Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-11746

OpenID plugin gives NPE in OpenId Plugin at OpenIdSsoSecurityRealm.doFinishLogin(OpenIdSsoSecurityRealm.java:159)

    XMLWordPrintable

Details

    • Bug
    • Status: Resolved (View Workflow)
    • Major
    • Resolution: Not A Defect
    • openid-plugin
    • None
    • Jenkins LTS 1.409.3 with OpenID plugin 1.4

    Description

      I've configured the OpenID plugin as SSO, attempting to use it with a Google Apps for Business domain, roughly as follows (in config.xml)

      + <securityRealm class="hudson.plugins.openid.OpenIdSsoSecurityRealm">
      + <endpoint>https://www.google.com/accounts/o8/site-xrds?hd=example.com</endpoint>
      + </securityRealm>

      When attempting to login, Jenkins correctly re-directs me to the Google Apps page for confirmation, but upon completion, I get a null pointer exception in doFinishLogin.

      I can't tell if this is the same as JENKINS-9216.

      Attachments

        Issue Links

          Activity

            I'm having this same issue with simple Google account (non-apps).

            This is the stacktrace:

            javax.servlet.ServletException: java.lang.NullPointerException
            org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:605)
            org.kohsuke.stapler.Stapler.invoke(Stapler.java:648)
            org.kohsuke.stapler.MetaClass$4.doDispatch(MetaClass.java:196)
            org.kohsuke.stapler.NameBasedDispatcher.dispatch(NameBasedDispatcher.java:53)
            org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:563)
            org.kohsuke.stapler.Stapler.invoke(Stapler.java:648)
            org.kohsuke.stapler.Stapler.invoke(Stapler.java:477)
            org.kohsuke.stapler.Stapler.service(Stapler.java:159)
            javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
            hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:95)
            hudson.plugins.greenballs.GreenBallFilter.doFilter(GreenBallFilter.java:74)
            hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:98)
            hudson.util.PluginServletFilter.doFilter(PluginServletFilter.java:87)
            hudson.security.csrf.CrumbFilter.doFilter(CrumbFilter.java:47)
            hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:84)
            hudson.security.UnwrapSecurityExceptionFilter.doFilter(UnwrapSecurityExceptionFilter.java:51)
            hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
            org.acegisecurity.ui.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:166)
            hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
            org.acegisecurity.providers.anonymous.AnonymousProcessingFilter.doFilter(AnonymousProcessingFilter.java:125)
            hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
            org.acegisecurity.ui.rememberme.RememberMeProcessingFilter.doFilter(RememberMeProcessingFilter.java:135)
            hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
            org.acegisecurity.ui.AbstractProcessingFilter.doFilter(AbstractProcessingFilter.java:271)
            hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
            org.acegisecurity.ui.basicauth.BasicProcessingFilter.doFilter(BasicProcessingFilter.java:173)
            hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
            jenkins.security.ApiTokenFilter.doFilter(ApiTokenFilter.java:61)
            hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
            org.acegisecurity.context.HttpSessionContextIntegrationFilter.doFilter(HttpSessionContextIntegrationFilter.java:249)
            hudson.security.HttpSessionContextIntegrationFilter2.doFilter(HttpSessionContextIntegrationFilter2.java:66)
            hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
            hudson.security.ChainedServletFilter.doFilter(ChainedServletFilter.java:76)
            hudson.security.HudsonFilter.doFilter(HudsonFilter.java:164)
            hudson.util.CharacterEncodingFilter.doFilter(CharacterEncodingFilter.java:81)
            root cause

