API Tokens get removed from Client Masters or Managed Masters

Issue

My user API tokens in the Master are disappearing after some time of being created.

Environment

Resolution

By default, API Tokens are synchronized from Operations Center to the CMs and/or MMs. This means that if your users are defining their API Tokens at CM and/or MM level, they will be wiped out with the information stored at Operations Center level when the synchronization process happens.

When selected, this option will synchronize the user’s name, description, API Tokens and other properties with the user’s record in the Operations Center. The synchronization takes place when Jenkins queries the full user details from the security realm; which typically occurs during a log in operation. This will result in the API token being removed from the Master using the ones defined in the Operations Center instead.

Create API tokens at the Operations Center level

API tokens could be created at the Operations Center level. For this, go to your Operations Center, select your name and click configure again. Then click Add new Token to create a new API token at the Operations Center level.

Workarounds

As previously suggested, we could disable the synchronization of a particular user at master level. Notice that the synchronization will still happen for the rest of the users as long as they have enabled the Synchronize details on login in the user at the Master level.

Tested products/plugins version

The latest update of this article was tested with:

Have more questions?

1 Comments

  • 0
    Avatar
    mark.kenneally Kenneally

    Our solution is to block access to the users config page on the client masters and redirect users to their WhoAmI page on the Jenkins OC server using the Request Filtering plugin.

Please sign in to leave a comment.