Jenkins Slave using JNLP requires security prompt Jenkins Slave using JNLP requires security prompt jenkins jenkins

Jenkins Slave using JNLP requires security prompt


java jenkins continuous-integration automated-tests jnlp

The solution to this problem is to use the Deployment Rule Set. The main difficulty is to create and store certificates at the right place.

This is step by step guide to solve the above mentioned problem

  1. Install Java SDK (v7)

  2. Generate Self Signed CA, 50 years valid:

    "C:\Program Files\Java\jre7\bin\keytool.exe" -genkeypair -alias selfsigned -keyalg RSA -keypass changeit -keystore identity.jks -storepass changeit -startdate "2000/01/01 00:00:00" -validity 18262 -keysize 2048

  3. To extract the certificate from the keystore, use this command:

    "C:\Program Files\Java\jre7\bin\keytool.exe" -exportcert -alias selfsigned -file Our_CA.cer -keystore identity.jks -storepass changeit

  4. Created ruleset.xml as ANSI file (e.g. use Notepad++):

    <ruleset version="1.0+"> <rule> <id location="http://url.to.web.server" /> <action permission="run" /> </rule> <rule> <id /> <!-- The last rule is the default policy and the id should be blank. --> <action permission="default" /> </rule></ruleset>

  5. Convert ruleset.xml to jar file:

    "C:\Program Files\Java\jdk1.7.0_67\bin\jar.exe" -cvf DeploymentRuleSet.jar ruleset.xml

  6. Sign the jar DeploymentRuleSet.jar

    "C:\Program Files\Java\jdk1.7.0_67\bin\jarsigner.exe" -keystore "identity.jks" -signedjar "DeploymentRuleSet.jar" DeploymentRuleSet.jar selfsignedverify jar:"C:\Program Files\Java\jdk1.7.0_67\bin\jarsigner.exe" -verify -keystore "identity.jks" -verbose -certs DeploymentRuleSet.jar

Switch to the PC where the JNLP app should be launched

  1. Copy signed DeploymentRuleSet.jar to C:\Windows\Sun\Java\Deployment

    Folder has to be created on Win7/32.

  2. Cleanup C:\Users\\AppData\LocalLow\Sun and C:\Jenkins-Slave\

    Delete the whole folder C:\Users\<user name>\AppData\LocalLow\Sun (and Oracle)Delete all files in C:\Jenkins-Slave\ except the batch StartJenkinsSlave

  3. Launch Configure Java, switch Security Tab

    Check for link named "View the active Deployment Rule Set". Link must showing the content of the ruleset.xml.

  4. Import self signed certificate as Trusted Certificate and Signer CA

    On the Security Tab start Manage Certificates and import the previously exported cert file Our_CA.cer two times. Import it as Trusted Certificate AND Singer CA.

    Manage Certificates -> Certificate Type: Trusted Certificate/Geschützte Zertifikate, Import AND Certificate Type: Signer CA/Signaturgeber CA, Import

Recent Posts
How can I color dots in a xy scatterplot according to column value?
How to update a claim in ASP.NET Identity?
What does {0} mean when initializing an object?
Accessing members of items in a JSONArray with Java
How to log SQL statements in Spring Boot?
Powershell Get-WebSite name parameter is ignored
How to detect scroll to bottom of html element
Java synchronized method
How to test controllers with CodeIgniter?
Detect Visual Composer
Matplotlib: Specify format of floats for tick labels
Rails join a list of strings with commas and "and" before the last