            java.lang.NullPointerException
            hudson.plugins.openid.OpenIdSsoSecurityRealm.doFinishLogin(OpenIdSsoSecurityRealm.java:159)
            sun.reflect.GeneratedMethodAccessor1127.invoke(Unknown Source)
            sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
            java.lang.reflect.Method.invoke(Method.java:597)
            org.kohsuke.stapler.Function$InstanceFunction.invoke(Function.java:282)
            org.kohsuke.stapler.Function.bindAndInvoke(Function.java:149)
            org.kohsuke.stapler.Function.bindAndInvokeAndServeResponse(Function.java:88)
            org.kohsuke.stapler.MetaClass$1.doDispatch(MetaClass.java:104)
            org.kohsuke.stapler.NameBasedDispatcher.dispatch(NameBasedDispatcher.java:53)
            org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:563)
            org.kohsuke.stapler.Stapler.invoke(Stapler.java:648)
            org.kohsuke.stapler.MetaClass$4.doDispatch(MetaClass.java:196)
            org.kohsuke.stapler.NameBasedDispatcher.dispatch(NameBasedDispatcher.java:53)
            org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:563)
            org.kohsuke.stapler.Stapler.invoke(Stapler.java:648)
            org.kohsuke.stapler.Stapler.invoke(Stapler.java:477)
            org.kohsuke.stapler.Stapler.service(Stapler.java:159)
            javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
            hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:95)
            hudson.plugins.greenballs.GreenBallFilter.doFilter(GreenBallFilter.java:74)
            hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:98)
            hudson.util.PluginServletFilter.doFilter(PluginServletFilter.java:87)
            hudson.security.csrf.CrumbFilter.doFilter(CrumbFilter.java:47)
            hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:84)
            hudson.security.UnwrapSecurityExceptionFilter.doFilter(UnwrapSecurityExceptionFilter.java:51)
            hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
            org.acegisecurity.ui.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:166)
            hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
            org.acegisecurity.providers.anonymous.AnonymousProcessingFilter.doFilter(AnonymousProcessingFilter.java:125)
            hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
            org.acegisecurity.ui.rememberme.RememberMeProcessingFilter.doFilter(RememberMeProcessingFilter.java:135)
            hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
            org.acegisecurity.ui.AbstractProcessingFilter.doFilter(AbstractProcessingFilter.java:271)
            hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
            org.acegisecurity.ui.basicauth.BasicProcessingFilter.doFilter(BasicProcessingFilter.java:173)
            hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
            jenkins.security.ApiTokenFilter.doFilter(ApiTokenFilter.java:61)
            hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
            org.acegisecurity.context.HttpSessionContextIntegrationFilter.doFilter(HttpSessionContextIntegrationFilter.java:249)
            hudson.security.HttpSessionContextIntegrationFilter2.doFilter(HttpSessionContextIntegrationFilter2.java:66)
            hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
            hudson.security.ChainedServletFilter.doFilter(ChainedServletFilter.java:76)
            hudson.security.HudsonFilter.doFilter(HudsonFilter.java:164)
            hudson.util.CharacterEncodingFilter.doFilter(CharacterEncodingFilter.java:81)

