Issue
- When testing a hook from GitLab, the following error appears:
<html>
<head>
<meta http-equiv="Content-Type" content="text/html;charset=utf-8"/>
<title>Error 403 anonymous is missing the Job/Build permission</title>
</head>
<body>
<!-- ... -->
</body>
</html>
Environment
- CloudBees CI (CloudBees Core) on modern cloud platforms - Managed Master
- CloudBees CI (CloudBees Core) on traditional platforms - Client Master
- CloudBees Jenkins Enterprise - Managed Master
- CloudBees Jenkins Platform - Client Master
- CloudBees Jenkins Distribution
- Jenkins LTS
Resolution
The GitLab plugin offers an option Enable authentication for ‘/project’ end-point" to turn the authentication of the /project
endpoint used by the webhook on and off. The message indicates that the option is turned on.
Two configuration options are possible, you should review them with your security team:
-
Keep the
/projectendpoint authenticated.
In this case it means that you need to configure the hook GitLab side with an authenticated user having the Job/Build permission.
Please refer to GitLab documentation to properly configure authentication with the webhook. -
Switch authentication of the endpoint off by unticking the Enable authentication for ‘/project’ end-point" option in Jenkins global configuration.
This option allows anybody knowing the url of the hook to trigger a job.
You should review with your security team that it is acceptable in your environment.
0 Comments