Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-62200

MF Application Automation Tools plugin: violation of RFC7230

XMLWordPrintable

      The plugin is unable to authenticate inside ALM during "Execute tests using ALM Lab Management" step if ALM server is behind haproxy v2.0 and above.

      The root cause is that the plugin expects Case-Sensitive http headers and by doing that violates RFC7230:
      https://tools.ietf.org/html/rfc7230#section-3.2

      Each header field consists of a case-insensitive field name followed
      by a colon (":"), optional leading whitespace, the field value, and
      optional trailing whitespace.

      And as we see in code, there are many places that violate this:

      For Set-Cookie header:

      For WWW-Authenticate header:

      Maybe there are other places and headers as well.

      We've faced the issue because newer versions of haproxy (2.0+) now use the new http processing mechanism internally (h2) by default. And because of this, all the http headers are now lowercased by default. So haproxy outputs "www-authenticate" instead of the original "WWW-Authenticate" which is perfectly compliant with RFC. But not with the plugin.

      Workaround

      There is a haproxy config option to override this behavior for some headers: https://cbonte.github.io/haproxy-dconv/2.0/configuration.html#3.1-h1-case-adjust. You should use 2 haproxy configuration options in conjunction: "h1-case-adjust" and "option h1-case-adjust-bogus-client".

      We used it and I can prove that this is a valid workaround.

            roy_lu Roy Lu
            fff Fedor Radzievskiy
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated: