Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-16612

Openid plugin does not work because of invalid return_to

    • Icon: Bug Bug
    • Resolution: Unresolved
    • Icon: Blocker Blocker
    • openid-plugin
    • None
    • Ubuntu 10.04 LTS. Jenkins behind apache with HTTPS (only).

      When enabling openid plugin in jenkins it fails (both using Google Apps openid and manual config) with the following stacktrace:

      Exception: org.openid4java.message.MessageException: 0x300: Invalid return_to: http%3A%2F%2Fjenkins.domain.com%2FsecurityRealm%2FfinishLogin
      Stacktrace:
      javax.servlet.ServletException: org.openid4java.message.MessageException: 0x300: Invalid return_to: http%3A%2F%2Fjenkins.domain.com%2FsecurityRealm%2FfinishLogin
      at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:615)
      at org.kohsuke.stapler.Stapler.invoke(Stapler.java:658)
      at org.kohsuke.stapler.MetaClass$4.doDispatch(MetaClass.java:203)
      at org.kohsuke.stapler.NameBasedDispatcher.dispatch(NameBasedDispatcher.java:53)
      at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:573)
      at org.kohsuke.stapler.Stapler.invoke(Stapler.java:658)
      at org.kohsuke.stapler.Stapler.invoke(Stapler.java:487)
      at org.kohsuke.stapler.Stapler.service(Stapler.java:164)
      at javax.servlet.http.HttpServlet.service(HttpServlet.java:45)
      at winstone.ServletConfiguration.execute(ServletConfiguration.java:248)
      at winstone.RequestDispatcher.forward(RequestDispatcher.java:333)
      at winstone.RequestDispatcher.doFilter(RequestDispatcher.java:376)
      at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:95)
      at hudson.util.PluginServletFilter.doFilter(PluginServletFilter.java:87)
      at winstone.FilterConfiguration.execute(FilterConfiguration.java:194)
      at winstone.RequestDispatcher.doFilter(RequestDispatcher.java:366)
      at hudson.security.csrf.CrumbFilter.doFilter(CrumbFilter.java:47)
      at winstone.FilterConfiguration.execute(FilterConfiguration.java:194)
      at winstone.RequestDispatcher.doFilter(RequestDispatcher.java:366)
      at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:84)
      at hudson.security.UnwrapSecurityExceptionFilter.doFilter(UnwrapSecurityExceptionFilter.java:51)
      at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
      at org.acegisecurity.ui.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:124)
      at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
      at org.acegisecurity.providers.anonymous.AnonymousProcessingFilter.doFilter(AnonymousProcessingFilter.java:125)
      at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
      at org.acegisecurity.ui.rememberme.RememberMeProcessingFilter.doFilter(RememberMeProcessingFilter.java:135)
      at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
      at org.acegisecurity.ui.AbstractProcessingFilter.doFilter(AbstractProcessingFilter.java:271)
      at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
      at org.acegisecurity.ui.basicauth.BasicProcessingFilter.doFilter(BasicProcessingFilter.java:174)
      at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
      at jenkins.security.ApiTokenFilter.doFilter(ApiTokenFilter.java:63)
      at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
      at org.acegisecurity.context.HttpSessionContextIntegrationFilter.doFilter(HttpSessionContextIntegrationFilter.java:249)
      at hudson.security.HttpSessionContextIntegrationFilter2.doFilter(HttpSessionContextIntegrationFilter2.java:66)
      at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
      at hudson.security.ChainedServletFilter.doFilter(ChainedServletFilter.java:76)
      at hudson.security.HudsonFilter.doFilter(HudsonFilter.java:164)
      at winstone.FilterConfiguration.execute(FilterConfiguration.java:194)
      at winstone.RequestDispatcher.doFilter(RequestDispatcher.java:366)
      at org.kohsuke.stapler.compression.CompressionFilter.doFilter(CompressionFilter.java:50)
      at winstone.FilterConfiguration.execute(FilterConfiguration.java:194)
      at winstone.RequestDispatcher.doFilter(RequestDispatcher.java:366)
      at hudson.util.CharacterEncodingFilter.doFilter(CharacterEncodingFilter.java:81)
      at winstone.FilterConfiguration.execute(FilterConfiguration.java:194)
      at winstone.RequestDispatcher.doFilter(RequestDispatcher.java:366)
      at winstone.RequestDispatcher.forward(RequestDispatcher.java:331)
      at winstone.RequestHandlerThread.processRequest(RequestHandlerThread.java:215)
      at winstone.RequestHandlerThread.run(RequestHandlerThread.java:138)
      at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:441)
      at java.util.concurrent.FutureTask$Sync.innerRun(FutureTask.java:303)
      at java.util.concurrent.FutureTask.run(FutureTask.java:138)
      at winstone.BoundedExecutorService$1.run(BoundedExecutorService.java:77)
      at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886)
      at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908)
      at java.lang.Thread.run(Thread.java:662)
      Caused by: org.openid4java.message.MessageException: 0x300: Invalid return_to: http%3A%2F%2Fjenkins.domain.com%2FsecurityRealm%2FfinishLogin
      at org.openid4java.message.AuthSuccess.validate(AuthSuccess.java:419)
      at org.openid4java.message.AuthSuccess.createAuthSuccess(AuthSuccess.java:117)
      at org.openid4java.consumer.ConsumerManager.verify(ConsumerManager.java:1146)
      at hudson.plugins.openid.OpenIdSession.doFinishLogin(OpenIdSession.java:106)
      at hudson.plugins.openid.OpenIdSsoSecurityRealm.doFinishLogin(OpenIdSsoSecurityRealm.java:187)
      at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
      at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
      at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
      at java.lang.reflect.Method.invoke(Method.java:597)
      at org.kohsuke.stapler.Function$InstanceFunction.invoke(Function.java:288)
      at org.kohsuke.stapler.Function.bindAndInvoke(Function.java:151)
      at org.kohsuke.stapler.Function.bindAndInvokeAndServeResponse(Function.java:90)
      at org.kohsuke.stapler.MetaClass$1.doDispatch(MetaClass.java:111)
      at org.kohsuke.stapler.NameBasedDispatcher.dispatch(NameBasedDispatcher.java:53)
      at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:573)
      ... 56 more
      Caused by: java.net.MalformedURLException: no protocol: http%3A%2F%2Fjenkins.domain.com%2FsecurityRealm%2FfinishLogin
      at java.net.URL.<init>(URL.java:567)
      at java.net.URL.<init>(URL.java:464)
      at java.net.URL.<init>(URL.java:413)
      at org.openid4java.message.AuthSuccess.validate(AuthSuccess.java:415)
      ... 70 more

          [JENKINS-16612] Openid plugin does not work because of invalid return_to

          This has killed my ability to log into my Jenkins instance, because I assumed that updating to a new build would be safe

          Bryan O'Sullivan added a comment - This has killed my ability to log into my Jenkins instance, because I assumed that updating to a new build would be safe

          This regressed at RPM build number 500, in case that helps to narrow the cause down. I just downgraded to 499 and it's OK again.

          Bryan O'Sullivan added a comment - This regressed at RPM build number 500, in case that helps to narrow the cause down. I just downgraded to 499 and it's OK again.

          It appears to have something to do with parameter decoding, but I'm not sure how this happens. Which OpenID server did you talk to?

          Kohsuke Kawaguchi added a comment - It appears to have something to do with parameter decoding, but I'm not sure how this happens. Which OpenID server did you talk to?

            Unassigned Unassigned
            larsvonk Lars Vonk
            Votes:
            1 Vote for this issue
            Watchers:
            4 Start watching this issue

              Created:
              Updated: