Retrieving user API token in JOC environment with SSO enabled

Issue

The user used to have an environment with just a controller, and getting the user API token was done with a simple query to the controller. After adding JOC with SSO, it is no longer possible to query the controller directly with just username:password to retrieve the API token.

The ability to retrieve the API token is useful for applications that have no knowledge of how Jenkins works, and just want to provide their credentials(username:password) to execute a command.

Environment

CloudBees Jenkins Enterprise - Operations Center (CJE-OC)
CloudBees Jenkins Enterprise - Managed controller (CJE-MM)
CloudBees Jenkins Platform - Operations Center (CJP-OC)
CloudBees Jenkins Platform - Client controller (CJP-CM)

Resolution

The JOC needs to be queried directly to retrieve the API token. This token will be usable across all connected client controllers. An example can be found below.

curl -u '<user>:<password>' 'http(s)://<joc-host>:<port>/user/<user>/configure' | grep apiToken
curl -u '<user>:<apiToken>' 'http(s)://<jenkins-controller-host>:<port>/<job-trigger-path>'