Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-22505

update to commons-httpclient 4.3.2 (to support OpenID with SNI)

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Open (View Workflow)
    • Priority: Major
    • Resolution: Unresolved
    • Component/s: openid-plugin
    • Labels:
      None
    • Environment:
      Linux amd64
      jre7-openjdk-headless 7.u51_2.4.5-1
    • Similar Issues:

      Description

      Jenkins is configured to authenticate using OpenID.

      The OpenID Server is behind a SSL reverse proxy thats using SNI.

      However, Jenkins is not using SNI when connecting to the URL (verfified by setting apache's SSLStrictSNIVHostCheck to on)

      This leads to the following "Oops!":

      javax.servlet.ServletException: org.openid4java.discovery.DiscoveryException: 0x706: Failed to discover OpenID: https://openid.somedomain.com/
      	at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:778)
      	at org.kohsuke.stapler.Stapler.invoke(Stapler.java:858)
      	at org.kohsuke.stapler.MetaClass$4.doDispatch(MetaClass.java:210)
      	at org.kohsuke.stapler.NameBasedDispatcher.dispatch(NameBasedDispatcher.java:53)
      	at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:728)
      	at org.kohsuke.stapler.Stapler.invoke(Stapler.java:858)
      	at org.kohsuke.stapler.Stapler.invoke(Stapler.java:631)
      	at org.kohsuke.stapler.Stapler.service(Stapler.java:225)
      	at javax.servlet.http.HttpServlet.service(HttpServlet.java:848)
      	at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:686)
      	at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1494)
      	at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:96)
      	at hudson.util.PluginServletFilter.doFilter(PluginServletFilter.java:88)
      	at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1482)
      	at hudson.security.csrf.CrumbFilter.doFilter(CrumbFilter.java:48)
      	at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1482)
      	at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:84)
      	at hudson.security.UnwrapSecurityExceptionFilter.doFilter(UnwrapSecurityExceptionFilter.java:51)
      	at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
      	at jenkins.security.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:117)
      	at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
      	at org.acegisecurity.providers.anonymous.AnonymousProcessingFilter.doFilter(AnonymousProcessingFilter.java:125)
      	at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
      	at org.acegisecurity.ui.rememberme.RememberMeProcessingFilter.doFilter(RememberMeProcessingFilter.java:135)
      	at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
      	at org.acegisecurity.ui.AbstractProcessingFilter.doFilter(AbstractProcessingFilter.java:271)
      	at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
      	at org.acegisecurity.ui.basicauth.BasicProcessingFilter.doFilter(BasicProcessingFilter.java:174)
      	at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
      	at jenkins.security.ApiTokenFilter.doFilter(ApiTokenFilter.java:79)
      	at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
      	at org.acegisecurity.context.HttpSessionContextIntegrationFilter.doFilter(HttpSessionContextIntegrationFilter.java:249)
      	at hudson.security.HttpSessionContextIntegrationFilter2.doFilter(HttpSessionContextIntegrationFilter2.java:67)
      	at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
      	at hudson.security.ChainedServletFilter.doFilter(ChainedServletFilter.java:76)
      	at hudson.security.HudsonFilter.doFilter(HudsonFilter.java:164)
      	at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1482)
      	at org.kohsuke.stapler.compression.CompressionFilter.doFilter(CompressionFilter.java:46)
      	at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1482)
      	at hudson.util.CharacterEncodingFilter.doFilter(CharacterEncodingFilter.java:81)
      	at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1474)
      	at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:499)
      	at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:137)
      	at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:533)
      	at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:231)
      	at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1086)
      	at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:428)
      	at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:193)
      	at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1020)
      	at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:135)
      	at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:116)
      	at org.eclipse.jetty.server.Server.handle(Server.java:370)
      	at org.eclipse.jetty.server.AbstractHttpConnection.handleRequest(AbstractHttpConnection.java:489)
      	at org.eclipse.jetty.server.AbstractHttpConnection.headerComplete(AbstractHttpConnection.java:949)
      	at org.eclipse.jetty.server.AbstractHttpConnection$RequestHandler.headerComplete(AbstractHttpConnection.java:1011)
      	at org.eclipse.jetty.http.HttpParser.parseNext(HttpParser.java:644)
      	at org.eclipse.jetty.http.HttpParser.parseAvailable(HttpParser.java:235)
      	at org.eclipse.jetty.server.AsyncHttpConnection.handle(AsyncHttpConnection.java:82)
      	at org.eclipse.jetty.io.nio.SslConnection.handle(SslConnection.java:196)
      	at org.eclipse.jetty.io.nio.SelectChannelEndPoint.handle(SelectChannelEndPoint.java:668)
      	at org.eclipse.jetty.io.nio.SelectChannelEndPoint$1.run(SelectChannelEndPoint.java:52)
      	at winstone.BoundedExecutorService$1.run(BoundedExecutorService.java:77)
      	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
      	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
      	at java.lang.Thread.run(Thread.java:744)
      Caused by: org.openid4java.discovery.DiscoveryException: 0x706: Failed to discover OpenID: https://openid.somedomain.com/
      	at hudson.plugins.openid.OpenIdSession.<init>(OpenIdSession.java:75)
      	at hudson.plugins.openid.OpenIdSsoSecurityRealm$2.<init>(OpenIdSsoSecurityRealm.java:176)
      	at hudson.plugins.openid.OpenIdSsoSecurityRealm.doCommenceLogin(OpenIdSsoSecurityRealm.java:176)
      	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
      	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
      	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
      	at java.lang.reflect.Method.invoke(Method.java:606)
      	at org.kohsuke.stapler.Function$InstanceFunction.invoke(Function.java:298)
      	at org.kohsuke.stapler.Function.bindAndInvoke(Function.java:161)
      	at org.kohsuke.stapler.Function.bindAndInvokeAndServeResponse(Function.java:96)
      	at org.kohsuke.stapler.MetaClass$1.doDispatch(MetaClass.java:120)
      	at org.kohsuke.stapler.NameBasedDispatcher.dispatch(NameBasedDispatcher.java:53)
      	at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:728)
      	... 64 more
      Caused by: org.openid4java.discovery.yadis.YadisException: 0x706: GET failed on https://openid.somedomain.com/ : 403:HTTP/1.1 403 Forbidden
      	at org.openid4java.discovery.yadis.YadisResolver.retrieveXrdsLocation(YadisResolver.java:371)
      	at org.openid4java.discovery.yadis.YadisResolver.discover(YadisResolver.java:233)
      	at org.openid4java.discovery.yadis.YadisResolver.discover(YadisResolver.java:221)
      	at org.openid4java.discovery.yadis.YadisResolver.discover(YadisResolver.java:179)
      	at org.openid4java.discovery.Discovery.discover(Discovery.java:134)
      	at org.openid4java.discovery.Discovery.discover(Discovery.java:114)
      	at org.openid4java.consumer.ConsumerManager.discover(ConsumerManager.java:527)
      	at hudson.plugins.openid.OpenIdSession.<init>(OpenIdSession.java:72)
      	... 76 more
      

        Attachments

          Activity

          Hide
          flokli Florian Klink added a comment -

          Seems like it comes down to this issue for Apache HttpComponents:
          https://issues.apache.org/jira/browse/HTTPCLIENT-1119

          (which was fixed with Version 4.3.2)

          Could you update the bundled commons-httpclient to version 4.3.2 (or latest 4.3.3), so that SNI works?

          Show
          flokli Florian Klink added a comment - Seems like it comes down to this issue for Apache HttpComponents: https://issues.apache.org/jira/browse/HTTPCLIENT-1119 (which was fixed with Version 4.3.2) Could you update the bundled commons-httpclient to version 4.3.2 (or latest 4.3.3), so that SNI works?

            People

            Assignee:
            kohsuke Kohsuke Kawaguchi
            Reporter:
            flokli Florian Klink
            Votes:
            3 Vote for this issue
            Watchers:
            4 Start watching this issue

              Dates

              Created:
              Updated: