7

Update:

I succesfuly sent a post request from curl to trigger jenkins job:

curl -I -X POST http://jenkinsAccountUserName:jenkinsAccountPassword@JenkinsIp:8080/job/projecty_ci/build -H "Jenkins-Crumb:a4fb99fbdb252fda3cc69ee575bedabc"

I don't understand how to convert this to a url: Problem accessing /job/projecty_ci/build. Reason: No valid crumb was included in the request.

http://jenkinsAccountUserName:jenkinsAccountPassword@JenkinsIp:8080/job/projecty_ci/build?Jenkins-Crumb:a4fb99fbdb252fda3cc69ee575bedabc

this works fine from chrome but not from bitbucket webhooks.

What is the problem?

I created a job in jenkins which I can successfuly trigger by url.

When I'm triggering the same job from bitbucket's webhook, I get the error: Problem accessing /job/projecty_ci/build. Reason: No valid crumb was included in the request.

enter image description here

enter image description here

Stav Alfi
  • 13,139
  • 23
  • 99
  • 171

6 Answers6

5

Try to generate a CSRF token for use in your in your API requests.

  • GOTO: Jenkins > Manage Jenkins > Configure Global Security and enable Prevent Cross Site Request Forgery exploits.
  • Select Default Crumb Issuer from Crumb Algorithm and save to apply changes and enable.

Remote access API

You can get the crumb by calling the jenkins api and using it in your URL.

For curl/wget you can obtain the header needed in the request from the URL JENKINS_URL/crumbIssuer/api/xml (or .../api/json). Something like this:

wget -q --auth-no-challenge --user USERNAME --password PASSWORD --output-document - \
'JENKINS_URL/crumbIssuer/api/xml?xpath=concat(//crumbRequestField,":",//crumb)'

This will print something like ".crumb:1234abcd", which you should add to the subsequent request.

Administer a Build

NOTE: To prevent CSRF, Jenkins require POST requests to include a crumb, which is specific to each user. The command to obtain the crumb is:

SERVER=http://localhost:8080
    CRUMB=$(curl --user $USER:$APITOKEN \
        $SERVER/crumbIssuer/api/xml?xpath=concat\(//crumbRequestField,%22:%22,//crumb\))

Start a build

$ curl -H ".crumb:<crumb_string>" -X POST http://<jenkins_url>/job/<job_name>/build --user <user_name>:<api_token>
SoftwareCarpenter
  • 3,835
  • 3
  • 25
  • 37
0

I may not be directly solving your issue here but wanted to share that we have managed to trigger a Jenkins job successfully by following the instructions on https://support.cloudbees.com/hc/en-us/articles/226568007-How-to-Trigger-Non-Multibranch-Jobs-from-BitBucket-Server-

The plugin that we use on BitBucket server is https://marketplace.atlassian.com/plugins/com.nerdwin15.stash-stash-webhook-jenkins/server/overview

Amit
  • 1,006
  • 1
  • 7
  • 13
  • Thanks for the quick answer but I can't use any plugings inside bitbucket. So must implement the communicating by my self. – Stav Alfi Dec 09 '17 at 14:31
0

I am a bit late here, I was facing the same problem and I configured the webhook URL like this below to work for me:

http://jenkins-username:jenkins-password@jenkins-url:5555/job/job-name/build?crumb=crumb_token.

Ref Question: How to pass crumb info via bitbucket-hook to jenkins?

Hope it helps!

Mithun Shreevatsa
  • 3,588
  • 9
  • 50
  • 95
  • Is this still working ? I'm not able to perform a webhook without having a "403 No valid crumb was included in the request". I'm with Jenkins 2.235. 5and BitBucket v5.13.1. – fmdaboville Sep 09 '20 at 15:17
  • Have tried . still getting same error "403 No valid crumb was included in the request". – krishna Nov 30 '20 at 13:09
0

With my Jenkins version 2.365 , and with the help of previous answers, I have created the request as follow, and it worked fine.

The URL you put in Bitbucket web hook URL field will be as follow:

http://<jenkins-user>:API_TOKEN@<jenkins-url>:<jenkins-port>/job/<jenkins-job-id>/build

Generate API token from Jenkins

  • In Jenkins click on the user name upper right -> Configure

  • Go to API Token section and generate API_TOKEN as shown below enter image description here

  • Copy this key, you need to use it in the request (replace in API_TOKEN field above)

user1314742
  • 2,865
  • 3
  • 28
  • 34
0

I found this error differently.

Scenario:

I have bitbucket repo which actually trigger jenkins pipeline in case of push, pull, Pull request creation and Pull Request merge.

Solution First step i created Personal Access Token in Jenkins Configure -> API Token (Create New API Token)

Now goto Bitbucket Repository

Repository Settings -> Webhooks -> Repository hooks (Create a new Hook)

In the Hook we need to pass Jenkins Personal Access Token and along with Username

Below is the sample URL.

http://JenkinsUser:JenkinsPersonalAccessToken@Jenkins.localhost.com:8080/job/dockerapi-pipeline/build?token=PipelineToken

Mansur Ul Hasan
  • 2,898
  • 27
  • 24
0

You can disable CSRF and use an API token instead for authentication.

  1. Go to /manage/script and run

hudson.security.csrf.GlobalCrumbIssuerConfiguration.DISABLE_CSRF_PROTECTION=true

  1. Generate an API token by

Manage Jenkins > Manage Users > Add new token

  1. Bitbucket webhook URL should look like this

https://admin:{your-newly-generated-jenkins-token}@{your jenkin server ip address}/job/{jenkins_job_id}/build/

*Don't forget to add the forward slash at the end of the URL

kta
  • 19,412
  • 7
  • 65
  • 47