Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-55654

infinite redirect loop when auth provider is oidc (after update to 2.160)

    XMLWordPrintable

Details

    • 1.5

    Description

      hey there,

      we just updated to 2.160 today and had to switch back to a version before because:

      • jenkins was ending up in a redirect loop
      • we use the keycloak plugin (keycloak auth backend)
      • also could recreate the same issue with the oidc-auth-plugin (same)
      • we deleted cookies on the local browser (same)
      • we purged user related sessions in keycloak (same)
      • and tested the same in some virgin incognito browser window. (same)
      • when switching back to 2.159 all works as expected and before

      need some more informations?

      could someone look into this?

      Attachments

        Activity

          herrmannhinz Tobias Herrmann Hinz created issue -
          herrmannhinz Tobias Herrmann Hinz made changes -
          Field Original Value New Value
          Summary infinite redirect loop when auth provider is oidc infinite redirect loop when auth provider is oidc (after update to 2.160)
          oleg_nenashev Oleg Nenashev made changes -
          Labels OAuth jenkins keycloak oidc OAuth jenkins keycloak oidc regression
          oleg_nenashev Oleg Nenashev added a comment - CC wfollonier danielbeck  
          jdivy Jack Ivy added a comment -

          We use LTS and when I updated to 2.150.2 we started getting an infinite redirect back and forth between Jenkins and login.microsoft.com when using the Azure AD plugin for authentication.  I had to roll back to 2.150.1.

          jdivy Jack Ivy added a comment - We use LTS and when I updated to 2.150.2 we started getting an infinite redirect back and forth between Jenkins and login.microsoft.com when using the Azure AD plugin for authentication.  I had to roll back to 2.150.1.

          The same here with Bitbucket OAuth plugin. After success authentification on bitbucket site system redirects me to securityRealm/finishLogin url, wich which will fail and the loop starts again.
          plugin version 0.8
          jenkins version 2.150.2

          jarosite aleksey savitskiy added a comment - The same here with Bitbucket OAuth plugin. After success authentification on bitbucket site system redirects me to securityRealm/finishLogin url, wich which will fail and the loop starts again. plugin version 0.8 jenkins version 2.150.2
          herrmannhinz Tobias Herrmann Hinz made changes -
          Priority Critical [ 2 ] Blocker [ 1 ]
          wfollonier Wadeck Follonier made changes -
          Component/s oic-auth-plugin [ 21661 ]
          Component/s core [ 15593 ]

          herrmannhinz Please could you test with the PR I proposed: https://github.com/jenkinsci/oic-auth-plugin/pull/56 ?

          wfollonier Wadeck Follonier added a comment - herrmannhinz Please could you test with the PR I proposed: https://github.com/jenkinsci/oic-auth-plugin/pull/56 ?

          jdivy Azure AD seems corrected with version 0.3.2 released on Jan 18.

          wfollonier Wadeck Follonier added a comment - jdivy Azure AD seems corrected with version 0.3.2 released on Jan 18.

          wfollonier can do. can i pull a build of that PR anywhere? or should i build it on my own?

          herrmannhinz Tobias Herrmann Hinz added a comment - wfollonier can do. can i pull a build of that PR anywhere? or should i build it on my own?
          wfollonier Wadeck Follonier made changes -
          Attachment step1_tick_to_ci.gif [ 45748 ]
          wfollonier Wadeck Follonier made changes -
          Attachment step2_ci_to_dl.gif [ 45749 ]
          wfollonier Wadeck Follonier added a comment - - edited

          herrmannhinz The CI build provides the built plugin: https://ci.jenkins.io/blue/organizations/jenkins/Plugins%2Foic-auth-plugin/detail/PR-56/1/artifacts

          As a nice think to know (esp. as it's not really user-friendly IMHO), you can find the link of the CI after clicking on the green tick in GitHub view.

          Bonus explanation in gif:

          wfollonier Wadeck Follonier added a comment - - edited herrmannhinz The CI build provides the built plugin: https://ci.jenkins.io/blue/organizations/jenkins/Plugins%2Foic-auth-plugin/detail/PR-56/1/artifacts As a nice think to know (esp. as it's not really user-friendly IMHO), you can find the link of the CI after clicking on the green tick in GitHub view. Bonus explanation in gif:

          i'll give it a try.

          herrmannhinz Tobias Herrmann Hinz added a comment - i'll give it a try.
          herrmannhinz Tobias Herrmann Hinz added a comment - wfollonier - on it.
          danielbeck Daniel Beck made changes -
          Labels OAuth jenkins keycloak oidc regression OAuth jenkins keycloak oidc regression security-901

          the oic-auth-plugin 1.5 with the pull request from wfollonier has been released, addressing this issue.

           

          see also https://github.com/jenkinsci/oic-auth-plugin/issues/54 and https://github.com/jenkinsci/oic-auth-plugin/pull/56

           

          mbischoff Michael Bischoff added a comment - the oic-auth-plugin 1.5 with the pull request from wfollonier has been released, addressing this issue.   see also https://github.com/jenkinsci/oic-auth-plugin/issues/54  and https://github.com/jenkinsci/oic-auth-plugin/pull/56  
          wfollonier Wadeck Follonier made changes -
          Assignee Wadeck Follonier [ wfollonier ]
          wfollonier Wadeck Follonier made changes -
          Resolution Fixed [ 1 ]
          Status Open [ 1 ] Fixed but Unreleased [ 10203 ]
          wfollonier Wadeck Follonier made changes -
          Released As 1.5
          Status Fixed but Unreleased [ 10203 ] Resolved [ 5 ]

          Thank you mbischoff for the quick review / release!

          wfollonier Wadeck Follonier added a comment - Thank you mbischoff for the quick review / release!
          herrmannhinz Tobias Herrmann Hinz added a comment - - edited

          a new version of the keycloak plugin has been released as well. it works now. redirect issue has been resolved.

          https://github.com/jenkinsci/keycloak-plugin/releases/tag/keycloak-2.3.0

          herrmannhinz Tobias Herrmann Hinz added a comment - - edited a new version of the keycloak plugin has been released as well. it works now. redirect issue has been resolved. https://github.com/jenkinsci/keycloak-plugin/releases/tag/keycloak-2.3.0

          People

            wfollonier Wadeck Follonier
            herrmannhinz Tobias Herrmann Hinz
            Votes:
            2 Vote for this issue
            Watchers:
            8 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: