• Icon: Bug Bug
    • Resolution: Fixed
    • Icon: Major Major
    • openid-plugin
    • None
    • Ubuntu 12.04 x86_64
      Google Apps

      The OpenId plugin doesn't work properly when attempting to discover the provider. My specific case is with the Google provider. I confirmed that I could access the URL with Jenkins by testing the Google URL in the proxy settings screen (I have also been downloading plugins, etc). Upon inspection of the code, I noticed that the constructor that calls the discovery method in openid4java never initialized the proxy settings for HttpClient with the HttpClientFactory. This was only occurring in the getManager() method. Here is an example of the log entry.

      Mar 24, 2014 3:37:46 PM org.apache.catalina.core.ApplicationContext log
      SEVERE: Error while serving http://someserver.mydomain.com/jenkins/configureSecurity/configure
      java.lang.reflect.InvocationTargetException
      	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
      	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
      	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
      	at java.lang.reflect.Method.invoke(Method.java:601)
      	at org.kohsuke.stapler.Function$InstanceFunction.invoke(Function.java:298)
      	at org.kohsuke.stapler.Function.bindAndInvoke(Function.java:161)
      	at org.kohsuke.stapler.Function.bindAndInvokeAndServeResponse(Function.java:96)
      	at org.kohsuke.stapler.MetaClass$1.doDispatch(MetaClass.java:120)
      	at org.kohsuke.stapler.NameBasedDispatcher.dispatch(NameBasedDispatcher.java:53)
      	at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:728)
      	at org.kohsuke.stapler.Stapler.invoke(Stapler.java:858)
      	at org.kohsuke.stapler.MetaClass$12.dispatch(MetaClass.java:390)
      	at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:728)
      	at org.kohsuke.stapler.Stapler.invoke(Stapler.java:858)
      	at org.kohsuke.stapler.Stapler.invoke(Stapler.java:631)
      	at org.kohsuke.stapler.Stapler.service(Stapler.java:225)
      	at javax.servlet.http.HttpServlet.service(HttpServlet.java:728)
      	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:305)
      	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
      	at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:96)
      	at hudson.plugins.greenballs.GreenBallFilter.doFilter(GreenBallFilter.java:58)
      	at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:99)
      	at net.bull.javamelody.MonitoringFilter.doFilter(MonitoringFilter.java:203)
      	at net.bull.javamelody.MonitoringFilter.doFilter(MonitoringFilter.java:181)
      	at net.bull.javamelody.PluginMonitoringFilter.doFilter(PluginMonitoringFilter.java:86)
      	at org.jvnet.hudson.plugins.monitoring.HudsonMonitoringFilter.doFilter(HudsonMonitoringFilter.java:90)
      	at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:99)
      	at hudson.util.PluginServletFilter.doFilter(PluginServletFilter.java:88)
      	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243)
      	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
      	at hudson.security.csrf.CrumbFilter.doFilter(CrumbFilter.java:48)
      	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243)
      	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
      	at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:84)
      	at hudson.security.ChainedServletFilter.doFilter(ChainedServletFilter.java:76)
      	at hudson.security.HudsonFilter.doFilter(HudsonFilter.java:164)
      	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243)
      	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
      	at org.kohsuke.stapler.compression.CompressionFilter.doFilter(CompressionFilter.java:46)
      	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243)
      	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
      	at hudson.util.CharacterEncodingFilter.doFilter(CharacterEncodingFilter.java:81)
      	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243)
      	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
      	at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:222)
      	at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:123)
      	at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:472)
      	at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:171)
      	at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:99)
      	at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:936)
      	at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118)
      	at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:407)
      	at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1004)
      	at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:589)
      	at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:312)
      	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
      	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
      	at java.lang.Thread.run(Thread.java:722)
      Caused by: java.lang.RuntimeException: Failed to instantiate class hudson.plugins.openid.GoogleAppSsoSecurityRealm from {"value":"2","stapler-class":"hudson.plugins.openid.GoogleAppSsoSecurityRealm","domain":"mydomain.com"}
      	at hudson.model.Descriptor.newInstance(Descriptor.java:576)
      	at hudson.DescriptorExtensionList.newInstanceFromRadioList(DescriptorExtensionList.java:137)
      	at hudson.DescriptorExtensionList.newInstanceFromRadioList(DescriptorExtensionList.java:141)
      	at hudson.security.GlobalSecurityConfiguration.configure(GlobalSecurityConfiguration.java:95)
      	at hudson.security.GlobalSecurityConfiguration.doConfigure(GlobalSecurityConfiguration.java:79)
      	... 58 more
      Caused by: java.lang.IllegalArgumentException: Failed to instantiate class hudson.plugins.openid.GoogleAppSsoSecurityRealm from {"value":"2","stapler-class":"hudson.plugins.openid.GoogleAppSsoSecurityRealm","domain":"mydomain.com"}
      	at org.kohsuke.stapler.RequestImpl$TypePair.convertJSON(RequestImpl.java:589)
      	at org.kohsuke.stapler.RequestImpl.bindJSON(RequestImpl.java:400)
      	at org.kohsuke.stapler.RequestImpl.bindJSON(RequestImpl.java:396)
      	at hudson.model.Descriptor.newInstance(Descriptor.java:567)
      	... 62 more
      Caused by: java.lang.IllegalArgumentException: org.openid4java.discovery.DiscoveryException: 0x704: Failed to discover XRDS document from https://www.google.com/accounts/o8/site-xrds?hd=mydomain.com
      	at org.kohsuke.stapler.RequestImpl.invokeConstructor(RequestImpl.java:462)
      	at org.kohsuke.stapler.RequestImpl.instantiate(RequestImpl.java:690)
      	at org.kohsuke.stapler.RequestImpl.access$100(RequestImpl.java:81)
      	at org.kohsuke.stapler.RequestImpl$TypePair.convertJSON(RequestImpl.java:587)
      	... 65 more
      Caused by: org.openid4java.discovery.DiscoveryException: 0x704: Failed to discover XRDS document from https://www.google.com/accounts/o8/site-xrds?hd=mydomain.com
      	at hudson.plugins.openid.YadisResolver2.discover(YadisResolver2.java:23)
      	at org.openid4java.discovery.yadis.YadisResolver.discover(YadisResolver.java:221)
      	at org.openid4java.discovery.yadis.YadisResolver.discover(YadisResolver.java:179)
      	at org.openid4java.discovery.Discovery.discover(Discovery.java:134)
      	at org.openid4java.discovery.Discovery.discover(Discovery.java:114)
      	at hudson.plugins.openid.OpenIdSsoSecurityRealm.getDiscoveredEndpoint(OpenIdSsoSecurityRealm.java:122)
      	at hudson.plugins.openid.OpenIdSsoSecurityRealm.<init>(OpenIdSsoSecurityRealm.java:84)
      	at hudson.plugins.openid.GoogleAppSsoSecurityRealm.<init>(GoogleAppSsoSecurityRealm.java:34)
      	at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
      	at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:57)
      	at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
      	at java.lang.reflect.Constructor.newInstance(Constructor.java:525)
      	at org.kohsuke.stapler.RequestImpl.invokeConstructor(RequestImpl.java:447)
      	... 68 more
      Caused by: org.openid4java.discovery.yadis.YadisException: 0x704: I/O transport error: 
      	at org.openid4java.discovery.yadis.YadisResolver.retrieveXrdsLocation(YadisResolver.java:432)
      	at org.openid4java.discovery.yadis.YadisResolver.discover(YadisResolver.java:229)
      	at hudson.plugins.openid.YadisResolver2.discover(YadisResolver2.java:21)
      	... 80 more
      Caused by: org.apache.commons.httpclient.ConnectTimeoutException: The host did not accept the connection within timeout of 3000 ms
      	at org.apache.commons.httpclient.protocol.ReflectionSocketFactory.createSocket(ReflectionSocketFactory.java:155)
      	at org.apache.commons.httpclient.protocol.SSLProtocolSocketFactory.createSocket(SSLProtocolSocketFactory.java:130)
      	at org.apache.commons.httpclient.HttpConnection.open(HttpConnection.java:707)
      	at org.apache.commons.httpclient.MultiThreadedHttpConnectionManager$HttpConnectionAdapter.open(MultiThreadedHttpConnectionManager.java:1361)
      	at org.apache.commons.httpclient.HttpMethodDirector.executeWithRetry(HttpMethodDirector.java:387)
      	at org.apache.commons.httpclient.HttpMethodDirector.executeMethod(HttpMethodDirector.java:171)
      	at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:397)
      	at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:323)
      	at org.openid4java.util.HttpCache.head(HttpCache.java:296)
      	at org.openid4java.discovery.yadis.YadisResolver.retrieveXrdsLocation(YadisResolver.java:360)
      	... 82 more
      Caused by: java.net.SocketTimeoutException: connect timed out
      	at java.net.PlainSocketImpl.socketConnect(Native Method)
      	at java.net.AbstractPlainSocketImpl.doConnect(AbstractPlainSocketImpl.java:339)
      	at java.net.AbstractPlainSocketImpl.connectToAddress(AbstractPlainSocketImpl.java:200)
      	at java.net.AbstractPlainSocketImpl.connect(AbstractPlainSocketImpl.java:182)
      	at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:391)
      	at java.net.Socket.connect(Socket.java:579)
      	at sun.security.ssl.SSLSocketImpl.connect(SSLSocketImpl.java:618)
      	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
      	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
      	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
      	at java.lang.reflect.Method.invoke(Method.java:601)
      	at org.apache.commons.httpclient.protocol.ReflectionSocketFactory.createSocket(ReflectionSocketFactory.java:140)
      	... 91 more
      

