Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-55654

infinite redirect loop when auth provider is oidc (after update to 2.160)

    XMLWordPrintable

    Details

    • Similar Issues:
    • Released As:
      1.5

      Description

      hey there,

      we just updated to 2.160 today and had to switch back to a version before because:

      • jenkins was ending up in a redirect loop
      • we use the keycloak plugin (keycloak auth backend)
      • also could recreate the same issue with the oidc-auth-plugin (same)
      • we deleted cookies on the local browser (same)
      • we purged user related sessions in keycloak (same)
      • and tested the same in some virgin incognito browser window. (same)
      • when switching back to 2.159 all works as expected and before

      need some more informations?

      could someone look into this?

        Attachments

          Activity

          herrmannhinz Tobias Herrmann Hinz created issue -
          herrmannhinz Tobias Herrmann Hinz made changes -
          Field Original Value New Value
          Summary infinite redirect loop when auth provider is oidc infinite redirect loop when auth provider is oidc (after update to 2.160)
          oleg_nenashev Oleg Nenashev made changes -
          Labels OAuth jenkins keycloak oidc OAuth jenkins keycloak oidc regression
          Hide
          oleg_nenashev Oleg Nenashev added a comment -
          Show
          oleg_nenashev Oleg Nenashev added a comment - CC Wadeck Follonier Daniel Beck  
          Hide
          jdivy Jack Ivy added a comment -

          We use LTS and when I updated to 2.150.2 we started getting an infinite redirect back and forth between Jenkins and login.microsoft.com when using the Azure AD plugin for authentication.  I had to roll back to 2.150.1.

          Show
          jdivy Jack Ivy added a comment - We use LTS and when I updated to 2.150.2 we started getting an infinite redirect back and forth between Jenkins and login.microsoft.com when using the Azure AD plugin for authentication.  I had to roll back to 2.150.1.
          Hide
          jarosite aleksey savitskiy added a comment -

          The same here with Bitbucket OAuth plugin. After success authentification on bitbucket site system redirects me to securityRealm/finishLogin url, wich which will fail and the loop starts again.
          plugin version 0.8
          jenkins version 2.150.2

          Show
          jarosite aleksey savitskiy added a comment - The same here with Bitbucket OAuth plugin. After success authentification on bitbucket site system redirects me to securityRealm/finishLogin url, wich which will fail and the loop starts again. plugin version 0.8 jenkins version 2.150.2
          herrmannhinz Tobias Herrmann Hinz made changes -
          Priority Critical [ 2 ] Blocker [ 1 ]
          wfollonier Wadeck Follonier made changes -
          Component/s oic-auth-plugin [ 21661 ]
          Component/s core [ 15593 ]
          Hide
          wfollonier Wadeck Follonier added a comment -

          Tobias Herrmann Hinz Please could you test with the PR I proposed: https://github.com/jenkinsci/oic-auth-plugin/pull/56 ?

          Show
          wfollonier Wadeck Follonier added a comment - Tobias Herrmann Hinz Please could you test with the PR I proposed: https://github.com/jenkinsci/oic-auth-plugin/pull/56 ?
          Hide
          wfollonier Wadeck Follonier added a comment -

          Jack Ivy Azure AD seems corrected with version 0.3.2 released on Jan 18.

          Show
          wfollonier Wadeck Follonier added a comment - Jack Ivy Azure AD seems corrected with version 0.3.2 released on Jan 18.
          Hide
          herrmannhinz Tobias Herrmann Hinz added a comment -

          Wadeck Follonier can do. can i pull a build of that PR anywhere? or should i build it on my own?

          Show
          herrmannhinz Tobias Herrmann Hinz added a comment - Wadeck Follonier can do. can i pull a build of that PR anywhere? or should i build it on my own?
          wfollonier Wadeck Follonier made changes -
          Attachment step1_tick_to_ci.gif [ 45748 ]
          wfollonier Wadeck Follonier made changes -
          Attachment step2_ci_to_dl.gif [ 45749 ]
          Hide
          wfollonier Wadeck Follonier added a comment - - edited

          Tobias Herrmann Hinz The CI build provides the built plugin: https://ci.jenkins.io/blue/organizations/jenkins/Plugins%2Foic-auth-plugin/detail/PR-56/1/artifacts

          As a nice think to know (esp. as it's not really user-friendly IMHO), you can find the link of the CI after clicking on the green tick in GitHub view.

          Bonus explanation in gif:

          Show
          wfollonier Wadeck Follonier added a comment - - edited Tobias Herrmann Hinz The CI build provides the built plugin: https://ci.jenkins.io/blue/organizations/jenkins/Plugins%2Foic-auth-plugin/detail/PR-56/1/artifacts As a nice think to know (esp. as it's not really user-friendly IMHO), you can find the link of the CI after clicking on the green tick in GitHub view. Bonus explanation in gif:
          Hide
          herrmannhinz Tobias Herrmann Hinz added a comment -

          i'll give it a try.

          Show
          herrmannhinz Tobias Herrmann Hinz added a comment - i'll give it a try.
          Hide
          herrmannhinz Tobias Herrmann Hinz added a comment -
          Show
          herrmannhinz Tobias Herrmann Hinz added a comment - Wadeck Follonier - on it.
          danielbeck Daniel Beck made changes -
          Labels OAuth jenkins keycloak oidc regression OAuth jenkins keycloak oidc regression security-901
          Hide
          mbischoff Michael Bischoff added a comment -

          the oic-auth-plugin 1.5 with the pull request from Wadeck Follonier has been released, addressing this issue.

           

          see also https://github.com/jenkinsci/oic-auth-plugin/issues/54 and https://github.com/jenkinsci/oic-auth-plugin/pull/56

           

          Show
          mbischoff Michael Bischoff added a comment - the oic-auth-plugin 1.5 with the pull request from Wadeck Follonier has been released, addressing this issue.   see also https://github.com/jenkinsci/oic-auth-plugin/issues/54  and https://github.com/jenkinsci/oic-auth-plugin/pull/56  
          wfollonier Wadeck Follonier made changes -
          Assignee Wadeck Follonier [ wfollonier ]
          wfollonier Wadeck Follonier made changes -
          Resolution Fixed [ 1 ]
          Status Open [ 1 ] Fixed but Unreleased [ 10203 ]
          wfollonier Wadeck Follonier made changes -
          Released As 1.5
          Status Fixed but Unreleased [ 10203 ] Resolved [ 5 ]
          Hide
          wfollonier Wadeck Follonier added a comment -

          Thank you Michael Bischoff for the quick review / release!

          Show
          wfollonier Wadeck Follonier added a comment - Thank you Michael Bischoff for the quick review / release!
          Hide
          herrmannhinz Tobias Herrmann Hinz added a comment - - edited

          a new version of the keycloak plugin has been released as well. it works now. redirect issue has been resolved.

          https://github.com/jenkinsci/keycloak-plugin/releases/tag/keycloak-2.3.0

          Show
          herrmannhinz Tobias Herrmann Hinz added a comment - - edited a new version of the keycloak plugin has been released as well. it works now. redirect issue has been resolved. https://github.com/jenkinsci/keycloak-plugin/releases/tag/keycloak-2.3.0

            People

            Assignee:
            wfollonier Wadeck Follonier
            Reporter:
            herrmannhinz Tobias Herrmann Hinz
            Votes:
            2 Vote for this issue
            Watchers:
            8 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: