How to generate an API Token when Jenkins is configured with SAML authentication


We are running the Jenkins with the SAML authentication. Now, we are trying to extract build user info from Jenkins buildURL xmi path by authenticating with the jenkins server. I created api token using my user and now using it for every build to communicate with buildURL job.

Is there any way, we can create a common api credential to authenticate with Jenkins. Or any another method to authenticate with the jenkins api instead of using personal api token.


not really, each auth plugin creates and manages users on their own, and afaik saml doesn’t provide a way to create a local user. Some have had luck switching to local auth, creating a user, then switching back

You could make a custom plugin (there are a few plugins already that extract some of the build cause info into env variables) or a shared library function that calls User (Jenkins core 2.336 API). and returns whatever info you need.

Thanks @halkeye for your reply.
Yeah, I thought about the switching but didn’t find any admin user. So, I’m not sure how to login if SAML is not there and don’t want to test the luck on it. :slight_smile:

I tried some available plugin like “build user vars” but the plugin not able to capture the user email address when build is trigger by SCM webhook. So, still need to get build user info from the Jenkins buildurl api.

I will have a look around further if able to do some work around.

those seem mutually exclusive. if its triggered by scm, then the “user” is scm. if its triggered by a user, then its a user.

Do you mean you want the email of the last scm commit? you can do something like script { email = sh(script: "git show -s --format='%ae' HEAD", returnStdout: true).trim() }

Yes right, I’m using this plugin “” which is using the calls Class User which you mentioned but when the user is SCM, it’s not able to get the details as trigger by SCM instead of Jenkins User.

Currently, I’m using the api token to get the xml data from Jenkins buildURL path and trim to extract the user info (name & email) to send some like vuln/failed when build is trigger by SCM. Each commit is trigger the build and get the details from the commitID which is available in Jenkins buildURL xml/json path .

Not sure, is there any better way to extract the SCM details rather than hitting the jenkins api.

If I am understanding this correctly, you are trying to read cause data for builds from outside Jenkins. This is exactly what API tokens are designed to do, however an alternative is to PUSH the data into some sort of a database and then query it there