its location here using the baseUrl
    # field and provide the username/password credentials.
    # You must also enable the "igor" service listed separately.
    #
    # If you have multiple jenkins servers, you will need to list
    # them in an igor-local.yml. See jenkins.masters in config/igor.yml.
    #
    # Note that jenkins is not installed with Spinnaker so you must obtain this
    # on your own if you are interested.
    enabled: ${services.igor.enabled:false}
    defaultMaster:
      name: default
      baseUrl: http://server:8080
      username: spinnaker
      password: password

But when trying to start the spinnaker conveyor, I see the following error.

Exception ( Start Jenkins Job ) 403 No valid crumb was included in the request

+18


source to share


6 answers


To fix this problem, I unchecked the "Prevent Cross Site Request Forgery" checkbox under jenkins.com/configureSecurity and it started working.



Prevent subroutine spoofing

+28


source


Finally, this post helped me get rid of the crumb problem, but still made Jenkins safe from CSRF attack.

Invalid crumb solution included in the grant request

Basically, we need to first request crumb with authentication and then POST api calls again with crumb as header along with authentication.

This is how I did it,

curl -v -X GET http://jenkins-url:8080/crumbIssuer/api/json --user <username>:<password>


The answer was,

{
"_class":"hudson.security.csrf.DefaultCrumbIssuer",
"crumb":"0db38413bd7ec9e98974f5213f7ead8b",
"crumbRequestField":"Jenkins-Crumb"
}

Then the POST API with the above crumb info.

curl -X POST http://jenkins-url:8080/job/<job-name>/build --user <username>:<password> -H 'Jenkins-Crumb: 0db38413bd7ec9e98974f5213f7ead8b'
+15


source


Tiny is nothing more than an access token. Below API to get the crumb

https://jenkins.xxx.xxx.xxx/crumbIssuer/api/json

// replace it with your jenkins url and make a GET call in your postman or caller rest-api.

This will generate output as:

{
    "_class": "hudson.security.csrf.DefaultCrumbIssuer",
    "crumb": "ba4742b9d92606f4236456568a",
    "crumbRequestField": "Jenkins-Crumb"
}

Below is more details and a link related to the same: How to request Crumb for jenkins Jenkins publisher on wiki page: https://wiki.jenkins-ci.org/display/jenkins/remote+access+api

If you are calling the rest-api call as well, see the link below for how to call rest rest using jenkins-crumb

https://blog.dahanne.net/2016/05/17/how-to-update-a-jenkins-job-posting-config-xml/

Example:

curl -X POST http://anthony:anthony@localhost:8080/jenkins/job/pof/config.xml --data-binary "@config.xml" -data ".crumb=6bbabc426436b72ec35e5ad4a4344687"
+13


source


  This solution is SAFE to use

this issue came up when we changed jenkins to be accessible via reverse proxy.

In the " Configure Global Security " there is an option " Enable proxy server compatibility ". This helped with my problem.

enter image description here

+7


source


Go to Manage Jenkins => Configure Global Security.

Then uncheck " Prevent Cross-Site Request Forgery "

0


source


I had this problem with my Jenkins installed on an AWS EC2 instance. This problem went away as soon as I opened up to the world (of course I mean "Security Groups"), ports: 80, 8080 (the default jenkins port) and 443. I know this might be sensitive to someone, but it is not me, I did it and the problem went away!

... of course it could be the same for GCP, Azure and other cloud services

0


source






More articles:


All Articles