Jenkins: 403 No valid crumb was included in the request

Balkrishna picture Balkrishna · Jun 23, 2017 · Viewed 118.4k times · Source

I configured jenkins in spinnaker as follows and setup spinnaker pipeline.

 jenkins:
    # If you are integrating Jenkins, set its location here using the baseUrl
    # field and provide the username/password credentials.
    # You must also enable the "igor" service listed separately.
    #
    # If you have multiple jenkins servers, you will need to list
    # them in an igor-local.yml. See jenkins.masters in config/igor.yml.
    #
    # Note that jenkins is not installed with Spinnaker so you must obtain this
    # on your own if you are interested.
    enabled: ${services.igor.enabled:false}
    defaultMaster:
      name: default
      baseUrl: http://server:8080
      username: spinnaker
      password: password

But I am seeing following error when trying to run spinnaker pipeline.

Exception ( Start Jenkins Job ) 403 No valid crumb was included in the request

Answer

Santosh Kumar Arjunan picture Santosh Kumar Arjunan · Feb 18, 2019

Finally, this post helped me to do away with the crumb problem but still securing Jenkins from CSRF attack.

Solution for no-valid crumb included in the request issue

Basically, we need to first request for crumb with authentication and then issue POST api calls with crumb as a header along with authentication again.

This is how I did it,

curl -v -X GET http://jenkins-url:8080/crumbIssuer/api/json --user <username>:<password>

Response was,

{
"_class":"hudson.security.csrf.DefaultCrumbIssuer",
"crumb":"0db38413bd7ec9e98974f5213f7ead8b",
"crumbRequestField":"Jenkins-Crumb"
}

Then the POST api with above crumb information in it.

curl -X POST http://jenkins-url:8080/job/<job-name>/build --user <username>:<password> -H 'Jenkins-Crumb: 0db38413bd7ec9e98974f5213f7ead8b'