It looks security feature included in *2.263.1(LTS) version,**and that required authentication even for tomcat.*
1) Under Configure Global security --> CSRF Protection -->Enable proxy compatibility( Tick marked Enabled). 2) hudson.security.csrf.GlobalCrumbIssuerConfiguration.DISABLE_CSRF_PROTECTION = true 3) Installed the Strict Crumb Issuer plugin. Enabled this plugin and uncheck Check the session ID from its configuration (Under Jenkins Configure Global Security). 4) Restated the Jenkins. Have tried above workaround, however it didn't help. Any other pointer to solve this would be helpful. On Fri, 19 Feb 2021, 11:18 am Mark Waite, <[email protected]> wrote: > You may need to investigate the settings on your tomcat server. I would > guess that it is somehow disrupting the flow of the crumb from Jenkins to > the browser or from the browser to Jenkins. I don't run Jenkins in tomcat, > so I have no experience with diagnosing issues in tomcat. > > On Thu, Feb 18, 2021 at 10:35 PM Mk <[email protected]> wrote: > >> Thanks Mark. I have uninstalled the *MultiSCM plugin* and restarted the >> service. However still i am experiencing the same problem*. (**Manage >> Jenkins* --> *Configure Systems* section post any modification if i >> click save button it fails). Now from systems log i can below above >> errors disappeared. >> >> Feb 19, 2021 10:56:05 AM WARNING hudson.security.csrf.CrumbFilter doFilter >> No valid crumb was included in request for /jenkins/configSubmit by >> vasanth.guru. Returning 403. >> >> On Friday, February 19, 2021 at 10:31:23 AM UTC+5:30 Mark Waite wrote: >> >>> That null pointer exception seems likely to have been caused by one of >>> the plugins that was updated. Since it is mentioning LibraryConfiguration, >>> SCMRetriever, and MultiSCM, you might first look at the >>> workflow-cps-global-lib and the multiple-scms plugin to see if either of >>> them were recently upgraded. >>> >>> The MultipleSCMs plugin has been deprecated. Jenkins Pipeline is the >>> better way to implement multiple SCM support from within a single job. >>> >>> Mark Waite >>> >>> On Thu, Feb 18, 2021 at 9:47 PM Mk <[email protected]> wrote: >>> >>>> >>>> Hello Jenkins Community team, >>>> >>>> I am using *Jenkins - 2.263.1(LTS)* deployed through tomcat. >>>> >>>> I have upgraded few of the plugins yesterday since then i am facing >>>> following issue whenever i modify any settings under *Manage Jenkins* >>>> --> *Configure Systems* section if i click save button. it takes few >>>> mins and throws the below error. >>>> >>>> HTTP Status 403 – Forbidden >>>> Type Status Report >>>> Message No valid crumb was included in the request >>>> Description The server understood the request but refuses to authorize >>>> it. >>>> Apache Tomcat/9.0.30 >>>> >>>> From jenkins systems log below message shown. >>>> >>>> Feb 18, 2021 7:52:13 AM WARNING >>>> hudson.ExpressionFactory2$JexlExpression evaluate >>>> >>>> Caught exception evaluating: h.filterDescriptors(it,attrs.descriptors) >>>> in /jenkins/configure. Reason: java.lang.NullPointerException: Descriptor >>>> list is null for context 'class hudson.model.Hudson' in thread 'Handling >>>> GET /jenkins/configure from 206.25.26.27 : http-nio-8080-exec-2 >>>> Jenkins/configure.jelly GlobalLibraries/config.jelly >>>> LibraryConfiguration/config.jelly SCMRetriever/DescriptorImpl/config.jelly >>>> MultiSCM/DescriptorImpl/config.jelly' >>>> java.lang.NullPointerException: Descriptor list is null for context >>>> 'class hudson.model.Hudson' in thread 'Handling GET /jenkins/configure from >>>> 206.25.26.27 : http-nio-8080-exec-2 Jenkins/configure.jelly >>>> GlobalLibraries/config.jelly LibraryConfiguration/config.jelly >>>> SCMRetriever/DescriptorImpl/config.jelly >>>> MultiSCM/DescriptorImpl/config.jelly' >>>> at >>>> hudson.model.DescriptorVisibilityFilter.apply(DescriptorVisibilityFilter.java:73) >>>> at hudson.Functions.filterDescriptors(Functions.java:2122) >>>> at sun.reflect.GeneratedMethodAccessor308.invoke(Unknown Source) >>>> at >>>> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) >>>> at java.lang.reflect.Method.invoke(Method.java:498) >>>> >>>> Under *Configure Global security --> CSRF Protection -->Enable proxy >>>> compatibility*(Enabled). Still same problem persists. Therefore please >>>> help me to solve this issue. >>>> >>>> Thanks in advance. >>>> >>>> -- >>>> You received this message because you are subscribed to the Google >>>> Groups "Jenkins Users" group. >>>> To unsubscribe from this group and stop receiving emails from it, send >>>> an email to [email protected]. >>>> To view this discussion on the web visit >>>> https://groups.google.com/d/msgid/jenkinsci-users/5813788e-3157-45f5-b2d4-f906b3ce8228n%40googlegroups.com >>>> <https://groups.google.com/d/msgid/jenkinsci-users/5813788e-3157-45f5-b2d4-f906b3ce8228n%40googlegroups.com?utm_medium=email&utm_source=footer> >>>> . >>>> >>> -- >> You received this message because you are subscribed to the Google Groups >> "Jenkins Users" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected]. >> To view this discussion on the web visit >> https://groups.google.com/d/msgid/jenkinsci-users/3f23087f-d1cd-4fbb-9a6b-30d4bf96dafbn%40googlegroups.com >> <https://groups.google.com/d/msgid/jenkinsci-users/3f23087f-d1cd-4fbb-9a6b-30d4bf96dafbn%40googlegroups.com?utm_medium=email&utm_source=footer> >> . >> > -- > You received this message because you are subscribed to a topic in the > Google Groups "Jenkins Users" group. > To unsubscribe from this topic, visit > https://groups.google.com/d/topic/jenkinsci-users/AXmM72EnnaU/unsubscribe. > To unsubscribe from this group and all its topics, send an email to > [email protected]. > To view this discussion on the web visit > https://groups.google.com/d/msgid/jenkinsci-users/CAO49JtGYgfHx6S5V2VseOCe0rkSLE4Nj1fCJSAmSwgcq4vqQ9w%40mail.gmail.com > <https://groups.google.com/d/msgid/jenkinsci-users/CAO49JtGYgfHx6S5V2VseOCe0rkSLE4Nj1fCJSAmSwgcq4vqQ9w%40mail.gmail.com?utm_medium=email&utm_source=footer> > . > -- You received this message because you are subscribed to the Google Groups "Jenkins Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/CA%2B4Hw5aaB3qdFW7hkzoRmbm%3DyoMVaC0uMEWPM%3DEBCt2x0SMdog%40mail.gmail.com.
