Cannot restore Jenkins security after disabling it in config.xml

Question

Yesterday, I locked myself out of jenkins while trying to configure ldap authentication, so I followed the instructions in the wiki and disabled security in the config.xml file via ssh. Now I want to get back to the normal jenkins security, but the possibility is not given under "Configure Jenkins" anymore. So I'm looking for a possibility to restore normal security through the config.xml.

Here is the relevant part of the current config.xml file:

<hudson>
  <disabledAdministrativeMonitors/>
  <version>1.477</version>
  <numExecutors>3</numExecutors>
  <mode>NORMAL</mode>
  <useSecurity>true</useSecurity>
  <authorizationStrategy class="hudson.security.AuthorizationStrategy$Unsecured"/>
  <securityRealm class="hudson.security.SecurityRealm$None"/>
  ...
</hudson>

Has anyone an idea or maybe a valid part of a config.xml?

Answer 1

    <hudson>
      <disabledAdministrativeMonitors/>
      <version>2.130</version>
      <numExecutors>2</numExecutors>
      <mode>NORMAL</mode>
      <useSecurity>true</useSecurity>
      <authorizationStrategy class="hudson.security.FullControlOnceLoggedInAuthorizationStrategy">
        <denyAnonymousReadAccess>true</denyAnonymousReadAccess>
      </authorizationStrategy>
      <securityRealm class="hudson.security.HudsonPrivateSecurityRealm">
        <disableSignup>true</disableSignup>
        <enableCaptcha>false</enableCaptcha>
      </securityRealm>
      ...
    </hudson>

I think you are looking for this as i am able to revert it back to my default config.xml remember always make a backup of config before modifying it. just update those two tags authorizationStrategy & securityRealm and your are good to go. And for further reference check out jenkins_xml_reference

Answer 2

Adding/replacing these three settings to config (~/jenkins_home/config.xml) did the trick (i.e. restored login page after it was gone for good when I changed the <useSecurity>true</useSecurity> to <useSecurity>false</useSecurity> and later restoring it to true did not restore status quo as expected):

      <useSecurity>true</useSecurity>
      <authorizationStrategy class="hudson.security.FullControlOnceLoggedInAuthorizationStrategy">
        <denyAnonymousReadAccess>true</denyAnonymousReadAccess>
      </authorizationStrategy>

Side note: the lock-out happened in my case when I switched from BasicAuth to OAuth forgetting to add a new user to the internal users database managed by Jenkins (that would match the Github username:)

Answer 3

Even I faced the same issue but later I could figure it out the issue.

we need to remove / at the end of the below line.

<securityRealm class="hudson.security.SecurityRealm$None"/>

it should be <securityRealm class="hudson.security.SecurityRealm$None">

This has worked for me.

Answer 4

you missed to set the following:

<useSecurity>false</useSecurity>

Answer 5

Don't forget to remove authorizationStrategy and securityRealm as per point #6:

https://wiki.jenkins-ci.org/display/JENKINS/Disable+security

Answer 6

<useSecurity>true</useSecurity>

Just change it to False. Then you can access the Jenkins Config from the very beginning.