CODEWITHSUNDEEP
jenkinsjenkins-pipelinehttprequestsaml-2.0
Girish
Girish

Reputation: 201

SAML Authentication accessing Blackduck REST API in Jenkins

I am trying to call Blackduck REST API from Jenkins Declarative pipeline As the blackduck is first authenticated using SAML from login.microsoftonline.com and then submits the request and provides response. If browser is used to access https://blackduckxxx.com/api/projects?q=name:myproject, it asks first login to my SSO (user name and password) and then redirects to display the API results. API token is also used here.

If I try access the same API from Jenkins pipeline, I get below response

   <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
    <head>
        </head>
    <body onload="document.forms[0].submit()">
        <noscript>
            <p>
                <strong>Note:</strong> Since your browser does not support JavaScript,
                you must press the Continue button once to proceed.
            </p>
        </noscript>

        <form action="https&#x3a;&#x2f;&#x2f;login.microsoftonline.com&#x2f;222fcaf7-15d0-455f-97e1-8fda2eaad539&#x2f;saml2" method="post">
            <div>

                <input type="hidden" name="SAMLRequest" value=".............."/>                

            </div>
            <noscript>
                <div>
                    <input type="submit" value="Continue"/>
                </div>
            </noscript>
        </form>
            </body>
</html>

Tried to pass username and password in the url such as 

    https://blackduckxxx.com/api/projects?q=name:myprojects&user=me&password=mypwd

However it did not work.

```` Jenkins pipeline

    stage("OC login"){
            steps{
                script{
                def bdUrl = 'https://blackduckxxx.com'
                def bdApi = '/api/projects' 
                def params = 'name:myproject'
                def bdUrlRequestProjectID = bdUrl + bdApi + "?q=" + params
                 println("bdUrlRequestProjectID is ${bdUrlRequestProjectID}")

                def response = httpRequest authentication: 'login-microsoft', acceptType: 'APPLICATION_JSON',httpMode: 'GET',consoleLogResponseBody: true, url: "${bdUrlRequestProjectID}", customHeaders: [[name: 'X-CSRF-TOKEN', value: 'xxxxxx']] 



                }
            }

        }
    }
    }

Expected result is to fetch the project name standard response from Blackduck API

Upvotes: 0

Views: 1507

Answers (1)

Girish
Girish

Reputation: 201

This is resolved by using bearer token and curl commandRefer below

 def bearerToken
        script.withCredentials([script.usernamePassword(credentialsId: "blackDuckAuthentication", usernameVariable: 'username', passwordVariable: 'bdToken')]) {
            def json_BearerToken = script.sh(script: "curl -s -X POST -H 'Authorization: token ${script.bdToken}' -H 'cache-control: no-cache' 'https://blackduckxxx.com/api/tokens/authenticate'", returnStdout: true)
            bearerToken = new JsonSlurperClassic().parseText(json_BearerToken).get("bearerToken").trim()
 def json_Projects = script.sh(script: "curl -X GET -H 'Accept: application/json' -H 'Authorization: Bearer ${bearerToken}' 'https://blackduckxxx.com/api/projects'", returnStdout: true)

Upvotes: 2

Related Questions