Upgrade from 2.204.6 to 2.289.3 failed on CSRF

Using Jenkins
1

Due to an unplanned restart of Jenkins v2.204.6, several plugins were upgraded and I have a long list of not loaded plugins. This made all pipelines not visible in Jenkins, they cannot be started from outside, but the pipelines are still on server.
I downloaded war for v2.289.3 (this is still Java1.8?) and for the new installation UI is available, but I cannot login to manage Jenkins - I get always “HTTP Error 403: No valid crumb was included in the request”.
My user is in Active Directory and I have admin privileges.

I have tried:

  1. I have run both statements on the Jenkins server, using my credentials.
    curl -kv -X GET https://:443/crumbIssuer/api/json --user :
    curl -kX POST https://:443/manage --user : -H 'Jenkins-Crumb: ’
    The second did not really succeed, got Invalid crumb every time. I still could not login.

  2. java -Dhudson.security.csrf.DefaultCrumbIssuer.EXCLUDE_SESSION_ID=true -jar jenkins.war

  3. java -DDhudson.security.csrf.GlobalCrumbIssuerConfiguration.DISABLE_CSRF_PROTECTION=true
    This process has taken a lot of time, with a lot of errors, so I have aborted it, but after this I did not have crumb problem anymore, but invalid username or pwd.

  4. here spinnaker - Jenkins: 403 No valid crumb was included in the request - Stack Overflow I found something regarding tokens, but could not follow these instructions

  5. I restored backup from before Jenkins restart, but as the server went up, Jenkins restarted again. So I am now in the same situation, v2.204.6 and many plugin dependencies and downstream dependency errors…

Please help me with an idea, flow, how can I solve this? I believe that the best way is to upgrade Jenkins, but how can I get my pipelines back, how to go to Manage and examine plugins?

Thanks in advance!

2

The crumb is only needed if you use username:password instead of username: apikey which is the recommended solution.

I will say that I know for certain active directory plugin is one of plugins that is required to be updated in newer versions of jenkins.

3

Thank you very much @halkeye , indeed, the AD plugin was the key to these issues.

To my login problem after upgrade to v2.289.3 (where I could not access Manage Jenkins), this was the solution:

Note: config.xml should be saved before and then merged into the new one after restart Jenkins.

Also we have used username:APItoken to invoke a pipeline, everything seems to be working now.

Best Regards!

1 Like
4

Hi,

Same error I’m getting when i click save and apply button after i changes on Manage and Assign roles —>Assign Roles—> doing some changes like providing access to user for project —>Click save and Apply i’m getting
I get always “HTTP Error 403: No valid crumb was included in the request”. and i have Admin access as well.

Please let me know what was the cause for this error and fix please. i have been trying all the option but couldn’t solve this error. It’s blocking me and it’s priority.

5

Hi,
Please reply on this and provide the solution.

6

Good Morning @degasuresh,
I am the person who asked the above question and I can only tell you about my case, which I see, is different from your case, as you apparently can work normally in every other aspect, just not save Roles.
It helped me to upgrade Active Directory plugin, maybe you will also need to upgrade Role-based Authorization Strategy, or some other related plugin?
Also, it can help not to login to Jenkins with admin_username and password, but with admin_username and TOKEN.

This ticket is closed 8 months ago, if you would like an expert answer from Jenkins community, I assume it is better to open a new ticket, giving link to this one.

I wish you good luck in resolving your issue.

1 Like
7

Welcome back Maria, and thanks for your feedback. :+1:

1 Like