Cannot restore Jenkins security after disabling it in config.xml

Asked 20/8, 2013 at 10:1 Answered 13/8, 2020 at 11:30

Yesterday, I locked myself out of jenkins while trying to configure ldap authentication, so I followed the instructions in the wiki and disabled security in the config.xml file via ssh. Now I want to get back to the normal jenkins security, but the possibility is not given under "Configure Jenkins" anymore. So I'm looking for a possibility to restore normal security through the config.xml.

Here is the relevant part of the current config.xml file:

<hudson>
  <disabledAdministrativeMonitors/>
  <version>1.477</version>
  <numExecutors>3</numExecutors>
  <mode>NORMAL</mode>
  <useSecurity>true</useSecurity>
  <authorizationStrategy class="hudson.security.AuthorizationStrategy$Unsecured"/>
  <securityRealm class="hudson.security.SecurityRealm$None"/>
  ...
</hudson>

Has anyone an idea or maybe a valid part of a config.xml?

Aerostatic answered 20/8, 2013 at 10:1 Comment(2)

Please specify version of Jenkins you have. What does "Manage Jenkins" page who to you? – Autophyte 20/8, 2013 at 12:12

geez, if anyone with a port scanner can login remotely as root against your will (when useSecurity is true), then it is a CRITICAL vulnerability – Paphos 13/8, 2020 at 11:12

    <hudson>
      <disabledAdministrativeMonitors/>
      <version>2.130</version>
      <numExecutors>2</numExecutors>
      <mode>NORMAL</mode>
      <useSecurity>true</useSecurity>
      <authorizationStrategy class="hudson.security.FullControlOnceLoggedInAuthorizationStrategy">
        <denyAnonymousReadAccess>true</denyAnonymousReadAccess>
      </authorizationStrategy>
      <securityRealm class="hudson.security.HudsonPrivateSecurityRealm">
        <disableSignup>true</disableSignup>
        <enableCaptcha>false</enableCaptcha>
      </securityRealm>
      ...
    </hudson>

I think you are looking for this as i am able to revert it back to my default config.xml remember always make a backup of config before modifying it. just update those two tags authorizationStrategy & securityRealm and your are good to go. And for further reference check out jenkins_xml_reference

Garpike answered 4/7, 2018 at 19:59 Comment(1)

This should be the answer and remember always make a backup should be in bold – Emetic 20/6, 2019 at 18:42

Don't forget to remove authorizationStrategy and securityRealm as per point #6:

https://wiki.jenkins-ci.org/display/JENKINS/Disable+security

Cohabit answered 20/8, 2013 at 22:8 Comment(0)

<useSecurity>true</useSecurity>

Just change it to False. Then you can access the Jenkins Config from the very beginning.

Silverstein answered 21/8, 2013 at 8:27 Comment(0)

you missed to set the following:

<useSecurity>false</useSecurity>

Door answered 11/1, 2016 at 10:30 Comment(0)

Adding/replacing these three settings to config (~/jenkins_home/config.xml) did the trick (i.e. restored login page after it was gone for good when I changed the <useSecurity>true</useSecurity> to <useSecurity>false</useSecurity> and later restoring it to true did not restore status quo as expected):

      <useSecurity>true</useSecurity>
      <authorizationStrategy class="hudson.security.FullControlOnceLoggedInAuthorizationStrategy">
        <denyAnonymousReadAccess>true</denyAnonymousReadAccess>
      </authorizationStrategy>

Side note: the lock-out happened in my case when I switched from BasicAuth to OAuth forgetting to add a new user to the internal users database managed by Jenkins (that would match the Github username:)

Paphos answered 13/8, 2020 at 11:30 Comment(0)

-1

Even I faced the same issue but later I could figure it out the issue.

we need to remove / at the end of the below line.

<securityRealm class="hudson.security.SecurityRealm$None"/>

it should be <securityRealm class="hudson.security.SecurityRealm$None">

This has worked for me.

Deadlight answered 23/11, 2017 at 9:59 Comment(3)

This does not really answer the question. If you have a different question, you can ask it by clicking Ask Question. You can also add a bounty to draw more attention to this question once you have enough reputation. - From Review – Contreras 23/11, 2017 at 10:42

Hi what you don't understand here – Deadlight 24/11, 2017 at 10:5

well make it clear to you. We need to replace with the below lines in the config.xml file <useSecurity>true</useSecurity> <authorizationStrategy class="hudson.security.AuthorizationStrategy$Unsecured"/> <securityRealm class="hudson.security.SecurityRealm$None"> – Deadlight 24/11, 2017 at 10:8

Recommended topics

Hot tags