My environment is behind a corporate forward proxy. There is no direct access to the internet.
With the CASC config split over two different yaml files:
- 01_jenkins.yaml
- 02_saml.yaml
where 01_jenkins.yaml contains the proxy config:
proxy:
name: "proxy.x.y.z"
noProxyHost: |-
localhost
169.254.169.254
port: 8080
and 02_saml.yaml containing a saml security realm:
jenkins:
securityRealm:
saml:
...
idpMetadataConfiguration:
period: 0
url: "${jenkins.test.saml.idp.metadata.url}"
...
Starting Jenkins fails with a "connect timeout" exception because the saml plugin is unable to download the IDP metadata.
The logs (see attached screenshot) show that the proxy is being configured(multiple entries for this) but then subsequently, an IOException is thrown since jenkins cannot download a metadatafile required for the saml plugin.
This seems to be some racing condition where the proxy config is not yet persisted once the saml plugin tries to grab the IDP metadata.
There is no issue with my config or starting Jenkins if I remove the 02_saml.yaml file and use a local Jenkins user in my security realm. In this case there are no errors in the logs and the proxy gets configured as expected.
If I then add 02_saml.yaml and restart Jenkins so that the JCASC configuration get reloaded, everything works as expected.
As a workaround, I now inject a file 'proxy.xml' directly in $JENKINS_HOME before starting Jenkins.