Anonymous access to CJOC and the Client masters

Issue

  • You have configured your CloudBees Jenkins Operations Center (CJOC) with Client master security as “SSO (security realm an authorization strategy)” and authentication mapping as “Trusted master with equivalent security realm”.
  • Anonymous role has given the following permissions:

Overall/Read
Job/Read
Job/Discover
Job/Workspace
View/Read

While authenticated access works fine, what you would like to achieve is that anonymous (non-authenticated) browsing is allowed. However, “curling” root URL of a master gives the following:

Authentication required

You are authenticated as: anonymous
Groups that you are in:

Permission you need to have (but didn't): hudson.model.Hudson.Read
... which is implied by: hudson.security.Permission.GenericRead

Environment

Resolution

With the security settings you have any changes you made in the root context of a client master will be void since it’s read only at that level.

The filter is most likely set on the client master in CJOC. You can change the roles and filters for the client master in CJOC by opening the context menu for the client master in the list view and select Roles. From there you should be able to remove the filter on anonymous. If it isn’t there the filter might be set on one of the parent folders.

Have more questions?

0 Comments

Please sign in to leave a comment.