Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-44484

Redirect after Kerberos login broken

    XMLWordPrintable

Details

    • Bug
    • Status: Resolved (View Workflow)
    • Minor
    • Resolution: Fixed
    • kerberos-sso-plugin
    • None
    • Jenkins Enterprise 2.46.2.1-rolling
      kerberos-sso-plugin 1.3
      Jenkins Master: RHEL 6.9
      java version "1.8.0_111"
      Apache reverse proxy with context path /jenkins
      Chrome 58
    • 1.5

    Description

      My Jenkins server lives behind a /jenkins context path and reverse proxy through Apache and when the login request finishes it redirects back to an extra /jenkins when it logs in via Kerberos.  This only started after we enabled the kerberos-sso plugin.

      Chrome Dev tools login request/response:

      1. Request URL:
        https://<host>/jenkins/login?from=%2Fjenkins%2F

      2. Request Method:
        GET

      3. Status Code:
        302 Found

      4. Response Location:
        https://<host>/jenkins/jenkins/

      If I then navigate back to the proper location, I've been successfully logged in.

      Attachments

        Activity

          I worked around this by using the 1.2 version of the kerberos-sso-plugin but I've realized it isn't completely working since it logs me in and redirects to the context root.  This means if Jenkins drops my session when I'm looking at a subfolder, if I refresh the page it redirects that page back to the context root.  I'm guessing that was what was fixed in 1.3 but for some reason it doesn't work with the context path or maybe the reverse proxy.  I am running Jenkins with '--prefix=/jenkins' and maybe just setting a prefix would be sufficient to reproduce the bug.

          peter_nordquist Peter Nordquist added a comment - I worked around this by using the 1.2 version of the kerberos-sso-plugin but I've realized it isn't completely working since it logs me in and redirects to the context root.  This means if Jenkins drops my session when I'm looking at a subfolder, if I refresh the page it redirects that page back to the context root.  I'm guessing that was what was fixed in 1.3 but for some reason it doesn't work with the context path or maybe the reverse proxy.  I am running Jenkins with '--prefix=/jenkins' and maybe just setting a prefix would be sufficient to reproduce the bug.
          damienfinck67 Damien Finck added a comment -

          I have the same issue.

          I use the 1.4 version of the kerberos-sso-plugin on a Tomcat with a URL like "http://my-virtual-machine/jenkins/". Every new session, I am redirect to "http://my-virtual-machine/jenkins/jenkins/".

          I think that the bug is in the KerberosSSOFilter.java file, function getRedirectTarget(). This function works well with a Jenkins on a full qualified domain name, but not if it is a context path.

          damienfinck67 Damien Finck added a comment - I have the same issue. I use the 1.4 version of the kerberos-sso-plugin on a Tomcat with a URL like "http://my-virtual-machine/jenkins/". Every new session, I am redirect to "http://my-virtual-machine/jenkins/jenkins/". I think that the bug is in the KerberosSSOFilter.java file, function getRedirectTarget(). This function works well with a Jenkins on a full qualified domain name, but not if it is a context path.

          Fixed in https://github.com/jenkinsci/kerberos-sso-plugin/pull/10.  This fix was released in 1.5.

          peter_nordquist Peter Nordquist added a comment - Fixed in https://github.com/jenkinsci/kerberos-sso-plugin/pull/10 .  This fix was released in 1.5.

          People

            peter_nordquist Peter Nordquist
            peter_nordquist Peter Nordquist
            Votes:
            1 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: