Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-22368

Discovery fails when Jenkins is behind a proxy

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Resolved (View Workflow)
    • Priority: Major
    • Resolution: Fixed
    • Component/s: openid-plugin
    • Labels:
      None
    • Environment:
      Ubuntu 12.04 x86_64
      Google Apps
    • Similar Issues:

      Description

      The OpenId plugin doesn't work properly when attempting to discover the provider. My specific case is with the Google provider. I confirmed that I could access the URL with Jenkins by testing the Google URL in the proxy settings screen (I have also been downloading plugins, etc). Upon inspection of the code, I noticed that the constructor that calls the discovery method in openid4java never initialized the proxy settings for HttpClient with the HttpClientFactory. This was only occurring in the getManager() method. Here is an example of the log entry.

      Mar 24, 2014 3:37:46 PM org.apache.catalina.core.ApplicationContext log
      SEVERE: Error while serving http://someserver.mydomain.com/jenkins/configureSecurity/configure
      java.lang.reflect.InvocationTargetException
      	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
      	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
      	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
      	at java.lang.reflect.Method.invoke(Method.java:601)
      	at org.kohsuke.stapler.Function$InstanceFunction.invoke(Function.java:298)
      	at org.kohsuke.stapler.Function.bindAndInvoke(Function.java:161)
      	at org.kohsuke.stapler.Function.bindAndInvokeAndServeResponse(Function.java:96)
      	at org.kohsuke.stapler.MetaClass$1.doDispatch(MetaClass.java:120)
      	at org.kohsuke.stapler.NameBasedDispatcher.dispatch(NameBasedDispatcher.java:53)
      	at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:728)
      	at org.kohsuke.stapler.Stapler.invoke(Stapler.java:858)
      	at org.kohsuke.stapler.MetaClass$12.dispatch(MetaClass.java:390)
      	at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:728)
      	at org.kohsuke.stapler.Stapler.invoke(Stapler.java:858)
      	at org.kohsuke.stapler.Stapler.invoke(Stapler.java:631)
      	at org.kohsuke.stapler.Stapler.service(Stapler.java:225)
      	at javax.servlet.http.HttpServlet.service(HttpServlet.java:728)
      	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:305)
      	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
      	at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:96)
      	at hudson.plugins.greenballs.GreenBallFilter.doFilter(GreenBallFilter.java:58)
      	at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:99)
      	at net.bull.javamelody.MonitoringFilter.doFilter(MonitoringFilter.java:203)
      	at net.bull.javamelody.MonitoringFilter.doFilter(MonitoringFilter.java:181)
      	at net.bull.javamelody.PluginMonitoringFilter.doFilter(PluginMonitoringFilter.java:86)
      	at org.jvnet.hudson.plugins.monitoring.HudsonMonitoringFilter.doFilter(HudsonMonitoringFilter.java:90)
      	at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:99)
      	at hudson.util.PluginServletFilter.doFilter(PluginServletFilter.java:88)
      	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243)
      	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
      	at hudson.security.csrf.CrumbFilter.doFilter(CrumbFilter.java:48)
      	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243)
      	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
      	at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:84)
      	at hudson.security.ChainedServletFilter.doFilter(ChainedServletFilter.java:76)
      	at hudson.security.HudsonFilter.doFilter(HudsonFilter.java:164)
      	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243)
      	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
      	at org.kohsuke.stapler.compression.CompressionFilter.doFilter(CompressionFilter.java:46)
      	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243)
      	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
      	at hudson.util.CharacterEncodingFilter.doFilter(CharacterEncodingFilter.java:81)
      	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243)
      	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
      	at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:222)
      	at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:123)
      	at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:472)
      	at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:171)
      	at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:99)
      	at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:936)
      	at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118)
      	at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:407)
      	at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1004)
      	at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:589)
      	at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:312)
      	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
      	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
      	at java.lang.Thread.run(Thread.java:722)
      Caused by: java.lang.RuntimeException: Failed to instantiate class hudson.plugins.openid.GoogleAppSsoSecurityRealm from {"value":"2","stapler-class":"hudson.plugins.openid.GoogleAppSsoSecurityRealm","domain":"mydomain.com"}
      	at hudson.model.Descriptor.newInstance(Descriptor.java:576)
      	at hudson.DescriptorExtensionList.newInstanceFromRadioList(DescriptorExtensionList.java:137)
      	at hudson.DescriptorExtensionList.newInstanceFromRadioList(DescriptorExtensionList.java:141)
      	at hudson.security.GlobalSecurityConfiguration.configure(GlobalSecurityConfiguration.java:95)
      	at hudson.security.GlobalSecurityConfiguration.doConfigure(GlobalSecurityConfiguration.java:79)
      	... 58 more
      Caused by: java.lang.IllegalArgumentException: Failed to instantiate class hudson.plugins.openid.GoogleAppSsoSecurityRealm from {"value":"2","stapler-class":"hudson.plugins.openid.GoogleAppSsoSecurityRealm","domain":"mydomain.com"}
      	at org.kohsuke.stapler.RequestImpl$TypePair.convertJSON(RequestImpl.java:589)
      	at org.kohsuke.stapler.RequestImpl.bindJSON(RequestImpl.java:400)
      	at org.kohsuke.stapler.RequestImpl.bindJSON(RequestImpl.java:396)
      	at hudson.model.Descriptor.newInstance(Descriptor.java:567)
      	... 62 more
      Caused by: java.lang.IllegalArgumentException: org.openid4java.discovery.DiscoveryException: 0x704: Failed to discover XRDS document from https://www.google.com/accounts/o8/site-xrds?hd=mydomain.com
      	at org.kohsuke.stapler.RequestImpl.invokeConstructor(RequestImpl.java:462)
      	at org.kohsuke.stapler.RequestImpl.instantiate(RequestImpl.java:690)
      	at org.kohsuke.stapler.RequestImpl.access$100(RequestImpl.java:81)
      	at org.kohsuke.stapler.RequestImpl$TypePair.convertJSON(RequestImpl.java:587)
      	... 65 more
      Caused by: org.openid4java.discovery.DiscoveryException: 0x704: Failed to discover XRDS document from https://www.google.com/accounts/o8/site-xrds?hd=mydomain.com
      	at hudson.plugins.openid.YadisResolver2.discover(YadisResolver2.java:23)
      	at org.openid4java.discovery.yadis.YadisResolver.discover(YadisResolver.java:221)
      	at org.openid4java.discovery.yadis.YadisResolver.discover(YadisResolver.java:179)
      	at org.openid4java.discovery.Discovery.discover(Discovery.java:134)
      	at org.openid4java.discovery.Discovery.discover(Discovery.java:114)
      	at hudson.plugins.openid.OpenIdSsoSecurityRealm.getDiscoveredEndpoint(OpenIdSsoSecurityRealm.java:122)
      	at hudson.plugins.openid.OpenIdSsoSecurityRealm.<init>(OpenIdSsoSecurityRealm.java:84)
      	at hudson.plugins.openid.GoogleAppSsoSecurityRealm.<init>(GoogleAppSsoSecurityRealm.java:34)
      	at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
      	at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:57)
      	at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
      	at java.lang.reflect.Constructor.newInstance(Constructor.java:525)
      	at org.kohsuke.stapler.RequestImpl.invokeConstructor(RequestImpl.java:447)
      	... 68 more
      Caused by: org.openid4java.discovery.yadis.YadisException: 0x704: I/O transport error: 
      	at org.openid4java.discovery.yadis.YadisResolver.retrieveXrdsLocation(YadisResolver.java:432)
      	at org.openid4java.discovery.yadis.YadisResolver.discover(YadisResolver.java:229)
      	at hudson.plugins.openid.YadisResolver2.discover(YadisResolver2.java:21)
      	... 80 more
      Caused by: org.apache.commons.httpclient.ConnectTimeoutException: The host did not accept the connection within timeout of 3000 ms
      	at org.apache.commons.httpclient.protocol.ReflectionSocketFactory.createSocket(ReflectionSocketFactory.java:155)
      	at org.apache.commons.httpclient.protocol.SSLProtocolSocketFactory.createSocket(SSLProtocolSocketFactory.java:130)
      	at org.apache.commons.httpclient.HttpConnection.open(HttpConnection.java:707)
      	at org.apache.commons.httpclient.MultiThreadedHttpConnectionManager$HttpConnectionAdapter.open(MultiThreadedHttpConnectionManager.java:1361)
      	at org.apache.commons.httpclient.HttpMethodDirector.executeWithRetry(HttpMethodDirector.java:387)
      	at org.apache.commons.httpclient.HttpMethodDirector.executeMethod(HttpMethodDirector.java:171)
      	at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:397)
      	at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:323)
      	at org.openid4java.util.HttpCache.head(HttpCache.java:296)
      	at org.openid4java.discovery.yadis.YadisResolver.retrieveXrdsLocation(YadisResolver.java:360)
      	... 82 more
      Caused by: java.net.SocketTimeoutException: connect timed out
      	at java.net.PlainSocketImpl.socketConnect(Native Method)
      	at java.net.AbstractPlainSocketImpl.doConnect(AbstractPlainSocketImpl.java:339)
      	at java.net.AbstractPlainSocketImpl.connectToAddress(AbstractPlainSocketImpl.java:200)
      	at java.net.AbstractPlainSocketImpl.connect(AbstractPlainSocketImpl.java:182)
      	at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:391)
      	at java.net.Socket.connect(Socket.java:579)
      	at sun.security.ssl.SSLSocketImpl.connect(SSLSocketImpl.java:618)
      	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
      	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
      	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
      	at java.lang.reflect.Method.invoke(Method.java:601)
      	at org.apache.commons.httpclient.protocol.ReflectionSocketFactory.createSocket(ReflectionSocketFactory.java:140)
      	... 91 more
      

        Attachments

          Issue Links

            Activity

            Hide
            justinharringa Justin Harringa added a comment -

            This may be related to JENKINS-11753.

            Show
            justinharringa Justin Harringa added a comment - This may be related to JENKINS-11753 .
            Hide
            scm_issue_link SCM/JIRA link daemon added a comment -

            Code changed in jenkins
            User: Justin Harringa
            Path:
            src/main/java/hudson/plugins/openid/GoogleAppSsoSecurityRealm.java
            src/main/java/hudson/plugins/openid/OpenIdSsoSecurityRealm.java
            src/test/java/hudson/plugins/openid/OpenIdSsoSecurityRealmTest.java
            http://jenkins-ci.org/commit/openid-plugin/ac607f380ce1945cf3d13bc389c1475b49696d8c
            Log:
            [FIXED JENKINS-22368] Discovery fails behind proxy

            This commit addresses the problem described in [FIXED JENKINS-22368] and
            may also correct JENKINS-11753. Proxy settings in openid4java's
            HttpClientFactory will now be initialized when calling the constructor of
            the OpenIdSsoSecurityRealm & GoogleAppSsoSecurityRealm classes in addition
            to the existing call in the commenceLogin process.

            Show
            scm_issue_link SCM/JIRA link daemon added a comment - Code changed in jenkins User: Justin Harringa Path: src/main/java/hudson/plugins/openid/GoogleAppSsoSecurityRealm.java src/main/java/hudson/plugins/openid/OpenIdSsoSecurityRealm.java src/test/java/hudson/plugins/openid/OpenIdSsoSecurityRealmTest.java http://jenkins-ci.org/commit/openid-plugin/ac607f380ce1945cf3d13bc389c1475b49696d8c Log: [FIXED JENKINS-22368] Discovery fails behind proxy This commit addresses the problem described in [FIXED JENKINS-22368] and may also correct JENKINS-11753 . Proxy settings in openid4java's HttpClientFactory will now be initialized when calling the constructor of the OpenIdSsoSecurityRealm & GoogleAppSsoSecurityRealm classes in addition to the existing call in the commenceLogin process.
            Hide
            scm_issue_link SCM/JIRA link daemon added a comment -

            Code changed in jenkins
            User: Stephen Connolly
            Path:
            src/main/java/hudson/plugins/openid/GoogleAppSsoSecurityRealm.java
            src/main/java/hudson/plugins/openid/OpenIdSsoSecurityRealm.java
            src/test/java/hudson/plugins/openid/OpenIdSsoSecurityRealmTest.java
            http://jenkins-ci.org/commit/openid-plugin/e4ff38c938681d34d06242477534678b9e18e0ad
            Log:
            Merge pull request #8 from jenkinsci/JENKINS-22368

            fix test failure

            Compare: https://github.com/jenkinsci/openid-plugin/compare/6e99fb8c90cb...e4ff38c93868

            Show
            scm_issue_link SCM/JIRA link daemon added a comment - Code changed in jenkins User: Stephen Connolly Path: src/main/java/hudson/plugins/openid/GoogleAppSsoSecurityRealm.java src/main/java/hudson/plugins/openid/OpenIdSsoSecurityRealm.java src/test/java/hudson/plugins/openid/OpenIdSsoSecurityRealmTest.java http://jenkins-ci.org/commit/openid-plugin/e4ff38c938681d34d06242477534678b9e18e0ad Log: Merge pull request #8 from jenkinsci/ JENKINS-22368 fix test failure Compare: https://github.com/jenkinsci/openid-plugin/compare/6e99fb8c90cb...e4ff38c93868
            Hide
            danielbeck Daniel Beck added a comment -

            Bot seems to have forgotten to resolve this.

            Show
            danielbeck Daniel Beck added a comment - Bot seems to have forgotten to resolve this.

              People

              Assignee:
              kohsuke Kohsuke Kawaguchi
              Reporter:
              justinharringa Justin Harringa
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: