-
Bug
-
Resolution: Duplicate
-
Minor
-
None
-
Jenkins 1.656 run directly (no container) on Centos 7.2
Users who are successfully authenticated but not authorized get a HTTP 500 error instead of the expected HTTP 403 "access denied" page.
The log shows the following error:
header full: java.lang.RuntimeException: Header>6144
Our understanding: when a user is authenticated (via the SAML plugin in our environment) but not authorized, Jenkins generates a HTTP response header X-You-Are-In-Group for every group the user is member of. For users who are member of a large number of groups, this exceeds the total header size allowed by Jetty and causes a HTTP 500 error.
To allow users to see the expected "access denied" page, I suppose there should be some control on these X-You-Are-In-Group headers; or we should be able to set a larger value for ResponseHeaderSize in Jetty's HttpConfig (as is already possible for request header size)
Thanks in advance
- duplicates
-
JENKINS-39402 Jenkins creates massive HTTP headers that blows up proxies
-
- Resolved
-
[JENKINS-35418] Unauthorized user gets HTTP 500 when member of many groups
Workflow | Original: JNJira [ 171712 ] | New: JNJira + In-Review [ 184425 ] |
Link |
New:
This issue duplicates |
Resolution | New: Duplicate [ 3 ] | |
Status | Original: Open [ 1 ] | New: Closed [ 6 ] |