-
Bug
-
Resolution: Not A Defect
-
Major
-
None
-
Jenkins LTS 1.409.3 with OpenID plugin 1.4
I've configured the OpenID plugin as SSO, attempting to use it with a Google Apps for Business domain, roughly as follows (in config.xml)
+ <securityRealm class="hudson.plugins.openid.OpenIdSsoSecurityRealm">
+ <endpoint>https://www.google.com/accounts/o8/site-xrds?hd=example.com</endpoint>
+ </securityRealm>
When attempting to login, Jenkins correctly re-directs me to the Google Apps page for confirmation, but upon completion, I get a null pointer exception in doFinishLogin.
I can't tell if this is the same as JENKINS-9216.
- is duplicated by
-
-
- Resolved
-
-
-
- Resolved
-
[JENKINS-11746] OpenID plugin gives NPE in OpenId Plugin at OpenIdSsoSecurityRealm.doFinishLogin(OpenIdSsoSecurityRealm.java:159)
German Kondolf
added a comment - I forgot to add the versions...
Jenkins version: 1443
OpenID plugin version: 1.4
German Kondolf
added a comment - I forgot to add the versions...
Jenkins version: 1443
OpenID plugin version: 1.4 
Urban Novak
added a comment - I'm getting similar error with Jenkins 1.465 and openid plugin 1.5-SNAPSHOT (private-05/22/2012 15:53). Problem occurs, when I access jenkins from different url than the one specified in configuration. Let's say, if configured jenkins url is http://jenkins:8080 , then openid SSO works only when I use that url. If I use http://jenkins.mydomain.cz:8080 , openid sso fails with following exception.
java.lang.NullPointerException
at hudson.plugins.openid.OpenIdSsoSecurityRealm.doFinishLogin(OpenIdSsoSecurityRealm.java:188)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
at java.lang.reflect.Method.invoke(Unknown Source)
at org.kohsuke.stapler.Function$InstanceFunction.invoke(Function.java:288)
at org.kohsuke.stapler.Function.bindAndInvoke(Function.java:151)
at org.kohsuke.stapler.Function.bindAndInvokeAndServeResponse(Function.java:90)
at org.kohsuke.stapler.MetaClass$1.doDispatch(MetaClass.java:111)
at org.kohsuke.stapler.NameBasedDispatcher.dispatch(NameBasedDispatcher.java:53)
at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:574)
at org.kohsuke.stapler.Stapler.invoke(Stapler.java:659)
at org.kohsuke.stapler.MetaClass$4.doDispatch(MetaClass.java:203)
at org.kohsuke.stapler.NameBasedDispatcher.dispatch(NameBasedDispatcher.java:53)
at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:574)
at org.kohsuke.stapler.Stapler.invoke(Stapler.java:659)
at org.kohsuke.stapler.Stapler.invoke(Stapler.java:488)
at org.kohsuke.stapler.Stapler.service(Stapler.java:162)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:45)
at winstone.ServletConfiguration.execute(ServletConfiguration.java:248)
at winstone.RequestDispatcher.forward(RequestDispatcher.java:333)
at winstone.RequestDispatcher.doFilter(RequestDispatcher.java:376)
at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:95)
at hudson.util.PluginServletFilter.doFilter(PluginServletFilter.java:87)
at winstone.FilterConfiguration.execute(FilterConfiguration.java:194)
at winstone.RequestDispatcher.doFilter(RequestDispatcher.java:366)
at hudson.security.csrf.CrumbFilter.doFilter(CrumbFilter.java:47)
at winstone.FilterConfiguration.execute(FilterConfiguration.java:194)
at winstone.RequestDispatcher.doFilter(RequestDispatcher.java:366)
at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:84)
at hudson.security.UnwrapSecurityExceptionFilter.doFilter(UnwrapSecurityExceptionFilter.java:51)
at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
at org.acegisecurity.ui.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:166)
at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
at org.acegisecurity.providers.anonymous.AnonymousProcessingFilter.doFilter(AnonymousProcessingFilter.java:125)
at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
at org.acegisecurity.ui.rememberme.RememberMeProcessingFilter.doFilter(RememberMeProcessingFilter.java:142)
at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
at org.acegisecurity.ui.AbstractProcessingFilter.doFilter(AbstractProcessingFilter.java:271)
at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
at org.acegisecurity.ui.basicauth.BasicProcessingFilter.doFilter(BasicProcessingFilter.java:173)
at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
at jenkins.security.ApiTokenFilter.doFilter(ApiTokenFilter.java:63)
at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
at org.acegisecurity.context.HttpSessionContextIntegrationFilter.doFilter(HttpSessionContextIntegrationFilter.java:249)
at hudson.security.HttpSessionContextIntegrationFilter2.doFilter(HttpSessionContextIntegrationFilter2.java:66)
at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
at hudson.security.ChainedServletFilter.doFilter(ChainedServletFilter.java:76)
at hudson.security.HudsonFilter.doFilter(HudsonFilter.java:164)
at winstone.FilterConfiguration.execute(FilterConfiguration.java:194)
at winstone.RequestDispatcher.doFilter(RequestDispatcher.java:366)
at hudson.util.CharacterEncodingFilter.doFilter(CharacterEncodingFilter.java:81)
at winstone.FilterConfiguration.execute(FilterConfiguration.java:194)
at winstone.RequestDispatcher.doFilter(RequestDispatcher.java:366)
at winstone.RequestDispatcher.forward(RequestDispatcher.java:331)
at winstone.RequestHandlerThread.processRequest(RequestHandlerThread.java:215)
at winstone.RequestHandlerThread.run(RequestHandlerThread.java:138)
at java.util.concurrent.Executors$RunnableAdapter.call(Unknown Source)
at java.util.concurrent.FutureTask$Sync.innerRun(Unknown Source)
at java.util.concurrent.FutureTask.run(Unknown Source)
at winstone.BoundedExecutorService$1.run(BoundedExecutorService.java:77)
at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(Unknown Source)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
at java.lang.Thread.run(Unknown Source)
Urban Novak
added a comment - I'm getting similar error with Jenkins 1.465 and openid plugin 1.5-SNAPSHOT (private-05/22/2012 15:53). Problem occurs, when I access jenkins from different url than the one specified in configuration. Let's say, if configured jenkins url is http://jenkins:8080 , then openid SSO works only when I use that url. If I use http://jenkins.mydomain.cz:8080 , openid sso fails with following exception.
java.lang.NullPointerException
at hudson.plugins.openid.OpenIdSsoSecurityRealm.doFinishLogin(OpenIdSsoSecurityRealm.java:188)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
at java.lang.reflect.Method.invoke(Unknown Source)
at org.kohsuke.stapler.Function$InstanceFunction.invoke(Function.java:288)
at org.kohsuke.stapler.Function.bindAndInvoke(Function.java:151)
at org.kohsuke.stapler.Function.bindAndInvokeAndServeResponse(Function.java:90)
at org.kohsuke.stapler.MetaClass$1.doDispatch(MetaClass.java:111)
at org.kohsuke.stapler.NameBasedDispatcher.dispatch(NameBasedDispatcher.java:53)
at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:574)
at org.kohsuke.stapler.Stapler.invoke(Stapler.java:659)
at org.kohsuke.stapler.MetaClass$4.doDispatch(MetaClass.java:203)
at org.kohsuke.stapler.NameBasedDispatcher.dispatch(NameBasedDispatcher.java:53)
at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:574)
at org.kohsuke.stapler.Stapler.invoke(Stapler.java:659)
at org.kohsuke.stapler.Stapler.invoke(Stapler.java:488)
at org.kohsuke.stapler.Stapler.service(Stapler.java:162)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:45)
at winstone.ServletConfiguration.execute(ServletConfiguration.java:248)
at winstone.RequestDispatcher.forward(RequestDispatcher.java:333)
at winstone.RequestDispatcher.doFilter(RequestDispatcher.java:376)
at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:95)
at hudson.util.PluginServletFilter.doFilter(PluginServletFilter.java:87)
at winstone.FilterConfiguration.execute(FilterConfiguration.java:194)
at winstone.RequestDispatcher.doFilter(RequestDispatcher.java:366)
at hudson.security.csrf.CrumbFilter.doFilter(CrumbFilter.java:47)
at winstone.FilterConfiguration.execute(FilterConfiguration.java:194)
at winstone.RequestDispatcher.doFilter(RequestDispatcher.java:366)
at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:84)
at hudson.security.UnwrapSecurityExceptionFilter.doFilter(UnwrapSecurityExceptionFilter.java:51)
at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
at org.acegisecurity.ui.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:166)
at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
at org.acegisecurity.providers.anonymous.AnonymousProcessingFilter.doFilter(AnonymousProcessingFilter.java:125)
at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
at org.acegisecurity.ui.rememberme.RememberMeProcessingFilter.doFilter(RememberMeProcessingFilter.java:142)
at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
at org.acegisecurity.ui.AbstractProcessingFilter.doFilter(AbstractProcessingFilter.java:271)
at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
at org.acegisecurity.ui.basicauth.BasicProcessingFilter.doFilter(BasicProcessingFilter.java:173)
at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
at jenkins.security.ApiTokenFilter.doFilter(ApiTokenFilter.java:63)
at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
at org.acegisecurity.context.HttpSessionContextIntegrationFilter.doFilter(HttpSessionContextIntegrationFilter.java:249)
at hudson.security.HttpSessionContextIntegrationFilter2.doFilter(HttpSessionContextIntegrationFilter2.java:66)
at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
at hudson.security.ChainedServletFilter.doFilter(ChainedServletFilter.java:76)
at hudson.security.HudsonFilter.doFilter(HudsonFilter.java:164)
at winstone.FilterConfiguration.execute(FilterConfiguration.java:194)
at winstone.RequestDispatcher.doFilter(RequestDispatcher.java:366)
at hudson.util.CharacterEncodingFilter.doFilter(CharacterEncodingFilter.java:81)
at winstone.FilterConfiguration.execute(FilterConfiguration.java:194)
at winstone.RequestDispatcher.doFilter(RequestDispatcher.java:366)
at winstone.RequestDispatcher.forward(RequestDispatcher.java:331)
at winstone.RequestHandlerThread.processRequest(RequestHandlerThread.java:215)
at winstone.RequestHandlerThread.run(RequestHandlerThread.java:138)
at java.util.concurrent.Executors$RunnableAdapter.call(Unknown Source)
at java.util.concurrent.FutureTask$Sync.innerRun(Unknown Source)
at java.util.concurrent.FutureTask.run(Unknown Source)
at winstone.BoundedExecutorService$1.run(BoundedExecutorService.java:77)
at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(Unknown Source)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
at java.lang.Thread.run(Unknown Source) 
Tom Clift
added a comment - Still exists in 1.486 (OpenID sign-on from URL other than configured "Jenkins URL" causes NullPointerException). Reproduced using "Google Apps SSO (with OpenID)" auth option.
Tom Clift
added a comment - Still exists in 1.486 (OpenID sign-on from URL other than configured "Jenkins URL" causes NullPointerException). Reproduced using "Google Apps SSO (with OpenID)" auth option. Code changed in jenkins
User: Jesse Glick
Path:
src/main/java/hudson/plugins/openid/OpenIdSsoSecurityRealm.java
http://jenkins-ci.org/commit/openid-plugin/67c3d2d2109e8b815ede6768fb739389e66d7657
Log:
JENKINS-11746 At least fail with a descriptive error message, reused from 3686396.
This is normally the result of host name mismatch — you access the login page under one host name, then OpenID server redirecting you back to Jenkins on another host name.
As far as the browser is concerned, those two host names are two different sites, not session cookies get sent, and Jenkins fails to find it.
Check your Jenkins URL configuration.
Tom Clift
added a comment - An error message asking to check configuration would be a good addition.
Alternatively, would there be any ill effects to automatically redirect users from a non-canonical URLs to the canonical URL?
E.g. the canonical URL is set to jenkins.example.org, and the user accesses from http://jenkins/ (internally resolvable hostname, trying to authenticate from here will fail), they are automatically redirected to http://jenkins.example.org/ ? If this happened before the user was sent to the OpenID server for authentication, there wouldn't need to be any special handling on the return trip.
Tom Clift
added a comment - An error message asking to check configuration would be a good addition.
Alternatively, would there be any ill effects to automatically redirect users from a non-canonical URLs to the canonical URL?
E.g. the canonical URL is set to jenkins.example.org, and the user accesses from http://jenkins/ (internally resolvable hostname, trying to authenticate from here will fail), they are automatically redirected to http://jenkins.example.org/ ? If this happened before the user was sent to the OpenID server for authentication, there wouldn't need to be any special handling on the return trip. An error message asking to check configuration would be a good addition.
I think 67c3d2d accomplishes just that:
Unable to find an on-going OpenID session. Could it be that you have multiple host names for your Jenkins and you started the authentication in one host name and landed back on another? If so configure the correct Jenkins root URL so that those two host names will be the same
I'm having this same issue with simple Google account (non-apps).
This is the stacktrace:
javax.servlet.ServletException: java.lang.NullPointerException
org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:605)
org.kohsuke.stapler.Stapler.invoke(Stapler.java:648)
org.kohsuke.stapler.MetaClass$4.doDispatch(MetaClass.java:196)
org.kohsuke.stapler.NameBasedDispatcher.dispatch(NameBasedDispatcher.java:53)
org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:563)
org.kohsuke.stapler.Stapler.invoke(Stapler.java:648)
org.kohsuke.stapler.Stapler.invoke(Stapler.java:477)
org.kohsuke.stapler.Stapler.service(Stapler.java:159)
javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:95)
hudson.plugins.greenballs.GreenBallFilter.doFilter(GreenBallFilter.java:74)
hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:98)
hudson.util.PluginServletFilter.doFilter(PluginServletFilter.java:87)
hudson.security.csrf.CrumbFilter.doFilter(CrumbFilter.java:47)
hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:84)
hudson.security.UnwrapSecurityExceptionFilter.doFilter(UnwrapSecurityExceptionFilter.java:51)
hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
org.acegisecurity.ui.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:166)
hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
org.acegisecurity.providers.anonymous.AnonymousProcessingFilter.doFilter(AnonymousProcessingFilter.java:125)
hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
org.acegisecurity.ui.rememberme.RememberMeProcessingFilter.doFilter(RememberMeProcessingFilter.java:135)
hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
org.acegisecurity.ui.AbstractProcessingFilter.doFilter(AbstractProcessingFilter.java:271)
hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
org.acegisecurity.ui.basicauth.BasicProcessingFilter.doFilter(BasicProcessingFilter.java:173)
hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
jenkins.security.ApiTokenFilter.doFilter(ApiTokenFilter.java:61)
hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
org.acegisecurity.context.HttpSessionContextIntegrationFilter.doFilter(HttpSessionContextIntegrationFilter.java:249)
hudson.security.HttpSessionContextIntegrationFilter2.doFilter(HttpSessionContextIntegrationFilter2.java:66)
hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
hudson.security.ChainedServletFilter.doFilter(ChainedServletFilter.java:76)
hudson.security.HudsonFilter.doFilter(HudsonFilter.java:164)
hudson.util.CharacterEncodingFilter.doFilter(CharacterEncodingFilter.java:81)
root cause
java.lang.NullPointerException
hudson.plugins.openid.OpenIdSsoSecurityRealm.doFinishLogin(OpenIdSsoSecurityRealm.java:159)
sun.reflect.GeneratedMethodAccessor1127.invoke(Unknown Source)
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
java.lang.reflect.Method.invoke(Method.java:597)
org.kohsuke.stapler.Function$InstanceFunction.invoke(Function.java:282)
org.kohsuke.stapler.Function.bindAndInvoke(Function.java:149)
org.kohsuke.stapler.Function.bindAndInvokeAndServeResponse(Function.java:88)
org.kohsuke.stapler.MetaClass$1.doDispatch(MetaClass.java:104)
org.kohsuke.stapler.NameBasedDispatcher.dispatch(NameBasedDispatcher.java:53)
org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:563)
org.kohsuke.stapler.Stapler.invoke(Stapler.java:648)
org.kohsuke.stapler.MetaClass$4.doDispatch(MetaClass.java:196)
org.kohsuke.stapler.NameBasedDispatcher.dispatch(NameBasedDispatcher.java:53)
org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:563)
org.kohsuke.stapler.Stapler.invoke(Stapler.java:648)
org.kohsuke.stapler.Stapler.invoke(Stapler.java:477)
org.kohsuke.stapler.Stapler.service(Stapler.java:159)
javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:95)
hudson.plugins.greenballs.GreenBallFilter.doFilter(GreenBallFilter.java:74)
hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:98)
hudson.util.PluginServletFilter.doFilter(PluginServletFilter.java:87)
hudson.security.csrf.CrumbFilter.doFilter(CrumbFilter.java:47)
hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:84)
hudson.security.UnwrapSecurityExceptionFilter.doFilter(UnwrapSecurityExceptionFilter.java:51)
hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
org.acegisecurity.ui.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:166)
hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
org.acegisecurity.providers.anonymous.AnonymousProcessingFilter.doFilter(AnonymousProcessingFilter.java:125)
hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
org.acegisecurity.ui.rememberme.RememberMeProcessingFilter.doFilter(RememberMeProcessingFilter.java:135)
hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
org.acegisecurity.ui.AbstractProcessingFilter.doFilter(AbstractProcessingFilter.java:271)
hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
org.acegisecurity.ui.basicauth.BasicProcessingFilter.doFilter(BasicProcessingFilter.java:173)
hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
jenkins.security.ApiTokenFilter.doFilter(ApiTokenFilter.java:61)
hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
org.acegisecurity.context.HttpSessionContextIntegrationFilter.doFilter(HttpSessionContextIntegrationFilter.java:249)
hudson.security.HttpSessionContextIntegrationFilter2.doFilter(HttpSessionContextIntegrationFilter2.java:66)
hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
hudson.security.ChainedServletFilter.doFilter(ChainedServletFilter.java:76)
hudson.security.HudsonFilter.doFilter(HudsonFilter.java:164)
hudson.util.CharacterEncodingFilter.doFilter(CharacterEncodingFilter.java:81)