3

I'm trying to configure a well-known incident management tool to perform a POST request to a Jenkins job build URL to respond to some alerts.

In this tool, for some reason I cannot put the Jenkins job build endpoint as follows:

https://<user>:<apiToken>@my-jenkins.com/blabla/job/blabla/build?token=<myTokenName>

So, the only alternative the tool provides is putting the authorization details as a header.

Before doing that, I'm trying to check if that would work, using curl. For that reason, I'm calling that Jenkins URL with the Basic auth header, with the following curl command:

curl -X POST -H 'Authorization:Basic <user:apiToken in base64>' -H 'Jenkins-Crumb:<my-crumb>' 'https://my-jenkins.com/blabla/job/blabla/build?token=<myTokenName>'

But is giving me a 401: Not authorized (Invalid password/token for user: my-user). If I place the same credentials in the URL as the first code snippet it works.

I have read the following docs: https://wiki.jenkins.io/display/JENKINS/Authenticating+scripted+clients and it seems setting the Basic auth header is pretty straight forward, but I think I'm missing something here because it doesn't work for me when I use curl.

Also I Googled a little bit and it seems everyone calls the Jenkins job build URL with the user:apiToken in the URL, but as I mentioned, the tool doesn't allow to put URLs like that.

Has anyone performed a Jenkins job launch with a basic auth header?

Any help would be appreciated. Thanks a lot!

Adam
  • 737
  • 1
  • 6
  • 20

2 Answers2

3

Okay... Quite embarrasing but it seems that I was generating the base64 string with my macOS command line shell, but it wasn't working.

I did the same with Postman to generate the auth header and now it's working...

Hope that helps someone, somehow.

Adam
  • 737
  • 1
  • 6
  • 20
1

I faced with the same issue. Below is my solution.

  1. Using a Nginx proxy behind IAP & in front of Jenkins
  2. Using new header for Jenkins instead of "Authorization". For me I used "Jenkins-Authorization" header.
  3. In Nginx configuration I used "proxy_set_header" to set "Authorization" header from "Jenkins-Authorization".
  4. In Nginx configuration, proxy_pass to upstream Jenkins server by using internal IP

Nginx configuration:

upstream app {
    server jenkin_internal_ip:8080;
}
server {
    listen 80 default_server;

    charset utf-8;

    location / {
        include proxy_params;
        proxy_set_header Authorization $http_jenkins_authorization;
        proxy_pass http://app;
        proxy_redirect off;
    }
}
  • remember replace "jenkin_internal_ip" in Nginx configuration as your Jenkins internal IP.
PhungLe
  • 352
  • 3
  • 6