Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-16612

Openid plugin does not work because of invalid return_to

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Open (View Workflow)
    • Priority: Blocker
    • Resolution: Unresolved
    • Component/s: openid-plugin
    • Labels:
      None
    • Environment:
      Ubuntu 10.04 LTS. Jenkins behind apache with HTTPS (only).
    • Similar Issues:

      Description

      When enabling openid plugin in jenkins it fails (both using Google Apps openid and manual config) with the following stacktrace:

      Exception: org.openid4java.message.MessageException: 0x300: Invalid return_to: http%3A%2F%2Fjenkins.domain.com%2FsecurityRealm%2FfinishLogin
      Stacktrace:
      javax.servlet.ServletException: org.openid4java.message.MessageException: 0x300: Invalid return_to: http%3A%2F%2Fjenkins.domain.com%2FsecurityRealm%2FfinishLogin
      at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:615)
      at org.kohsuke.stapler.Stapler.invoke(Stapler.java:658)
      at org.kohsuke.stapler.MetaClass$4.doDispatch(MetaClass.java:203)
      at org.kohsuke.stapler.NameBasedDispatcher.dispatch(NameBasedDispatcher.java:53)
      at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:573)
      at org.kohsuke.stapler.Stapler.invoke(Stapler.java:658)
      at org.kohsuke.stapler.Stapler.invoke(Stapler.java:487)
      at org.kohsuke.stapler.Stapler.service(Stapler.java:164)
      at javax.servlet.http.HttpServlet.service(HttpServlet.java:45)
      at winstone.ServletConfiguration.execute(ServletConfiguration.java:248)
      at winstone.RequestDispatcher.forward(RequestDispatcher.java:333)
      at winstone.RequestDispatcher.doFilter(RequestDispatcher.java:376)
      at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:95)
      at hudson.util.PluginServletFilter.doFilter(PluginServletFilter.java:87)
      at winstone.FilterConfiguration.execute(FilterConfiguration.java:194)
      at winstone.RequestDispatcher.doFilter(RequestDispatcher.java:366)
      at hudson.security.csrf.CrumbFilter.doFilter(CrumbFilter.java:47)
      at winstone.FilterConfiguration.execute(FilterConfiguration.java:194)
      at winstone.RequestDispatcher.doFilter(RequestDispatcher.java:366)
      at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:84)
      at hudson.security.UnwrapSecurityExceptionFilter.doFilter(UnwrapSecurityExceptionFilter.java:51)
      at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
      at org.acegisecurity.ui.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:124)
      at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
      at org.acegisecurity.providers.anonymous.AnonymousProcessingFilter.doFilter(AnonymousProcessingFilter.java:125)
      at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
      at org.acegisecurity.ui.rememberme.RememberMeProcessingFilter.doFilter(RememberMeProcessingFilter.java:135)
      at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
      at org.acegisecurity.ui.AbstractProcessingFilter.doFilter(AbstractProcessingFilter.java:271)
      at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
      at org.acegisecurity.ui.basicauth.BasicProcessingFilter.doFilter(BasicProcessingFilter.java:174)
      at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
      at jenkins.security.ApiTokenFilter.doFilter(ApiTokenFilter.java:63)
      at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
      at org.acegisecurity.context.HttpSessionContextIntegrationFilter.doFilter(HttpSessionContextIntegrationFilter.java:249)
      at hudson.security.HttpSessionContextIntegrationFilter2.doFilter(HttpSessionContextIntegrationFilter2.java:66)
      at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
      at hudson.security.ChainedServletFilter.doFilter(ChainedServletFilter.java:76)
      at hudson.security.HudsonFilter.doFilter(HudsonFilter.java:164)
      at winstone.FilterConfiguration.execute(FilterConfiguration.java:194)
      at winstone.RequestDispatcher.doFilter(RequestDispatcher.java:366)
      at org.kohsuke.stapler.compression.CompressionFilter.doFilter(CompressionFilter.java:50)
      at winstone.FilterConfiguration.execute(FilterConfiguration.java:194)
      at winstone.RequestDispatcher.doFilter(RequestDispatcher.java:366)
      at hudson.util.CharacterEncodingFilter.doFilter(CharacterEncodingFilter.java:81)
      at winstone.FilterConfiguration.execute(FilterConfiguration.java:194)
      at winstone.RequestDispatcher.doFilter(RequestDispatcher.java:366)
      at winstone.RequestDispatcher.forward(RequestDispatcher.java:331)
      at winstone.RequestHandlerThread.processRequest(RequestHandlerThread.java:215)
      at winstone.RequestHandlerThread.run(RequestHandlerThread.java:138)
      at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:441)
      at java.util.concurrent.FutureTask$Sync.innerRun(FutureTask.java:303)
      at java.util.concurrent.FutureTask.run(FutureTask.java:138)
      at winstone.BoundedExecutorService$1.run(BoundedExecutorService.java:77)
      at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886)
      at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908)
      at java.lang.Thread.run(Thread.java:662)
      Caused by: org.openid4java.message.MessageException: 0x300: Invalid return_to: http%3A%2F%2Fjenkins.domain.com%2FsecurityRealm%2FfinishLogin
      at org.openid4java.message.AuthSuccess.validate(AuthSuccess.java:419)
      at org.openid4java.message.AuthSuccess.createAuthSuccess(AuthSuccess.java:117)
      at org.openid4java.consumer.ConsumerManager.verify(ConsumerManager.java:1146)
      at hudson.plugins.openid.OpenIdSession.doFinishLogin(OpenIdSession.java:106)
      at hudson.plugins.openid.OpenIdSsoSecurityRealm.doFinishLogin(OpenIdSsoSecurityRealm.java:187)
      at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
      at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
      at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
      at java.lang.reflect.Method.invoke(Method.java:597)
      at org.kohsuke.stapler.Function$InstanceFunction.invoke(Function.java:288)
      at org.kohsuke.stapler.Function.bindAndInvoke(Function.java:151)
      at org.kohsuke.stapler.Function.bindAndInvokeAndServeResponse(Function.java:90)
      at org.kohsuke.stapler.MetaClass$1.doDispatch(MetaClass.java:111)
      at org.kohsuke.stapler.NameBasedDispatcher.dispatch(NameBasedDispatcher.java:53)
      at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:573)
      ... 56 more
      Caused by: java.net.MalformedURLException: no protocol: http%3A%2F%2Fjenkins.domain.com%2FsecurityRealm%2FfinishLogin
      at java.net.URL.<init>(URL.java:567)
      at java.net.URL.<init>(URL.java:464)
      at java.net.URL.<init>(URL.java:413)
      at org.openid4java.message.AuthSuccess.validate(AuthSuccess.java:415)
      ... 70 more

        Attachments

          Activity

          Hide
          bos Bryan O'Sullivan added a comment -

          This has killed my ability to log into my Jenkins instance, because I assumed that updating to a new build would be safe

          Show
          bos Bryan O'Sullivan added a comment - This has killed my ability to log into my Jenkins instance, because I assumed that updating to a new build would be safe
          Hide
          bos Bryan O'Sullivan added a comment -

          This regressed at RPM build number 500, in case that helps to narrow the cause down. I just downgraded to 499 and it's OK again.

          Show
          bos Bryan O'Sullivan added a comment - This regressed at RPM build number 500, in case that helps to narrow the cause down. I just downgraded to 499 and it's OK again.
          Hide
          kohsuke Kohsuke Kawaguchi added a comment -

          It appears to have something to do with parameter decoding, but I'm not sure how this happens. Which OpenID server did you talk to?

          Show
          kohsuke Kohsuke Kawaguchi added a comment - It appears to have something to do with parameter decoding, but I'm not sure how this happens. Which OpenID server did you talk to?

            People

            Assignee:
            Unassigned Unassigned
            Reporter:
            larsvonk Lars Vonk
            Votes:
            1 Vote for this issue
            Watchers:
            4 Start watching this issue

              Dates

              Created:
              Updated: