How to access Jenkins using basic authentication

3
votes

I want to access Jenkins using basic authentication. I have started the Jenkins as mentioned in Quick and Simple Security page with user name "user" and password as "password" and choosing Delegate to servlet container for security realm and Legacy mode for authorization strategy. But when I try to access job configuration of a job(my_test_job) using curl command as:

curl -X GET --user user:password --insecure https:///localhost:9000/job/my_test_job/config.xml

(using same credentials that which used in the server start up as in 1), it wan't authorized and I can see following log in the Kenkins:

While serving https://localhost:9000/job/my_test_job/config.xml: hudson.security.AccessDeniedException2: anonymous is missing the Job/ExtendedRead permission.

What am I missing here? How can I configure jenkins to access using simple basic authentication? Appreciate your help..

Note: I have enabled https and and changed the port to 9000 and my jenkins version is 1.609

1
curljenkinsjenkins-plugins
Using pypi.python.org/pypi/jenkinsapi/0.2.26 is not a option ? - Dawid Gosławski
Hi @alkuzad Nope. I just want to configure jenkins, such that it can access using basic authentication as in curl command given above. - Buddy
Oh, ok. So be sure to use cookies with curl to be authenticated, --cookie-jar option. I also do not know if Jenkins supports such authorization - it's intended rather for FTP where the site displays popup window for logging - not for custom logins like Jenkins have. wiki.jenkins-ci.org/display/JENKINS/… also indicates using api-key, maybe this would be better approach ? - Dawid Gosławski

1 Answers

1
votes

Jenkins has its own authentication mechanism therefore you can't access it by using Apache basic authentication by default (it's a java app, not Apache website). Although you can delegate the authentication to the reverse proxy that you run in front of Jenkins. Here are the steps:

  1. Consider installing Reverse Proxy Auth to delegate the authentication to the reverse proxy.

  2. Configure Apache or nginx to use Apache basic authentication. See: Apache frontend for security and Secure Jenkins with Apache basic authentication.

  3. Restrict your direct access to Jenkins by listening only on local IP address.

    On Linux this can be configured in JAVA_ARGS in /etc/default/jenkins file, but it may vary depending on your Linux distribution or operating system. See: How can I get Jenkins to stop listening for remote connections?

  4. Now access your Jenkins via reverse proxy port.