How to pass crumb info via bitbucket-hook to jenkins?

Asked 2/6, 2019 at 16:36 Answered 16/6, 2022 at 10:5

Solved jenkins bitbucket devops bitbucket-pipelines

curl -X POST http://xxx.yyy.zzz:5555/job/job-name/build --user john-devops-jenkins:11df3ed41129c5c7da1518e9c3149896de -H 'Jenkins-Crumb:31827a74a160347a641c87ddbc8e3b6e'

The above curl code with a post request is absolutely working fine in triggering the Jenkins build.

Tried:

Error: No valid crumb was included in the request

No luck still, How to configure bitbucket hook to container header information of crumb or how to pass it via url without relying on third party plugins?

Antoine answered 2/6, 2019 at 16:36 Comment(1)

You can use API token instead. – Quimby 4/3, 2023 at 17:43

I am late here, but coming with the second edition of my answer for the folks who were blocked due to Jenkins's latest updates.

Now, with the latest Jenkins latest changes the Bitbucket webhook url looks as below:

http://jenkins-username:token-generated-for-loggedin-user@url:port/job/job-name/build?crumb=Jenkins-Crumb:crumb_long_token

Crumb long token can be generated using the below command:

wget -q --auth-no-challenge --user jenkins-username --password jenkins-password --output-document - 'http://jenkins-url:8081/crumbIssuer/api/xml?xpath=concat(//crumbRequestField,":",//crumb)'

The output will be: Jenkins-Crumb:6f2dcf2182efd19511b2ebf7b787e%

To fetch token-generated-for-loggedin-user

You must create it going to:

http://jenkins-url:8081/user/jenkins-username/configure

In API Token, Click Generate. Once the token is Generated, save it somewhere. The same should be passed to the URL that we form later.

You can verify coming back to this URL: http://jenkins-url:8081/user/jenkins-username/configure, you will notice how many times that token was used for correct configuration.

There are a few more changes that you should do along with this.

You must install: Bitbucket, bitbucket-pipeline, strict crumb issuer plugins from Manage Jenkins

Finally, GoTo:

http://jenkins-url:8081/configureSecurity/

And in CSRF Protection

Change Default Crumb Issuer to Strict Crumb Issuer

Strict Crumb Issuer is what we installed above

A lot of effort in the investigation made this change work. Hope this helps and unblocks.

Antoine answered 5/12, 2021 at 19:45 Comment(2)

@Mithun, Its not still working for me. My url is somewhat like this

http://gwpdev:[email protected]:8080/job/gwp-master/build?crumb=Jenkins-Crumb:c202d320d8260d4b04d885169d1e76d4d1eda86b3edcbf405460f01de48497300f4864b814408721ea9f1a1a24312d1b128dc4e3cafcc734a8d2cef1b627c72b

. Installed all stated plugins and made changes as per your answer but no success. My jenkins version is 2.319.3 – Dolores 31/3, 2022 at 16:18

@AmitKumarJain - i am using Jenkins 2.323v and it works – Antoine 4/5, 2022 at 14:53

After a day of effort and brainstorming of how curl requests execute, finally resolved this issue by configuring bitbucket webhook as below:

http://jenkins-username:jenkins-password@jenkins-url:5555/job/job-name/build?crumb=crumb_token.

Hope it helps, many questions are unanswered and all are suggesting to use third party or generic-web-hooks and so on.

The CRUMB_TOKEN is nothing but AUTHENTICATION_TOKEN which we generate through Jenkins configuration

Follow these steps below to get authentication token:

Log in to Jenkins.
Click your name.
Click Configure.
Click Show API Token.

Do not get confuse with this URL: JENKINS_URL/job/policy-vault/build?token=TOKEN_NAME which is mentioned next to Trigger builds remotely input option

The correct URL which should be configured to build remotely is as below:

http://jenkins-username:[email protected]:5555/job/project-id/build?crumb=AUTHENTICATION_TOKEN

The Webhooks should also be configured from Bitbucket

Settings -> Repository Settings -> Webhooks

Title: PROJECT-XYZ-HOOK

URL: http://jenkins-username:[email protected]:5555/job/project-id/build?crumb=AUTHENTICATION_TOKEN

Antoine answered 3/6, 2019 at 16:2 Comment(3)

I don't understand how this solves the issue of bitbucket @Mithun Shrevatsa. Can you provide an example with dummy url data instead of place holders? I have a a url like https:jenkins.myorg.com/bitbucket-hook How do I add the crumb and add it to my bitbucket webhook? – Anion 11/10, 2019 at 19:55

@Mithun shrevatsa . Have tried in above format also, still getting error – Customable 30/11, 2020 at 13:20

Hope this helps: middlewareinventory.com/blog/jenkins-remote-build-trigger-url – Antoine 29/5, 2021 at 11:3

I am using jenkins 2.350, and it worked for me, thanks Mithun. just need to update the following part as it took a while for me to work it out.

Crumb long token can be generated using the below command:

Open the this link in browser; JENKINS_URL:PORT/crumbIssuer/api/xml you will get;

crumb:f5a4de9c398c97d178d2bb4~~~58ee3420a1d5e91ce2a773251a092832ae116c49442007e211bac4d2cd4b07ac968783445cd49411####6cd59d6af3df1d41bf

crumbRequestField: Jenkins-Crumb

Hence your long Crumb would be as:

Jenkins-Crumb: f5a4de9c398c97d178d2bb4~~~58ee3420a1d5e91ce2a773251a092832ae116c49442007e211bac4d2cd4b07ac968783445cd49411####6cd59d6af3df1d41bf

Now add the above Crumb in the following URL at the end.

http://jenkins-username:token-generated-for-loggedin-user@url:port/job/job-name/build?crumb=Jenkins-Crumb:crumb_long_token

Rest just follow as Mithun said, Thanks

Pustulant answered 16/6, 2022 at 10:5 Comment(0)

Recommended topics

Hot tags