Service(s)

Artifactory

Summary

We recently (past 2 weeks) had a lot of contribuotr users failing to release their plugin due to an authentication problem in Artifactory (repo.jenkins-ci.org): HTTP/401 answered.

• All accounts are valid LDAP accounts (all users have successfully logged-in on accounts.jenkins.io and/or issues.jenkins.io as a technical proof)
• The HTTP/401 happens when logging-in in the Artifactory UI, when using the Artifactory API and also when releasing manually a plugin (with the LDAP credentials set up in the Maven's settings.xml).
  • No HTTP/401 happens when using the "CD" process from JEP-299 as it uses short-lived access tokens

The solution is to update user configuration in Artifactory itself (a "proxy" user is created inside Artifactory database when a LDAP account logs in the first time) by setting the boolean attribute "Disable Internal Password" to true to force Artifactory considering only the LDAP system for password instead of checking the "proxy" user local password (??) as described by #3680 (comment).

The following cases where treated with this problem:

• Cannot log into JFrog Artifactory anymore #3680
• 401 from repo.jenkins-ci.org #3685
• unable to auth to artifactory (via UI) #3691
• 401 Unauthorized on repo.jenkins-ci.org #3693
• Cannot log into JFrog Artifactory #3698
• Cannot log into JFrog Artifactory anymore #3699
• https://groups.google.com/g/jenkinsci-dev/c/NTLxzpTi0IQ
• https://groups.google.com/g/jenkinsci-dev/c/gQ67mJrXwis

This issue is to track the actions required to fix all users:

• Contacting JFrog about this behavior to have their recommendation and diagnostic
• And/or doing a batch script using the Artifactory API to force this attribute to true to all users
• And finding a solution to force this setting to "true" (otherwise we'll keep having it over time)

Reproduction steps

No response