Anonymous access to CJOC and the Client controllers

Article ID:204307704
1 minute readKnowledge base


  • You have configured your CloudBees Jenkins Operations Center (CJOC) with Client controller security as "SSO (security realm an authorization strategy)" and authentication mapping as "Trusted controller with equivalent security realm".

  • Anonymous role has given the following permissions:

Overall/Read Job/Read Job/Discover Job/Workspace View/Read

While authenticated access works fine, what you would like to achieve is that anonymous (non-authenticated) browsing is allowed. However, "curling" root URL of a controller gives the following:

Authentication required

You are authenticated as: anonymous
Groups that you are in:

Permission you need to have (but didn't): hudson.model.Hudson.Read
... which is implied by:


With the security settings you have any changes you made in the root context of a client controller will be void since it’s read only at that level.

The filter is most likely set on the client controller in CJOC. You can change the roles and filters for the client controller in CJOC by opening the context menu for the client controller in the list view and select Roles. From there you should be able to remove the filter on anonymous. If it isn’t there the filter might be set on one of the parent folders.