```$ vendor/bin/console scheduler:resume Code bucket: EN | Store: EN | Environment: demooutlet Sched

UK5DS29L2

$ vendor/bin/console scheduler:resume
Code bucket: EN | Store: EN | Environment: demooutlet
Scheduler Name: jenkins
Scheduler Status: ERROR
Client error: `POST http://<URL>:8080/job/EN__check-product-validity/enable` resulted in a `403 Forbidden` response:
<html>
<head>
<meta http-equiv="Content-Type" content="text/html;charset=utf-8"/>
<title>Error 403 No valid crumb was in (truncated...)

New scheduler 1.1.0 release didn't fix the crumb issue, what I should be looking at? is there a doc how to set up the jenkins for this to work?

Valerii Trots

Hi Jan, please check that you have SchedulerJenkinsConfig::SCHEDULER_JENKINS_CSRF_ENABLED => true in your config.

$config[SchedulerJenkinsConstants::JENKINS_CONFIGURATION] = [
    SchedulerConfig::SCHEDULER_JENKINS => [
        SchedulerJenkinsConfig::SCHEDULER_JENKINS_BASE_URL => '<http://some.jenkins.url/>',
        SchedulerJenkinsConfig::SCHEDULER_JENKINS_CSRF_ENABLED => true,
    ],
];

UK5DS29L2

I do have, except I use credentials here

UK5DS29L2

$config[SchedulerJenkinsConstants::JENKINS_CONFIGURATION] = [
    SchedulerConfig::SCHEDULER_JENKINS => [
        SchedulerJenkinsConfig::SCHEDULER_JENKINS_BASE_URL => 'http://<HOST>:8080/',
        SchedulerJenkinsConfig::SCHEDULER_JENKINS_CREDENTIALS => ['<USER>', '<PWD>'],
        SchedulerJenkinsConfig::SCHEDULER_JENKINS_CSRF_ENABLED => true
    ],
];

Valerii Trots

What Crumb Algorithm is in use?
This one was in use for the developer who was fixing the issue.

UK5DS29L2

mine is latest Jenkins ver. 2.222.3 (LTS), is yours latest?

Valerii Trots

This image has been used for local development - https://hub.docker.com/layers/jenkinsci/blueocean/latest/images/sha256-51c4b7ce0f9c64d76a28cfc37ac9af5e27a5087c9ff4f7f0514005a4fd678215?context=explore

According to the info, it's 2.222.3.

UK5DS29L2

but that's not what's on your screen, since CSRF disable checkbox has been removed in 2.222

Valerii Trots

Well, the screenshot he just made is from his current local setup with default jenkins image that is used in spryker/docker-sdk.

Valerii Trots

Feel free to re-open the ticket in case it won't work for you. Unfortunately I can't check myself as I have some stuff in my queue.

USZ0X9ZB9

I’m experiencing the same issue, seems like there was a change in how the crumb is validated and it will not work without keeping the session after receiving the crumb: https://www.jenkins.io/security/advisory/2019-07-17/#SECURITY-626
CSRF tokens will now also check the web session ID to confirm they were created in the same session. Once that's invalidated or expired, corresponding CSRF tokens will become invalid as well.

USZ0X9ZB9

You can either use an API token or disable that security feature like its explained here: https://www.jenkins.io/doc/upgrade-guide/2.176/#upgrading-to-jenkins-lts-2-176-2

Valerii Trots

Hi Jan, sorry that it takes so much time from our side.
I'm checking provided fix once again with your input regarding Jenkins credentials.

So I'm using v2.222.4.
I created a user.
I modified config to use user\password like SchedulerJenkinsConfig::SCHEDULER_JENKINS_CREDENTIALS => ['valerii', 'change123'], and everything works in Jenkins.

Maybe I'm doing something wrong?

Valerii Trots

Do I need to disable an access for everyone except my user somewhere?

UK5DS29L2

1. is CSRF enabled on both jenkins admin and spryker?
2. is scheduler:setup working ok?
3. can you clone spryker-shop/suite, do a composer update and check if it still works?

Valerii Trots

Ok, disabled Jenkins for anyone except registered users.
My settings are as follows.

Valerii Trots

With commented out credentials I get an error.
With not commented out I get no errors.

Valerii Trots

can you clone spryker-shop/suite, do a composer update and check if it still works?

Composer update brought only two updates. Afterwards scheduler commands were still working.

Valerii Trots

@UK5DS29L2 Can I somehow help you here? Do I do something wrong? I was checking using docker. Should I check in Vagrant?
I have no choice but to close the support ticket.

UK5DS29L2

@valerii.trots no, I didn't have time to check those yet, sorry. Will do this week and let you know.

Valerii Trots

Ok, thanks, will wait for your feedback! 🙂

UK5DS29L2

@valerii.trots set up new environment today, same issue.

APPLICATION_STORE=AT vendor/bin/console scheduler:setup
Code bucket: AT | Store: AT | Environment: livebrand
Scheduler Name: jenkins
Scheduler Status: ERROR
Client error: `POST http://<URL>:8080/createItem?name=AT__check-product-validity` resulted in a `403 Forbidden` response:
<html>
<head>
<meta http-equiv="Content-Type" content="text/html;charset=utf-8"/>
<title>Error 403 No valid crumb was in (truncated...)

UK5DS29L2

when credentials are incorrect, I'm getting

Spryker\Zed\SchedulerJenkins\Business\Api\Exception\InvalidJenkinsConfiguration - Exception: Cannot generate CSRF token. Please check that CSRF protection is enabled on Jenkins server. 

so the above (No valid crumb was in) in only happening when credentials are correct

UK5DS29L2

this is on

"name": "spryker/scheduler",
"version": "1.1.0",

Valerii Trots

Can we have a call somewhere to check what I'm doing wrong? In this slack it's impossible to share the screen, so I would prefer something like google meet or zoom, or microsoft teams even. 🙂

UK5DS29L2

sure, feel free to let me know when it fits you starting tomorrow and I'll book some time for you 🙂

Valerii Trots

My schedule is free tomorrow and the day after tomorrow, so any time that fits you. 🙂

Valerii Trots

<mailto:valerii.trots@spryker.com|valerii.trots@spryker.com>