            germanklf German Kondolf added a comment - I'm having this same issue with simple Google account (non-apps). This is the stacktrace: javax.servlet.ServletException: java.lang.NullPointerException org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:605) org.kohsuke.stapler.Stapler.invoke(Stapler.java:648) org.kohsuke.stapler.MetaClass$4.doDispatch(MetaClass.java:196) org.kohsuke.stapler.NameBasedDispatcher.dispatch(NameBasedDispatcher.java:53) org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:563) org.kohsuke.stapler.Stapler.invoke(Stapler.java:648) org.kohsuke.stapler.Stapler.invoke(Stapler.java:477) org.kohsuke.stapler.Stapler.service(Stapler.java:159) javax.servlet.http.HttpServlet.service(HttpServlet.java:717) hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:95) hudson.plugins.greenballs.GreenBallFilter.doFilter(GreenBallFilter.java:74) hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:98) hudson.util.PluginServletFilter.doFilter(PluginServletFilter.java:87) hudson.security.csrf.CrumbFilter.doFilter(CrumbFilter.java:47) hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:84) hudson.security.UnwrapSecurityExceptionFilter.doFilter(UnwrapSecurityExceptionFilter.java:51) hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) org.acegisecurity.ui.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:166) hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) org.acegisecurity.providers.anonymous.AnonymousProcessingFilter.doFilter(AnonymousProcessingFilter.java:125) hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) org.acegisecurity.ui.rememberme.RememberMeProcessingFilter.doFilter(RememberMeProcessingFilter.java:135) hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) org.acegisecurity.ui.AbstractProcessingFilter.doFilter(AbstractProcessingFilter.java:271) hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) org.acegisecurity.ui.basicauth.BasicProcessingFilter.doFilter(BasicProcessingFilter.java:173) hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) jenkins.security.ApiTokenFilter.doFilter(ApiTokenFilter.java:61) hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) org.acegisecurity.context.HttpSessionContextIntegrationFilter.doFilter(HttpSessionContextIntegrationFilter.java:249) hudson.security.HttpSessionContextIntegrationFilter2.doFilter(HttpSessionContextIntegrationFilter2.java:66) hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) hudson.security.ChainedServletFilter.doFilter(ChainedServletFilter.java:76) hudson.security.HudsonFilter.doFilter(HudsonFilter.java:164) hudson.util.CharacterEncodingFilter.doFilter(CharacterEncodingFilter.java:81) root cause java.lang.NullPointerException hudson.plugins.openid.OpenIdSsoSecurityRealm.doFinishLogin(OpenIdSsoSecurityRealm.java:159) sun.reflect.GeneratedMethodAccessor1127.invoke(Unknown Source) sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) java.lang.reflect.Method.invoke(Method.java:597) org.kohsuke.stapler.Function$InstanceFunction.invoke(Function.java:282) org.kohsuke.stapler.Function.bindAndInvoke(Function.java:149) org.kohsuke.stapler.Function.bindAndInvokeAndServeResponse(Function.java:88) org.kohsuke.stapler.MetaClass$1.doDispatch(MetaClass.java:104) org.kohsuke.stapler.NameBasedDispatcher.dispatch(NameBasedDispatcher.java:53) org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:563) org.kohsuke.stapler.Stapler.invoke(Stapler.java:648) org.kohsuke.stapler.MetaClass$4.doDispatch(MetaClass.java:196) org.kohsuke.stapler.NameBasedDispatcher.dispatch(NameBasedDispatcher.java:53) org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:563) org.kohsuke.stapler.Stapler.invoke(Stapler.java:648) org.kohsuke.stapler.Stapler.invoke(Stapler.java:477) org.kohsuke.stapler.Stapler.service(Stapler.java:159) javax.servlet.http.HttpServlet.service(HttpServlet.java:717) hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:95) hudson.plugins.greenballs.GreenBallFilter.doFilter(GreenBallFilter.java:74) hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:98) hudson.util.PluginServletFilter.doFilter(PluginServletFilter.java:87) hudson.security.csrf.CrumbFilter.doFilter(CrumbFilter.java:47) hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:84) hudson.security.UnwrapSecurityExceptionFilter.doFilter(UnwrapSecurityExceptionFilter.java:51) hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) org.acegisecurity.ui.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:166) hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) org.acegisecurity.providers.anonymous.AnonymousProcessingFilter.doFilter(AnonymousProcessingFilter.java:125) hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) org.acegisecurity.ui.rememberme.RememberMeProcessingFilter.doFilter(RememberMeProcessingFilter.java:135) hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) org.acegisecurity.ui.AbstractProcessingFilter.doFilter(AbstractProcessingFilter.java:271) hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) org.acegisecurity.ui.basicauth.BasicProcessingFilter.doFilter(BasicProcessingFilter.java:173) hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) jenkins.security.ApiTokenFilter.doFilter(ApiTokenFilter.java:61) hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) org.acegisecurity.context.HttpSessionContextIntegrationFilter.doFilter(HttpSessionContextIntegrationFilter.java:249) hudson.security.HttpSessionContextIntegrationFilter2.doFilter(HttpSessionContextIntegrationFilter2.java:66) hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) hudson.security.ChainedServletFilter.doFilter(ChainedServletFilter.java:76) hudson.security.HudsonFilter.doFilter(HudsonFilter.java:164) hudson.util.CharacterEncodingFilter.doFilter(CharacterEncodingFilter.java:81)

            I forgot to add the versions...

            Jenkins version: 1443
            OpenID plugin version: 1.4

            germanklf German Kondolf added a comment - I forgot to add the versions... Jenkins version: 1443 OpenID plugin version: 1.4
            urban_novak Urban Novak added a comment -

            I'm getting similar error with Jenkins 1.465 and openid plugin 1.5-SNAPSHOT (private-05/22/2012 15:53). Problem occurs, when I access jenkins from different url than the one specified in configuration. Let's say, if configured jenkins url is http://jenkins:8080 , then openid SSO works only when I use that url. If I use http://jenkins.mydomain.cz:8080 , openid sso fails with following exception.

            java.lang.NullPointerException
            at hudson.plugins.openid.OpenIdSsoSecurityRealm.doFinishLogin(OpenIdSsoSecurityRealm.java:188)
            at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
            at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
            at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
            at java.lang.reflect.Method.invoke(Unknown Source)
            at org.kohsuke.stapler.Function$InstanceFunction.invoke(Function.java:288)
            at org.kohsuke.stapler.Function.bindAndInvoke(Function.java:151)
            at org.kohsuke.stapler.Function.bindAndInvokeAndServeResponse(Function.java:90)
            at org.kohsuke.stapler.MetaClass$1.doDispatch(MetaClass.java:111)
            at org.kohsuke.stapler.NameBasedDispatcher.dispatch(NameBasedDispatcher.java:53)
            at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:574)
            at org.kohsuke.stapler.Stapler.invoke(Stapler.java:659)
            at org.kohsuke.stapler.MetaClass$4.doDispatch(MetaClass.java:203)
            at org.kohsuke.stapler.NameBasedDispatcher.dispatch(NameBasedDispatcher.java:53)
            at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:574)
            at org.kohsuke.stapler.Stapler.invoke(Stapler.java:659)
            at org.kohsuke.stapler.Stapler.invoke(Stapler.java:488)
            at org.kohsuke.stapler.Stapler.service(Stapler.java:162)
            at javax.servlet.http.HttpServlet.service(HttpServlet.java:45)
            at winstone.ServletConfiguration.execute(ServletConfiguration.java:248)
            at winstone.RequestDispatcher.forward(RequestDispatcher.java:333)
            at winstone.RequestDispatcher.doFilter(RequestDispatcher.java:376)
            at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:95)
            at hudson.util.PluginServletFilter.doFilter(PluginServletFilter.java:87)
            at winstone.FilterConfiguration.execute(FilterConfiguration.java:194)
            at winstone.RequestDispatcher.doFilter(RequestDispatcher.java:366)
            at hudson.security.csrf.CrumbFilter.doFilter(CrumbFilter.java:47)
            at winstone.FilterConfiguration.execute(FilterConfiguration.java:194)
            at winstone.RequestDispatcher.doFilter(RequestDispatcher.java:366)
            at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:84)
            at hudson.security.UnwrapSecurityExceptionFilter.doFilter(UnwrapSecurityExceptionFilter.java:51)
            at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
            at org.acegisecurity.ui.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:166)
            at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
            at org.acegisecurity.providers.anonymous.AnonymousProcessingFilter.doFilter(AnonymousProcessingFilter.java:125)
            at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
            at org.acegisecurity.ui.rememberme.RememberMeProcessingFilter.doFilter(RememberMeProcessingFilter.java:142)
            at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
            at org.acegisecurity.ui.AbstractProcessingFilter.doFilter(AbstractProcessingFilter.java:271)
            at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
            at org.acegisecurity.ui.basicauth.BasicProcessingFilter.doFilter(BasicProcessingFilter.java:173)
            at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
            at jenkins.security.ApiTokenFilter.doFilter(ApiTokenFilter.java:63)
            at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
            at org.acegisecurity.context.HttpSessionContextIntegrationFilter.doFilter(HttpSessionContextIntegrationFilter.java:249)
            at hudson.security.HttpSessionContextIntegrationFilter2.doFilter(HttpSessionContextIntegrationFilter2.java:66)
            at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
            at hudson.security.ChainedServletFilter.doFilter(ChainedServletFilter.java:76)
            at hudson.security.HudsonFilter.doFilter(HudsonFilter.java:164)
            at winstone.FilterConfiguration.execute(FilterConfiguration.java:194)
            at winstone.RequestDispatcher.doFilter(RequestDispatcher.java:366)
            at hudson.util.CharacterEncodingFilter.doFilter(CharacterEncodingFilter.java:81)
            at winstone.FilterConfiguration.execute(FilterConfiguration.java:194)
            at winstone.RequestDispatcher.doFilter(RequestDispatcher.java:366)
            at winstone.RequestDispatcher.forward(RequestDispatcher.java:331)
            at winstone.RequestHandlerThread.processRequest(RequestHandlerThread.java:215)
            at winstone.RequestHandlerThread.run(RequestHandlerThread.java:138)
            at java.util.concurrent.Executors$RunnableAdapter.call(Unknown Source)
            at java.util.concurrent.FutureTask$Sync.innerRun(Unknown Source)
            at java.util.concurrent.FutureTask.run(Unknown Source)
            at winstone.BoundedExecutorService$1.run(BoundedExecutorService.java:77)
            at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(Unknown Source)
            at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
            at java.lang.Thread.run(Unknown Source)

            urban_novak Urban Novak added a comment - I'm getting similar error with Jenkins 1.465 and openid plugin 1.5-SNAPSHOT (private-05/22/2012 15:53). Problem occurs, when I access jenkins from different url than the one specified in configuration. Let's say, if configured jenkins url is http://jenkins:8080 , then openid SSO works only when I use that url. If I use http://jenkins.mydomain.cz:8080 , openid sso fails with following exception. java.lang.NullPointerException at hudson.plugins.openid.OpenIdSsoSecurityRealm.doFinishLogin(OpenIdSsoSecurityRealm.java:188) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source) at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source) at java.lang.reflect.Method.invoke(Unknown Source) at org.kohsuke.stapler.Function$InstanceFunction.invoke(Function.java:288) at org.kohsuke.stapler.Function.bindAndInvoke(Function.java:151) at org.kohsuke.stapler.Function.bindAndInvokeAndServeResponse(Function.java:90) at org.kohsuke.stapler.MetaClass$1.doDispatch(MetaClass.java:111) at org.kohsuke.stapler.NameBasedDispatcher.dispatch(NameBasedDispatcher.java:53) at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:574) at org.kohsuke.stapler.Stapler.invoke(Stapler.java:659) at org.kohsuke.stapler.MetaClass$4.doDispatch(MetaClass.java:203) at org.kohsuke.stapler.NameBasedDispatcher.dispatch(NameBasedDispatcher.java:53) at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:574) at org.kohsuke.stapler.Stapler.invoke(Stapler.java:659) at org.kohsuke.stapler.Stapler.invoke(Stapler.java:488) at org.kohsuke.stapler.Stapler.service(Stapler.java:162) at javax.servlet.http.HttpServlet.service(HttpServlet.java:45) at winstone.ServletConfiguration.execute(ServletConfiguration.java:248) at winstone.RequestDispatcher.forward(RequestDispatcher.java:333) at winstone.RequestDispatcher.doFilter(RequestDispatcher.java:376) at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:95) at hudson.util.PluginServletFilter.doFilter(PluginServletFilter.java:87) at winstone.FilterConfiguration.execute(FilterConfiguration.java:194) at winstone.RequestDispatcher.doFilter(RequestDispatcher.java:366) at hudson.security.csrf.CrumbFilter.doFilter(CrumbFilter.java:47) at winstone.FilterConfiguration.execute(FilterConfiguration.java:194) at winstone.RequestDispatcher.doFilter(RequestDispatcher.java:366) at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:84) at hudson.security.UnwrapSecurityExceptionFilter.doFilter(UnwrapSecurityExceptionFilter.java:51) at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) at org.acegisecurity.ui.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:166) at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) at org.acegisecurity.providers.anonymous.AnonymousProcessingFilter.doFilter(AnonymousProcessingFilter.java:125) at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) at org.acegisecurity.ui.rememberme.RememberMeProcessingFilter.doFilter(RememberMeProcessingFilter.java:142) at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) at org.acegisecurity.ui.AbstractProcessingFilter.doFilter(AbstractProcessingFilter.java:271) at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) at org.acegisecurity.ui.basicauth.BasicProcessingFilter.doFilter(BasicProcessingFilter.java:173) at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) at jenkins.security.ApiTokenFilter.doFilter(ApiTokenFilter.java:63) at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) at org.acegisecurity.context.HttpSessionContextIntegrationFilter.doFilter(HttpSessionContextIntegrationFilter.java:249) at hudson.security.HttpSessionContextIntegrationFilter2.doFilter(HttpSessionContextIntegrationFilter2.java:66) at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) at hudson.security.ChainedServletFilter.doFilter(ChainedServletFilter.java:76) at hudson.security.HudsonFilter.doFilter(HudsonFilter.java:164) at winstone.FilterConfiguration.execute(FilterConfiguration.java:194) at winstone.RequestDispatcher.doFilter(RequestDispatcher.java:366) at hudson.util.CharacterEncodingFilter.doFilter(CharacterEncodingFilter.java:81) at winstone.FilterConfiguration.execute(FilterConfiguration.java:194) at winstone.RequestDispatcher.doFilter(RequestDispatcher.java:366) at winstone.RequestDispatcher.forward(RequestDispatcher.java:331) at winstone.RequestHandlerThread.processRequest(RequestHandlerThread.java:215) at winstone.RequestHandlerThread.run(RequestHandlerThread.java:138) at java.util.concurrent.Executors$RunnableAdapter.call(Unknown Source) at java.util.concurrent.FutureTask$Sync.innerRun(Unknown Source) at java.util.concurrent.FutureTask.run(Unknown Source) at winstone.BoundedExecutorService$1.run(BoundedExecutorService.java:77) at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(Unknown Source) at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source) at java.lang.Thread.run(Unknown Source)
            jglick Jesse Glick added a comment -

            Possibly fixed by 91beef6?

            jglick Jesse Glick added a comment - Possibly fixed by 91beef6 ?
            tomclift Tom Clift added a comment -

            Still exists in 1.486 (OpenID sign-on from URL other than configured "Jenkins URL" causes NullPointerException). Reproduced using "Google Apps SSO (with OpenID)" auth option.

            tomclift Tom Clift added a comment - Still exists in 1.486 (OpenID sign-on from URL other than configured "Jenkins URL" causes NullPointerException). Reproduced using "Google Apps SSO (with OpenID)" auth option.

            Code changed in jenkins
            User: Jesse Glick
            Path:
            src/main/java/hudson/plugins/openid/OpenIdSsoSecurityRealm.java
            http://jenkins-ci.org/commit/openid-plugin/67c3d2d2109e8b815ede6768fb739389e66d7657
            Log:
            JENKINS-11746 At least fail with a descriptive error message, reused from 3686396.

            scm_issue_link SCM/JIRA link daemon added a comment - Code changed in jenkins User: Jesse Glick Path: src/main/java/hudson/plugins/openid/OpenIdSsoSecurityRealm.java http://jenkins-ci.org/commit/openid-plugin/67c3d2d2109e8b815ede6768fb739389e66d7657 Log: JENKINS-11746 At least fail with a descriptive error message, reused from 3686396.

            This is normally the result of host name mismatch — you access the login page under one host name, then OpenID server redirecting you back to Jenkins on another host name.

            As far as the browser is concerned, those two host names are two different sites, not session cookies get sent, and Jenkins fails to find it.

            Check your Jenkins URL configuration.

            kohsuke Kohsuke Kawaguchi added a comment - This is normally the result of host name mismatch — you access the login page under one host name, then OpenID server redirecting you back to Jenkins on another host name. As far as the browser is concerned, those two host names are two different sites, not session cookies get sent, and Jenkins fails to find it. Check your Jenkins URL configuration.
            tomclift Tom Clift added a comment -

            An error message asking to check configuration would be a good addition.

            Alternatively, would there be any ill effects to automatically redirect users from a non-canonical URLs to the canonical URL?

            E.g. the canonical URL is set to jenkins.example.org, and the user accesses from http://jenkins/ (internally resolvable hostname, trying to authenticate from here will fail), they are automatically redirected to http://jenkins.example.org/ ? If this happened before the user was sent to the OpenID server for authentication, there wouldn't need to be any special handling on the return trip.

            tomclift Tom Clift added a comment - An error message asking to check configuration would be a good addition. Alternatively, would there be any ill effects to automatically redirect users from a non-canonical URLs to the canonical URL? E.g. the canonical URL is set to jenkins.example.org, and the user accesses from http://jenkins/ (internally resolvable hostname, trying to authenticate from here will fail), they are automatically redirected to http://jenkins.example.org/ ? If this happened before the user was sent to the OpenID server for authentication, there wouldn't need to be any special handling on the return trip.
            jglick Jesse Glick added a comment -

            An error message asking to check configuration would be a good addition.

            I think 67c3d2d accomplishes just that:

            Unable to find an on-going OpenID session. Could it be that you have multiple host names for your Jenkins and you started the authentication in one host name and landed back on another? If so configure the correct Jenkins root URL so that those two host names will be the same

            jglick Jesse Glick added a comment - An error message asking to check configuration would be a good addition. I think 67c3d2d accomplishes just that: Unable to find an on-going OpenID session. Could it be that you have multiple host names for your Jenkins and you started the authentication in one host name and landed back on another? If so configure the correct Jenkins root URL so that those two host names will be the same

            People

              kohsuke Kohsuke Kawaguchi
              sit Emil Sit
              Votes:
              3 Vote for this issue
              Watchers:
              7 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: