-
Bug
-
Resolution: Fixed
-
Major
-
None
-
Ubuntu 12.04 x86_64
Google Apps
The OpenId plugin doesn't work properly when attempting to discover the provider. My specific case is with the Google provider. I confirmed that I could access the URL with Jenkins by testing the Google URL in the proxy settings screen (I have also been downloading plugins, etc). Upon inspection of the code, I noticed that the constructor that calls the discovery method in openid4java never initialized the proxy settings for HttpClient with the HttpClientFactory. This was only occurring in the getManager() method. Here is an example of the log entry.
Mar 24, 2014 3:37:46 PM org.apache.catalina.core.ApplicationContext log
SEVERE: Error while serving http://someserver.mydomain.com/jenkins/configureSecurity/configure
java.lang.reflect.InvocationTargetException
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:601)
at org.kohsuke.stapler.Function$InstanceFunction.invoke(Function.java:298)
at org.kohsuke.stapler.Function.bindAndInvoke(Function.java:161)
at org.kohsuke.stapler.Function.bindAndInvokeAndServeResponse(Function.java:96)
at org.kohsuke.stapler.MetaClass$1.doDispatch(MetaClass.java:120)
at org.kohsuke.stapler.NameBasedDispatcher.dispatch(NameBasedDispatcher.java:53)
at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:728)
at org.kohsuke.stapler.Stapler.invoke(Stapler.java:858)
at org.kohsuke.stapler.MetaClass$12.dispatch(MetaClass.java:390)
at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:728)
at org.kohsuke.stapler.Stapler.invoke(Stapler.java:858)
at org.kohsuke.stapler.Stapler.invoke(Stapler.java:631)
at org.kohsuke.stapler.Stapler.service(Stapler.java:225)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:728)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:305)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:96)
at hudson.plugins.greenballs.GreenBallFilter.doFilter(GreenBallFilter.java:58)
at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:99)
at net.bull.javamelody.MonitoringFilter.doFilter(MonitoringFilter.java:203)
at net.bull.javamelody.MonitoringFilter.doFilter(MonitoringFilter.java:181)
at net.bull.javamelody.PluginMonitoringFilter.doFilter(PluginMonitoringFilter.java:86)
at org.jvnet.hudson.plugins.monitoring.HudsonMonitoringFilter.doFilter(HudsonMonitoringFilter.java:90)
at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:99)
at hudson.util.PluginServletFilter.doFilter(PluginServletFilter.java:88)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
at hudson.security.csrf.CrumbFilter.doFilter(CrumbFilter.java:48)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:84)
at hudson.security.ChainedServletFilter.doFilter(ChainedServletFilter.java:76)
at hudson.security.HudsonFilter.doFilter(HudsonFilter.java:164)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
at org.kohsuke.stapler.compression.CompressionFilter.doFilter(CompressionFilter.java:46)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
at hudson.util.CharacterEncodingFilter.doFilter(CharacterEncodingFilter.java:81)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:222)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:123)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:472)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:171)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:99)
at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:936)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:407)
at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1004)
at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:589)
at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:312)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
at java.lang.Thread.run(Thread.java:722)
Caused by: java.lang.RuntimeException: Failed to instantiate class hudson.plugins.openid.GoogleAppSsoSecurityRealm from {"value":"2","stapler-class":"hudson.plugins.openid.GoogleAppSsoSecurityRealm","domain":"mydomain.com"}
at hudson.model.Descriptor.newInstance(Descriptor.java:576)
at hudson.DescriptorExtensionList.newInstanceFromRadioList(DescriptorExtensionList.java:137)
at hudson.DescriptorExtensionList.newInstanceFromRadioList(DescriptorExtensionList.java:141)
at hudson.security.GlobalSecurityConfiguration.configure(GlobalSecurityConfiguration.java:95)
at hudson.security.GlobalSecurityConfiguration.doConfigure(GlobalSecurityConfiguration.java:79)
... 58 more
Caused by: java.lang.IllegalArgumentException: Failed to instantiate class hudson.plugins.openid.GoogleAppSsoSecurityRealm from {"value":"2","stapler-class":"hudson.plugins.openid.GoogleAppSsoSecurityRealm","domain":"mydomain.com"}
at org.kohsuke.stapler.RequestImpl$TypePair.convertJSON(RequestImpl.java:589)
at org.kohsuke.stapler.RequestImpl.bindJSON(RequestImpl.java:400)
at org.kohsuke.stapler.RequestImpl.bindJSON(RequestImpl.java:396)
at hudson.model.Descriptor.newInstance(Descriptor.java:567)
... 62 more
Caused by: java.lang.IllegalArgumentException: org.openid4java.discovery.DiscoveryException: 0x704: Failed to discover XRDS document from https://www.google.com/accounts/o8/site-xrds?hd=mydomain.com
at org.kohsuke.stapler.RequestImpl.invokeConstructor(RequestImpl.java:462)
at org.kohsuke.stapler.RequestImpl.instantiate(RequestImpl.java:690)
at org.kohsuke.stapler.RequestImpl.access$100(RequestImpl.java:81)
at org.kohsuke.stapler.RequestImpl$TypePair.convertJSON(RequestImpl.java:587)
... 65 more
Caused by: org.openid4java.discovery.DiscoveryException: 0x704: Failed to discover XRDS document from https://www.google.com/accounts/o8/site-xrds?hd=mydomain.com
at hudson.plugins.openid.YadisResolver2.discover(YadisResolver2.java:23)
at org.openid4java.discovery.yadis.YadisResolver.discover(YadisResolver.java:221)
at org.openid4java.discovery.yadis.YadisResolver.discover(YadisResolver.java:179)
at org.openid4java.discovery.Discovery.discover(Discovery.java:134)
at org.openid4java.discovery.Discovery.discover(Discovery.java:114)
at hudson.plugins.openid.OpenIdSsoSecurityRealm.getDiscoveredEndpoint(OpenIdSsoSecurityRealm.java:122)
at hudson.plugins.openid.OpenIdSsoSecurityRealm.<init>(OpenIdSsoSecurityRealm.java:84)
at hudson.plugins.openid.GoogleAppSsoSecurityRealm.<init>(GoogleAppSsoSecurityRealm.java:34)
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:57)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
at java.lang.reflect.Constructor.newInstance(Constructor.java:525)
at org.kohsuke.stapler.RequestImpl.invokeConstructor(RequestImpl.java:447)
... 68 more
Caused by: org.openid4java.discovery.yadis.YadisException: 0x704: I/O transport error:
at org.openid4java.discovery.yadis.YadisResolver.retrieveXrdsLocation(YadisResolver.java:432)
at org.openid4java.discovery.yadis.YadisResolver.discover(YadisResolver.java:229)
at hudson.plugins.openid.YadisResolver2.discover(YadisResolver2.java:21)
... 80 more
Caused by: org.apache.commons.httpclient.ConnectTimeoutException: The host did not accept the connection within timeout of 3000 ms
at org.apache.commons.httpclient.protocol.ReflectionSocketFactory.createSocket(ReflectionSocketFactory.java:155)
at org.apache.commons.httpclient.protocol.SSLProtocolSocketFactory.createSocket(SSLProtocolSocketFactory.java:130)
at org.apache.commons.httpclient.HttpConnection.open(HttpConnection.java:707)
at org.apache.commons.httpclient.MultiThreadedHttpConnectionManager$HttpConnectionAdapter.open(MultiThreadedHttpConnectionManager.java:1361)
at org.apache.commons.httpclient.HttpMethodDirector.executeWithRetry(HttpMethodDirector.java:387)
at org.apache.commons.httpclient.HttpMethodDirector.executeMethod(HttpMethodDirector.java:171)
at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:397)
at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:323)
at org.openid4java.util.HttpCache.head(HttpCache.java:296)
at org.openid4java.discovery.yadis.YadisResolver.retrieveXrdsLocation(YadisResolver.java:360)
... 82 more
Caused by: java.net.SocketTimeoutException: connect timed out
at java.net.PlainSocketImpl.socketConnect(Native Method)
at java.net.AbstractPlainSocketImpl.doConnect(AbstractPlainSocketImpl.java:339)
at java.net.AbstractPlainSocketImpl.connectToAddress(AbstractPlainSocketImpl.java:200)
at java.net.AbstractPlainSocketImpl.connect(AbstractPlainSocketImpl.java:182)
at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:391)
at java.net.Socket.connect(Socket.java:579)
at sun.security.ssl.SSLSocketImpl.connect(SSLSocketImpl.java:618)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:601)
at org.apache.commons.httpclient.protocol.ReflectionSocketFactory.createSocket(ReflectionSocketFactory.java:140)
... 91 more
- is related to
-
JENKINS-11753 Enable OpenID Plugin behind proxy
-
- Open
-
[JENKINS-22368] Discovery fails when Jenkins is behind a proxy
Code changed in jenkins
User: Justin Harringa
Path:
src/main/java/hudson/plugins/openid/GoogleAppSsoSecurityRealm.java
src/main/java/hudson/plugins/openid/OpenIdSsoSecurityRealm.java
src/test/java/hudson/plugins/openid/OpenIdSsoSecurityRealmTest.java
http://jenkins-ci.org/commit/openid-plugin/ac607f380ce1945cf3d13bc389c1475b49696d8c
Log:
[FIXED JENKINS-22368] Discovery fails behind proxy
This commit addresses the problem described in [FIXED JENKINS-22368] and
may also correct JENKINS-11753. Proxy settings in openid4java's
HttpClientFactory will now be initialized when calling the constructor of
the OpenIdSsoSecurityRealm & GoogleAppSsoSecurityRealm classes in addition
to the existing call in the commenceLogin process.
Code changed in jenkins
User: Stephen Connolly
Path:
src/main/java/hudson/plugins/openid/GoogleAppSsoSecurityRealm.java
src/main/java/hudson/plugins/openid/OpenIdSsoSecurityRealm.java
src/test/java/hudson/plugins/openid/OpenIdSsoSecurityRealmTest.java
http://jenkins-ci.org/commit/openid-plugin/e4ff38c938681d34d06242477534678b9e18e0ad
Log:
Merge pull request #8 from jenkinsci/JENKINS-22368
fix test failure
Compare: https://github.com/jenkinsci/openid-plugin/compare/6e99fb8c90cb...e4ff38c93868
This may be related to JENKINS-11753.