Details
-
Type:
Bug
-
Status: Open (View Workflow)
-
Priority:
Major
-
Resolution: Unresolved
-
Component/s: negotiate-sso-plugin
-
Labels:
-
Environment:Jenkins 2.7.4 on Windows Server 2012.
-
Similar Issues:
Description
Running Jenkins as a service using the standard method (i.e. running it directly, not in a container)
ActiveDirectory plugin was/is working fine. I added the "Negotiate SSO Plugin" and it immediately started returning 413 errors to all requests, which indicates that the header is too large (a known problem with Kerberos).
It does this to all calls from IE and Chrome. Checking the documentation for Waffle, there are various methods of increasing the header size - but I can't see how to do so for the version of Jetty that Jenkins is embedded in:
https://community.jalios.com/jcms/jx_73408/en/windows-authentication-waffle-plugin-1-4?cid=jc2_245325
Attachments
Activity
Workaround found: There is an undocumented command-line argument in "winstone" that configures the request header size, I added "--requestHeaderSize=16384" to the Jenkins command-line argument in %JENKINS_HOME%\jenkins.xml and now the 413 error is gone.
I have the same problem with max header size, I use kerberos authentication.
REQUEST :
GET / HTTP/1.1
Host: xxx.domain.local
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Authorization: Negotiate YIIXVQYGKwYBBQUCoIIXSTCCF0WgMDAuBgkqhkiC9xIBAgIGCSqGSIb3EgECAgYKKwYBBAGCNwICHgYKKwYBBAGCNwICCqKCFw8EghcLYIIXBwYJKoZIhvcSAQICAQBughb2MIIW8qADAgEFoQMCAQ6iBwMFACAAAACjghV1YYIVcTCCFW2gAwIBBaEIGwZBVlAuUlWiLjAsoAMCAQKhJTAjGwRIVFRQGxtqZW5raW5zMi5rYXNwZXJza3ktbGFicy5jb22jghUqMIIVJqADAgEXoQMCARSighUYBIIVFGnVnalxppYdW0GQtbpja4Ox4iHTk896H+s5MnO1tn13Ye/jfQVyQyu6j3Lx+RnnRCbJE31tEKgoXSy6Zasi8/vpu4iMlxXYKdenVDSVdImWT7thZY0AqtPRToJ503ps4W2I+rmYxTfnm+Auta6z/JkhdKGBcGT+qQ/Ivy6FgLv/z0fTWnicu1+hrbXlaQpl2OUQI1HvfeAlgW/cswzEQkm9Z+F6O+QPWqZNtsoWifABG8mYnLd2aAIVF8sM38Uhw+m7qFF4Sbna9/zlwO2pl+HsrbVewN1KwkDjbm/tvCPXEuYZ/UH3qEvIXVfETZDo32XtDiIUcMlBp1FARrjQ1DEJeZ3P/cUKA5VnwAWNhGC7qnda/aJY8ZaXi3l5snJ1g3trTcam9dMlLBrecV8myesf61AA+ouwysHB5rX6GNfo0m0zOg9+ak9Qh7f646bBXOpXk99eGiuIfX4mLGGvBvUG7wD6YKHe0ULKaUeHMEUprMgM//M5vPFFpIwVQpP4UpfiH0DveuYMek5VWh0ynn1Oj31hhBxIp06M8CqN2wXthS6AsBYKs+vlj+Mxynmb/AgWgxYkMjTwgzEm8a3F52v8Th3QDDgZTT5sswLRZhi+ktdwG0F5zvQKjC09llRVmJH+ECChW6l00ivcx51vwR64RJ8tANf9/FJ4j1e2vKF+snf7FJoRwpfagbWvias68TQXXd+lyUi8wPDyX9MF81uOUK3PbHFN3nQevEiZvB/CLWepUXWwfgNpuPaw3yefM51tvQ78qte2pS4fi5Hiu92lph8ESdpUaz4GR+809TPWiusjvqeH8m5bx2B7YQ4C1hq4Hf6jj8+ESTQMwsGq47c7AKKpurPbJ/xo+MI9CE7xPgxGKvK1fpowv5eqoPwgCoG9KjZStRwLAOvGomFo73XwOF7OnRBlFmmSEuEQpyx8e+8kRt95QLJvWjC1W9ViHOCbpb5gRV11F1r39nEGm1w+jaIPXM/pgRJjqRVPK6xt4YXaYI/CvLZZp/BRq7X05Cl6ILHC2j9YKhYSQQuuGReNLPKXLstdLULCoam+8C7q3Cp5aCd7Pf2kjBfRoz6WuO2JgLlHTehRY/ccru4vgy+kpGLMkXQCksRrQ5j0FcpMP+qIufzCzs16u5lllIWEjiD9cswkdzxa/eaKHMsBiIa8sfMKrvPB3r+il+ZOsjWGajVJjx1neusD1gVZ9Hp+5Y4EFx51KAADq7cghkHfiCZdetrgUTe2EATcUmnpeeJMEN3+IVcWr4HT5uQdj+YBevGvIAwuLTY042AjI4jVwX82EwfirUDpZ//7y3hIhhG445mqwv/e51nLROwp7CCXs27ozzdolehH30o2zcmKT5bcLPueZpjHcpzUwLsrmkJskrGU3HfFGx7c8R0kpeFw1VdLYnNrbmtE2vDAI2ZWE4fegdMD0oPorqhBxt0H07MQx3rEi0ssuaZvMs0czBORlW+vbCdHmIvGHq+6t13ivKEM8qAddBWO9BwDfNswQ5XPuqx7yCYn/1bGt2FgGFXcAh2ercs+HZ2fz9Z9kds1K5DjT9avrKUeEEyw9oDfnncCn9BIc4SjgaFdx4bBqTwN6YOa8uKK5eXzAJ5HmUr6hSxC+4cbM7cEYhCmoUkRaSB4yw4KNfLxeYBzKX3CMWOxUsGRXYGtuEwBuLuPosKn2mj3QR92mEDlaKx7SdHK5hB94CFBV5M8kp4/RPOTuiiPwdefpiOYc5PJ2nbeSLxEQB2s6zkidUTYFuoC1X1652IYbUM6z4WwOT3tcD2Cpo2Wedst1IKfp1lIY67WDj+ozsLaNJX1A+gnyXiWZfOeK+sbsQH/tDg4bcJLZZR5IAFOWNnZl8FNnEGFDekXftoy4HZDyGzsjW/yaUx02HElvMS2X9rxXZRl7K1oFI5YilMvvu4iTlaMwwLRIurpZo1SOWcCmQIVjYPnzrIiTN/MzgPQBE9F0Nz/QohemVDOMiEl8Yzp+G+cV7ZVik4TjoExcB2F69YpwJ73OFXj5uhnrL0MiB7VrMF5W5gacAE+6S9zbTtfoWmQJgfmp3zgVXefmLZSfv6tuSJM+4x3f07XqP4ROA9S35jU0nMwj4OZIf4sHHlgHgl0iN156mEmtFtrmQcKRQrc795LyMissZy1Z6MHfz8+xG71QUQOHNvTIfqhMDlThBLhi+lVwMAEX0QIdF6ihsUQHsOKKK2hnBsEHs6LnmGF2kic/riEu48F0uQSqBPXYvxIrDoGvGfhJC+vbxzBX6hgwc77ZSXBNCnMy8hFWEOryFsYQnUZVi7Rxi+2iF925r+gV71YKErKVt3jvt1Gyp4kgSv0mnT8bq30Xk9iQoLs4+Grqk8EV88ejuxoN4SRj/TPQRXVI5nvlEfymepfRE8j8glJn+qTHaNTsMjwNALefXvPwvhkO4YyfUqWu5T/f4zTi98ox2RxUQdsLP66k5/VQXW1FaY+a0rredDmNLkh8cUMiyHWsO/x7u9N7EHlFgNiEYR0GgUCD1Qyv3LzkW8CeWGk/eWHE8w2Wq/qVFLVw0NxXvDfImWmk4ZCrvy2qFxkLvsto+IqdlRIwjtc4ovjzwBDxcFzYRkKkGselrbfsOdAPFPqdS3vwGCuwIBeskYrBjxt873vOVv2FtSmbV7e/v29qDAJzDh69xLedB05JEk+DRQ2sfuKhKcC65tG/o8eGLRx4anzOK8gXjxEzUDe5zZQRC5sdJr/QDBaCd+KgZyRdDMknpYzQbcfiksedX8lbYNg/wbSAlq37kJFYzsOX3+yED9FVj5x4gTwyONpV4XXL74jYcw1ojdxl6Pk6jHc5+Zl7fB4ClfgFe92a7BJAvpgxFGMhAQslTYQak1rYMAcNpb2pUfPNavDZswt8CTb8E8ILXPcHPJOXfKiH5vlOkdHGXN8PVQwDpM2G8l7HUSLs78o0R0jXpZ/9TPiFnjkl+8IHYhesuX53mTHa8F+b3aCjrA1t2Y2cwTTWZF0Cs5xnf6ffpsY6JRFYxQCwwmxVjX4cH0mZRFQp4EXuKzDljnFdbvHuSYzN02lTwTDZODS64wMIBz446XmVE5a71DRssgyl7lfDkzzsHsR1j9rFue+0AQwtm/MGOqIj1JDyBJjhSL01C3wlEGLOYfijPBFqVuJnTyMIUBwDu/b5e1B9x4pzMnS2kCLQ9OowuJuVs5+tGGBSV/wU+4kK+zKW3B+Mc0hiRzBY/UzPrphktiIi8qWzuXaW3jW4JVbo3F880f6GpmG5JlFwr0eq15CzV4i/rzvYmFd1DPgLf1Kxqb4xQrW4E4CKIo3FI25JVDIhI19zo0/zvga18qT4x1uT3quGmcCimcfHDowSl52ezH4P8Z/ptcdse8s6Z7eF1O3OG+ceH6tGcXNLIHswRjjiAaWkEHn1vwopkVgsY7t6R0JCXwouh9+S7+F2tJpAoUoQLoE2r9zSI5DJrMwZpRVQXEv6TuyEP41GfU3co15XmKh60F92wl0uaMgmXclAEjmqwB9WNr8tkBdctI27wPRPAmyft580Ft1OpyNfo+xYChvWkcLQWokq61Cs1I3tLpPYb7mD+gtdHht7i90ZXuoKfCKqmGOauj8FZhUZ+1CoR4TSMgNNXzR6/iw7bb07v0c5jwrw08zORrlm6T+Jd1vu+RmsVJhh0UJ6idzfFO/AvQLOCuWsKY6zWHXU4LvFKUapDzAn2WGhgjXqazPQZ0F3LGaZoLYSaVCHhmHk65VHeQAIxPATwmPgyzULtcTmzcu7A3ZXypV2xqTG+wVjsOBuC9uJb/0r7tvMwhhbWV5LhOQa0YcpK7yr3H5iuAWVNrb8huI8J8ALBNwMtLN34i6Q9/SQF1RepIS/SnrDvAWEc+7ony8tPMZl43vCQ2kbNRVyZOZgS4xJVZ4XBcR55FcBe6EXYCWSIRQAU2euiG7iAE1afW7KbyPErIvL4zSE2cK1UdEnVGH6UHjZ/VCgL/RijitcjvnNrBZq+dRC3Q+FC2WHvqarR3mLA4jOi5da7fObhDuHqMAeVLNBMb4134MIOtA8x/y5eCjWyGwvqNzXhgJsut4DsT+vlF3toRFb5u73I39poELismH7VOXJB8fGJO2ZG1bk8Zjhu6mkJzdbEghGZ39k6omD7hA5n4Jsn5QXmofACo/k9pB+THDvibZmDLBB5w6E+WoIthXxB60W8UHEsv5NKQEyl8arprS8cNYZxFCph3rMMTWl4QiWQfw9PTPK0ZUyf398jKzyoINTjnAhRoM4qR8QNQyojIMd9OfSL36zWt0dAkD+IQBisbSaFQw2GxIOZQNxBcXh6z4W/h+EbX5YVJKmLF6VuCfP2NwhVEIJayx5PALpltK91l5Fqdf3kJdvD5GggHRDhjcaDRbC1WK6SvXMDlddTiNcidDOzDE9/woS3SbPngIlN2F3Wtotrd2XiA2uWvVz6qTFyARafwPcS/xg6s5myiTOfVwgvPIdHBVuaShv8FsAwhYvLfE2/ghTp/w406vDs3cajuF/lzBpg+SrVhBP9ZZpjDh7Y44HaGZOX9wtB64fiMubwzgtPWb2gQF13m+X+VpStXcFe2oewV/TwkDtqsMXzh2CZ4Mu+psg5DAc8oqyf3zTDj12xKyrhCodgYenC6QwboQb76104IK7f186s+H8s3dN/pB0xczO4lK02b1NpldOcG1e7LUmFgfOLpvf4rJu+pMX/O7/2TVv11CFX5cPyleP3aZGfCimbZlq5aWHX5IxdBM/OcEFQFRtD4vynYD0N4G/0thlBRNs34RK+cxRnd/SbzH0GoAc015s3E9unnPVriwycq4k/30hHMmz4dyEAbapX19xf3w5Xeg2z9i0N3pnQRwYtJ+NackYw1QEwRPlCQmTl+imGg8/YFCqm8Fr4CLOBsSPB5L+Juhix8fHiISVafcqj/St9qwvfluVLen8oOv1fNQipZuIwWGCI9jE5LUHQbpIO+SJJQbfdfQrHopa6wJC4HOMADLPFIo2/KXb6NmiITj+nXDNGjG7zKIw6k+KhuqZXYDqFaHWK6aghtW50PDg2cFNP81QoV8UYZ1Up2w0kzBHyXNj172UYcEUXIniedMjv2hbv6WPxDnCFPM3GCRUT6jTyHAvS5bs2CNSg6MP+nCYDXqfn9Oq0MtZ/yYlfMEpn8Ha5QjCbBbXPnwQxBVMlyDZNV38+5J80sQxyxwXKFERmh7CJexIURD4HWs40zclj09MJKFSa8jK7NA/Y/ZqW3PFXnoMnAVlV2K8/LXosnsIV9CdjwragraD0AeabafgiX1WhJ7tKvXtUypxbLU1QqaJSTlMYq64BkL4eaGMtTEhqb2ecF/n8FpK1Ptycf/DPtnx/xuCCezwzvxHqdZDNph1ZoHglLRGmCIlE+nWCcG1Tpp8mb4VEsZgs117/rn342tIOBoAT7jh0OtNr0OsYIM4O6PyVk7U/rEjSv42aCMQ79khmwGr06QYKUKVB0PoOlOslW9cdocMOhZZJI5tml0ysfaxReYft/1YlAT6krh2q42aKNQU7mTkNC4hRzhcDBu8OrRUadWpJuJCM4oyfq4ctPqU9Dh6etoP2iH04Uvg5Po3sgt0tvZTqOBbIRFg8Wf272NlJWbPo7ve2/KR0vX1dnBd2fl/vwYmKEmVplaepKx0KFkKiZn6k+OFHQyABp0pnpnFW82use7KpmxfMVMizrV2dgkGaNPWAxpGL9f5o7ZBRaTiYbGBcVoZu+aTFyTCXF9nVtzfKIg1NaPDuntidR8D+IDDBQt+1lbp+T8Q5YFUr3Bpb7IexNBIT10TUTMFgw+EvPoIwvBNUdru9n5ZDMlDDPPD3pIdhZbQGunZkDokQpfsnUHQcbYL7Qj2rcX3R09hIbm+aiayXsbMERi30aL2PHwQxfJKt/OMbyErpUjD2EFABwXvJzj5TWhG0HW2faH1ja+1DfEQSFymGnXZ9xf3YVK25iZIpofDUSlYwM+VIzfX62hj7yuPBT/mnxHQ3VPzJ5ty/MB2RDAHrz/rUPwTifnLKcfo0idfUC9KJPs7mPMHGAVhOP0w9Uz2HlmmIygB1Tlzt3NGzxRcuurYYyMW17V2DuAL+u9u9/fA+9z73/UfyT9EtpExo12cbRtv6MN8aBoqyHEnyK26exV/7hV0N/wMfkhjd5S0OcL6MVBH/b8RhF1II/e0zMyug9hqAu5Ni4HjhCV/k4BwV5LuJezNakaJePLx6EqQub29y13Wq1WSVMunRJ2nNIHCeUSxLJ0g7OIIyKW7321lo5VAnjfvv9CES/7QRUvrCmAjRhTX3PZIAJ5hqNnSpySmBsN50EdB+peKJZKf+I/Kh2JOrlCN9J7zfCKGuiJ9gj8vh30Nd/pjIl5B3qbHrYmAqM4HLlfC8r/Enc9T3oNJKHv8BldGDsKfZuorA4jH1tm4BaJoP/ueA02qegVjKJWk9lIqJ542zJ7vEiyHXxhhfM7IT2ZNzSaOqJGWfP4V+VAXB7PWka9QDDpIqyGMbBx5FX46oMUYFfTblpeMZGBOJR9KxQZ+RRaqpECmDSyBMbmGKnpwVhaRhysACZPTS67zdB9R5PgF2EKI8cTbv9U4PfOwKsU4+DhvGFscbAIZdc7snIoTvUSfRVZlM25ZuTp/xVlGxZApkuX5ot9ni+96Vm2kEbaj8AyWE1loJ3vlir686EWZ6aWG0vSDIOfe2fmpIr8aonuzv5g6rduDag3AzFEdMxxP7vuRKYznz9qTs6Mdvg6xHAwYnWwM4vmE1aIyl845c+V3SKBxvcrRG5hDT386s6dHJJSAwZtFe2wN0fwO4seXv8REngC2WV25sDYOjI9yVmBRovyXD+FqJEazVa2K27rm6Iyc2cBdKcaQps7hQAOFh/cOKiuOZpjmX+RP9+EK13GHeXCPB7JDxA40vUOEl4CBcE3rMRzGug5WpDGFsec6NC6aR56BcXfPHNwfCQJx7EaUnYqHjwcfW3C6ZEZC5AtBiowvziOUNCFpqqCGxxvyRzQfskaynbbxBbVpWknfOfcoiLwigl3/4URFpP+yVMr87yWCSWOcTSqHCSRR28/VJSYgDTNiErde/f+X9+7EU2xgHDLAQ+hj1aapd4t2cwW7TF6/DWmvGQK3BSex8vy/rFfxQUR/w2LRRrpkiuVxu+2Ieh5CcuyR7+jNss3IY34ygQPoC0+d1S/+v+8XkslUT3gLqWpsWI1pIIBYjCCAV6gAwIBF6KCAVUEggFRGgjDUsmUp00oROarjfPYQmyv7TKuOS/pmVgl3l+gXT7+8ToahUPNPxG2HfFoHWvMNoSG8Gmia73WSJr2nAyJ48cH3+olRfyDV+g+/Ck/3yPBNCiC0ViEtQmTD0RuejcZVyacTlaXCMPaQS/VEcXAmwSp04Ar5e3wOw7na3wsP5i1n0s0P85Mf21Zg2TAK32qmw5sQzTbJAx4R9PLyeuZYCieiiP/sP9no4EsDYgDkrzQ0b4soq93zODT52HTXhidKRZ+A1CS4zhtQH5VniTNp+MOwe3IDm2MBVqhClyFlb5rNlSwo2IIiUwT+r6hlqoQwbQwrmu/ePH01GAKxrgMloM7k4Qnp48Alv8vZVXaG9IyotlP4n5Hk73dfrBRsxgdGtkzVZwCtCmJTYEqkh0uzYe++2IYJ4ymI2w4IshmB4ftTmGSf79wi/RxiRmcdnGIMQ==
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.81 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/;q=0.8
DNT: 1
Accept-Encoding: gzip, deflate, sdch, br
Accept-Language: en-US,en;q=0.8,fr;q=0.6
Cookie: _ym_uid=1490111289108394423; _ga=GA1.2.5377519.1489582660
RESPONSE:
HTTP/1.1 413 Request Entity Too Large
Server: nginx/1.10.3
Date: Wed, 03 May 2017 08:09:59 GMT
Content-Length: 0
Connection: keep-alive
Any news on this?
I'll dig into this when I get some time; I may not be able to easily duplicate what you are seeing.