          [JENKINS-22368] Discovery fails when Jenkins is behind a proxy

          This may be related to JENKINS-11753.

          Justin Harringa added a comment - This may be related to JENKINS-11753 .

          Code changed in jenkins
          User: Justin Harringa
          Path:
          src/main/java/hudson/plugins/openid/GoogleAppSsoSecurityRealm.java
          src/main/java/hudson/plugins/openid/OpenIdSsoSecurityRealm.java
          src/test/java/hudson/plugins/openid/OpenIdSsoSecurityRealmTest.java
          http://jenkins-ci.org/commit/openid-plugin/ac607f380ce1945cf3d13bc389c1475b49696d8c
          Log:
          [FIXED JENKINS-22368] Discovery fails behind proxy

          This commit addresses the problem described in [FIXED JENKINS-22368] and
          may also correct JENKINS-11753. Proxy settings in openid4java's
          HttpClientFactory will now be initialized when calling the constructor of
          the OpenIdSsoSecurityRealm & GoogleAppSsoSecurityRealm classes in addition
          to the existing call in the commenceLogin process.

          SCM/JIRA link daemon added a comment - Code changed in jenkins User: Justin Harringa Path: src/main/java/hudson/plugins/openid/GoogleAppSsoSecurityRealm.java src/main/java/hudson/plugins/openid/OpenIdSsoSecurityRealm.java src/test/java/hudson/plugins/openid/OpenIdSsoSecurityRealmTest.java http://jenkins-ci.org/commit/openid-plugin/ac607f380ce1945cf3d13bc389c1475b49696d8c Log: [FIXED JENKINS-22368] Discovery fails behind proxy This commit addresses the problem described in [FIXED JENKINS-22368] and may also correct JENKINS-11753 . Proxy settings in openid4java's HttpClientFactory will now be initialized when calling the constructor of the OpenIdSsoSecurityRealm & GoogleAppSsoSecurityRealm classes in addition to the existing call in the commenceLogin process.

          Code changed in jenkins
          User: Stephen Connolly
          Path:
          src/main/java/hudson/plugins/openid/GoogleAppSsoSecurityRealm.java
          src/main/java/hudson/plugins/openid/OpenIdSsoSecurityRealm.java
          src/test/java/hudson/plugins/openid/OpenIdSsoSecurityRealmTest.java
          http://jenkins-ci.org/commit/openid-plugin/e4ff38c938681d34d06242477534678b9e18e0ad
          Log:
          Merge pull request #8 from jenkinsci/JENKINS-22368

          fix test failure

          Compare: https://github.com/jenkinsci/openid-plugin/compare/6e99fb8c90cb...e4ff38c93868

          SCM/JIRA link daemon added a comment - Code changed in jenkins User: Stephen Connolly Path: src/main/java/hudson/plugins/openid/GoogleAppSsoSecurityRealm.java src/main/java/hudson/plugins/openid/OpenIdSsoSecurityRealm.java src/test/java/hudson/plugins/openid/OpenIdSsoSecurityRealmTest.java http://jenkins-ci.org/commit/openid-plugin/e4ff38c938681d34d06242477534678b9e18e0ad Log: Merge pull request #8 from jenkinsci/ JENKINS-22368 fix test failure Compare: https://github.com/jenkinsci/openid-plugin/compare/6e99fb8c90cb...e4ff38c93868

          Daniel Beck added a comment -

          Bot seems to have forgotten to resolve this.

          Daniel Beck added a comment - Bot seems to have forgotten to resolve this.

            kohsuke Kohsuke Kawaguchi
            justinharringa Justin Harringa
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated:
              Resolved: