Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-64952

Enable support for TLS Client Certificate Auth

    XMLWordPrintable

    Details

    • Type: New Feature
    • Status: Open (View Workflow)
    • Priority: Major
    • Resolution: Unresolved
    • Labels:
    • Environment:
    • Similar Issues:

      Description

      Observed

      Presently, when compared to bitbucket-branch-source plugin, it seems that the atlassian-bitbucket-server-integration plugin may not be utilizing client certificates for authentication when these are installed in the JVM keystore.

       

      As a result, we receive only receive the following type error in Jenkins when the connection is rejected:

      2021-02-24 00:26:55.340+0000 [id=1880] INFO c.a.b.j.i.h.HttpRequestExecutorImpl#handleError: Bitbucket - did not accept the request

      Without this we are unable to utilize this plugin in environments with such security constraints.

       

      Reproduce

      1. Deploy Bitbucket Server with requirement of client certificate auth for HTTP access
      2. Configure jenkins with client certs and configure the JVM with appropriate flags (e.g. javax.net.ssl.keyStore)
      3. Install bitbucket-branch-source plugin and confirm communication with Bitbucket succeeds
      4. Remove bitbucket-branch-source plugin
      5. Install atlassian-server-integration plugin and confirm that connections to Bitbucket are rejected

       

      Expected

      The plugin should utilize the configured client cert when communicating with Bitbucket OR the plugin should provide a way for the user to configure this functionality. 

       

      Workaround

      None. 

        Attachments

          Activity

          Hide
          mhenschke_atlassian Martin Henschke added a comment -

          Hi A, thanks for the report.
          As of right now, the plugin does not have any support for client certs, so I am relabelling this issue as a feature rather than a bug for the purpose of how the work is assigned.
          Thanks,
          Martin

          Show
          mhenschke_atlassian Martin Henschke added a comment - Hi A, thanks for the report. As of right now, the plugin does not have any support for client certs, so I am relabelling this issue as a feature rather than a bug for the purpose of how the work is assigned. Thanks, Martin

            People

            Assignee:
            Unassigned Unassigned
            Reporter:
            elepantz A
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Dates

              Created:
              Updated: