Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-35418

Unauthorized user gets HTTP 500 when member of many groups

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Duplicate
    • Icon: Minor Minor
    • winstone-jetty
    • None
    • Jenkins 1.656 run directly (no container) on Centos 7.2

      Users who are successfully authenticated but not authorized get a HTTP 500 error instead of the expected HTTP 403 "access denied" page.

      The log shows the following error:

      header full: java.lang.RuntimeException: Header>6144

      Our understanding: when a user is authenticated (via the SAML plugin in our environment) but not authorized, Jenkins generates a HTTP response header X-You-Are-In-Group for every group the user is member of. For users who are member of a large number of groups, this exceeds the total header size allowed by Jetty and causes a HTTP 500 error.

      To allow users to see the expected "access denied" page, I suppose there should be some control on these X-You-Are-In-Group headers; or we should be able to set a larger value for ResponseHeaderSize in Jetty's HttpConfig (as is already possible for request header size)

      Thanks in advance

            Unassigned Unassigned
            alexcern Alex Lossent
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Created:
              Updated:
              Resolved: