-
Improvement
-
Resolution: Fixed
-
Minor
-
None
It's possible to specify both 'Foo' and 'FOO' for assigning permissions to the same user in a case insensitive auth realm and have only one of them be effective.
Matrix Auth should add support for the case sensitivity API added in 1.566 (JENKINS-22247), treating both Foo and FOO equally if using a case insensitive auth realm.
- depends on
-
JENKINS-22247 Provide an extension point to define user id case sensitivity contract
-
- Resolved
-
- is duplicated by
-
JENKINS-29248 uid should be caseinsensitve in Matrix-based security
-
- Resolved
-
-
-
- Resolved
-
-
-
- Closed
-
-
-
- Resolved
-
- links to
[JENKINS-23805] Add support for case insensitive auth realms to matrix auth
Patric Steffen
created issue -
ikedam
made changes -
| Component/s | New: core [ 15593 ] | |
| Component/s | Original: authorize-project [ 18155 ] |
Patric Steffen
added a comment - Okay, thanks... Who can reproduce this issue? Please provide more information.
- What version of Jenkins?
- What authorization strategy (e.g. Role Strategy plugin, Project-based matrix auth), what authentication realm (e.g. Jenkins user database, LDAP, ...) are you using?
- If any of this is provided by a plugin, specify its version.
- Please provide the full, exact configuration (e.g. via screenshot or config xml excerpt) of both authentication realm and authorization strategy.
- Log in as admin user and as beta tester and provide the output of the /whoAmiI web page
| Priority | Original: Blocker [ 1 ] | New: Minor [ 4 ] |
Patric Steffen
added a comment - - ver. 1.572
- Project-based matrix auth, Jenkins user database
Who am I of admin:
Name: ADMIN
IsAuthenticated?: true
Authorities:
"authenticated"
Details: org.acegisecurity.ui.WebAuthenticationDetails@0: RemoteIpAddress: xxx.xxx.xxx.xxx; SessionId: xxxxx
toString: org.acegisecurity.providers.UsernamePasswordAuthenticationToken@450a582b: Username: hudson.security.HudsonPrivateSecurityRealm$Details@78af304f; Password: [PROTECTED]; Authenticated: true; Details: org.acegisecurity.ui.WebAuthenticationDetails@0: RemoteIpAddress: xxx.xxx.xxx.xxx; SessionId: xxxx; Granted Authorities: authenticated
Request Headers
cookie JSESSIONIDxxxxxxxxx; screenResolution=1920x1080
host xxxxxxx
accept text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8
content-length 0
Accept-Language de,en-US;q=0.7,en;q=0.3
connection keep-alive
user-agent Mozilla/5.0 (Windows NT 6.1; WOW64; rv:30.0) Gecko/20100101 Firefox/30.0
Accept-Encoding gzip, deflate
Who am I of beta tester:
Name: BETATESTER
IsAuthenticated?: true
Authorities:
"authenticated"
Details: org.acegisecurity.ui.WebAuthenticationDetails@0: RemoteIpAddress: xxx.xxx.xxx.xxx; SessionId: xxxxx
toString: org.acegisecurity.providers.UsernamePasswordAuthenticationToken@d96656e0: Username: hudson.security.HudsonPrivateSecurityRealm$Details@c781c3b; Password: [PROTECTED]; Authenticated: true; Details: org.acegisecurity.ui.WebAuthenticationDetails@0: RemoteIpAddress: xxx.xxx.xxx.xxx; SessionId: xxxxxx; Granted Authorities: authenticated
Request Headers
cookie JSESSIONIDxxxxx; screenResolution=1440x900
host xxxxx
accept text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8
content-length 0
Accept-Language de,en-US;q=0.7,en;q=0.3
connection keep-alive
user-agent Mozilla/5.0 (Windows NT 6.1; WOW64; rv:30.0) Gecko/20100101 Firefox/30.0
Accept-Encoding gzip, deflate
Patric Steffen
added a comment -
ver. 1.572
Project-based matrix auth, Jenkins user database
Who am I of admin:
Name: ADMIN
IsAuthenticated?: true
Authorities:
"authenticated"
Details: org.acegisecurity.ui.WebAuthenticationDetails@0: RemoteIpAddress: xxx.xxx.xxx.xxx; SessionId: xxxxx
toString: org.acegisecurity.providers.UsernamePasswordAuthenticationToken@450a582b: Username: hudson.security.HudsonPrivateSecurityRealm$Details@78af304f; Password: [PROTECTED] ; Authenticated: true; Details: org.acegisecurity.ui.WebAuthenticationDetails@0: RemoteIpAddress: xxx.xxx.xxx.xxx; SessionId: xxxx; Granted Authorities: authenticated
Request Headers
cookie JSESSIONIDxxxxxxxxx; screenResolution=1920x1080
host xxxxxxx
accept text/html,application/xhtml+xml,application/xml;q=0.9, / ;q=0.8
content-length 0
Accept-Language de,en-US;q=0.7,en;q=0.3
connection keep-alive
user-agent Mozilla/5.0 (Windows NT 6.1; WOW64; rv:30.0) Gecko/20100101 Firefox/30.0
Accept-Encoding gzip, deflate
Who am I of beta tester:
Name: BETATESTER
IsAuthenticated?: true
Authorities:
"authenticated"
Details: org.acegisecurity.ui.WebAuthenticationDetails@0: RemoteIpAddress: xxx.xxx.xxx.xxx; SessionId: xxxxx
toString: org.acegisecurity.providers.UsernamePasswordAuthenticationToken@d96656e0: Username: hudson.security.HudsonPrivateSecurityRealm$Details@c781c3b; Password: [PROTECTED] ; Authenticated: true; Details: org.acegisecurity.ui.WebAuthenticationDetails@0: RemoteIpAddress: xxx.xxx.xxx.xxx; SessionId: xxxxxx; Granted Authorities: authenticated
Request Headers
cookie JSESSIONIDxxxxx; screenResolution=1440x900
host xxxxx
accept text/html,application/xhtml+xml,application/xml;q=0.9, / ;q=0.8
content-length 0
Accept-Language de,en-US;q=0.7,en;q=0.3
connection keep-alive
user-agent Mozilla/5.0 (Windows NT 6.1; WOW64; rv:30.0) Gecko/20100101 Firefox/30.0
Accept-Encoding gzip, deflate Patric Steffen
made changes -
| Attachment | New: global-config.png [ 26408 ] | |
| Attachment | New: project-config.png [ 26409 ] |
Alright, that's a bit less information than I expected due to the removal of user names.
Double-check that the user names are identical. Verify especially user name case (also during login), as 'FOO' may be treated differently from 'foo'.
If you use folders, make sure that the user is granted read access to all parent/ancestor folders.
Note that giving admins per-project privileges is completely useless, Overall/Administer implies all other privileges that exist by default.
It sounds an issue not of authorize-project but of Jenkins core.
Changed the component.