Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-55698

SSO + CRSF causes 403 errors

    XMLWordPrintable

Details

    • 1.5

    Description

      We are running jenkins behind an apache proxy

      Since the latest update, the kerberos sso plugin will cause issues related to the CSRF security policy that is enabled by default.

       

      If we only disable the Kerberos SSO, and log in manually using LDAP credentials, everything works as expected.

      If we only disable the CSRF Protection, and login using SSO, everything works as expected

      (besides a remote API call, that requires CSRF to be enabled)

       

      But when both CSRF and SSO are enabled, the automatic login works perfectly.

      But the moment you try to do a form submit, like starting a job, we will get a 403 - Forbidden error.

      This has been working perfectly for a few years. So a recent update broke this.

      Perhaps the SSO plugin needs an update, related to another recent change in how CSRF is handled ?

      Attachments

        Issue Links

          Activity

            kndx Koen Dierckx created issue -
            olivergondza Oliver Gondža made changes -
            Field Original Value New Value
            Assignee Tomas Westling [ t_westling ] Peter Nordquist [ peter_nordquist ]
            olivergondza Oliver Gondža made changes -
            Resolution Fixed [ 1 ]
            Status Open [ 1 ] Resolved [ 5 ]
            olivergondza Oliver Gondža made changes -
            Released As 1.5
            christianciach Christian Ciach made changes -
            Link This issue is blocked by JENKINS-55974 [ JENKINS-55974 ]
            christianciach Christian Ciach made changes -
            Link This issue is duplicated by JENKINS-55974 [ JENKINS-55974 ]
            christianciach Christian Ciach made changes -
            Link This issue is blocked by JENKINS-55974 [ JENKINS-55974 ]

            People

              peter_nordquist Peter Nordquist
              kndx Koen Dierckx
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: