• Icon: Improvement Improvement
    • Resolution: Unresolved
    • Icon: Minor Minor
    • openid-plugin
    • None
    • Ubuntu 10.4 LTS

      The OpenId plugin does not seem to work bvehind a proxy. I have configured the proxy in the jenkins plugin settings (jenkins can now download plugins via proxy), added JAVA_ARGS="-Dhttp.proxyHost=proxy1 -Dhttp.proxyPort=3128" to /etc/defaults/jenkins (and verified via ps -Af | grep jenkins, exported $http_proxy from /etc/profile, but nothing seems to work.
      I have found the following hint: http://code.google.com/p/openid4java/wiki/ConsumerForwardProxy - but in the plugin source code there is no such configuration before the instantiation of the ConsumerManager (see OpenIdLoginService.java, line 52). I don't know if there's some magic there already that makes this obsolete and works if used correctly, but unfortunately it does not work out of the box in my case. Id would be nice to have a mechanism that observes any of the standard configurations mentioned above (preferrably the one inside hudson, because this is the one that is most likely correct once the open id plugin is installed), or at least a setting for the proxy in the open id plugin itself.

          [JENKINS-11753] Enable OpenID Plugin behind proxy

          see also the following gerrit issue:
          http://code.google.com/p/gerrit/issues/detail?id=105

          Remigius Stalder added a comment - see also the following gerrit issue: http://code.google.com/p/gerrit/issues/detail?id=105

          I have created modified versions of the classes OpenIdSsoSecurityRealm and OpenIdLoginService that solve the problem for me (see attachment).

          Remigius Stalder added a comment - I have created modified versions of the classes OpenIdSsoSecurityRealm and OpenIdLoginService that solve the problem for me (see attachment).

          patch to classes OpenIdSsoSecurityRealm and OpenIdLoginService

          Remigius Stalder added a comment - patch to classes OpenIdSsoSecurityRealm and OpenIdLoginService

          John Gibson added a comment -

          This feature was actually implemented back in October, 2012 (https://github.com/jenkinsci/openid-plugin/commit/ac328548bb7a83f40d1e3b4a7ce0ab799bfbf3be) and it mostly works. However, it doesn't respect the non-proxy hosts settings in Jenkins.

          Looking at hudson.plugins.openid.OpenIdSsoSecurityRealm#createManager() you can see that it doesn't use the noProxyHostPatterns property of the global Hudson.proxy variable. It should do so to avoid making proxy connections when they are not needed.

          John Gibson added a comment - This feature was actually implemented back in October, 2012 ( https://github.com/jenkinsci/openid-plugin/commit/ac328548bb7a83f40d1e3b4a7ce0ab799bfbf3be ) and it mostly works. However, it doesn't respect the non-proxy hosts settings in Jenkins. Looking at hudson.plugins.openid.OpenIdSsoSecurityRealm#createManager() you can see that it doesn't use the noProxyHostPatterns property of the global Hudson.proxy variable. It should do so to avoid making proxy connections when they are not needed.

          Code changed in jenkins
          User: Justin Harringa
          Path:
          src/main/java/hudson/plugins/openid/GoogleAppSsoSecurityRealm.java
          src/main/java/hudson/plugins/openid/OpenIdSsoSecurityRealm.java
          src/test/java/hudson/plugins/openid/OpenIdSsoSecurityRealmTest.java
          http://jenkins-ci.org/commit/openid-plugin/ac607f380ce1945cf3d13bc389c1475b49696d8c
          Log:
          [FIXED JENKINS-22368] Discovery fails behind proxy

          This commit addresses the problem described in [FIXED JENKINS-22368] and
          may also correct JENKINS-11753. Proxy settings in openid4java's
          HttpClientFactory will now be initialized when calling the constructor of
          the OpenIdSsoSecurityRealm & GoogleAppSsoSecurityRealm classes in addition
          to the existing call in the commenceLogin process.

          SCM/JIRA link daemon added a comment - Code changed in jenkins User: Justin Harringa Path: src/main/java/hudson/plugins/openid/GoogleAppSsoSecurityRealm.java src/main/java/hudson/plugins/openid/OpenIdSsoSecurityRealm.java src/test/java/hudson/plugins/openid/OpenIdSsoSecurityRealmTest.java http://jenkins-ci.org/commit/openid-plugin/ac607f380ce1945cf3d13bc389c1475b49696d8c Log: [FIXED JENKINS-22368] Discovery fails behind proxy This commit addresses the problem described in [FIXED JENKINS-22368] and may also correct JENKINS-11753 . Proxy settings in openid4java's HttpClientFactory will now be initialized when calling the constructor of the OpenIdSsoSecurityRealm & GoogleAppSsoSecurityRealm classes in addition to the existing call in the commenceLogin process.

            kohsuke Kohsuke Kawaguchi
            remigius Remigius Stalder
            Votes:
            1 Vote for this issue
            Watchers:
            4 Start watching this issue

              Created:
              Updated: