-
New Feature
-
Resolution: Unresolved
-
Major
-
Jenkins: 2.249.2
bitbucket-branch-source: 2.9.7
atlassian-bitbucket-server-integration: 2.1.3
Bitbucket Server: 7.8.1
Defined JVM flags:
- javax.net.ssl.keyStore
- javax.net.ssl.keyStorePassword
- javax.net.ssl.keyStoreType: pkcs12
- javax.net.ssl.trustStore
- javax.net.ssl.trustStorePassword
- javax.net.ssl.trustStoreType jksJenkins: 2.249.2 bitbucket-branch-source: 2.9.7 atlassian-bitbucket-server-integration: 2.1.3 Bitbucket Server: 7.8.1 Defined JVM flags: - javax.net.ssl.keyStore - javax.net.ssl.keyStorePassword - javax.net.ssl.keyStoreType: pkcs12 - javax.net.ssl.trustStore - javax.net.ssl.trustStorePassword - javax.net.ssl.trustStoreType jks
Observed
Presently, when compared to bitbucket-branch-source plugin, it seems that the atlassian-bitbucket-server-integration plugin may not be utilizing client certificates for authentication when these are installed in the JVM keystore.
As a result, we receive only receive the following type error in Jenkins when the connection is rejected:
2021-02-24 00:26:55.340+0000 [id=1880] INFO c.a.b.j.i.h.HttpRequestExecutorImpl#handleError: Bitbucket - did not accept the request
Without this we are unable to utilize this plugin in environments with such security constraints.
Reproduce
- Deploy Bitbucket Server with requirement of client certificate auth for HTTP access
- Configure jenkins with client certs and configure the JVM with appropriate flags (e.g. javax.net.ssl.keyStore)
- Install bitbucket-branch-source plugin and confirm communication with Bitbucket succeeds
- Remove bitbucket-branch-source plugin
- Install atlassian-server-integration plugin and confirm that connections to Bitbucket are rejected
Expected
The plugin should utilize the configured client cert when communicating with Bitbucket OR the plugin should provide a way for the user to configure this functionality.
Workaround
None.
[JENKINS-64952] Enable support for TLS Client Certificate Auth
| Description |
Original:
Observed:
{{Presently, when compared to bitbucket-branch-source, it seems that the atlassian-bitbucket-server-integration may not be utilizing client certificates for authentication when these are installed in the JVM keystore.}} {{As a result, we receive only receive the following type error in Jenkins when the connection is rejected:}} {quote}2021-02-24 00:26:55.340+0000 [id=1880] INFO c.a.b.j.i.h.HttpRequestExecutorImpl#handleError: Bitbucket - did not accept the request{quote} Without this we are unable to utilize this plugin in environments with such security constraints. To reproduce: # Deploy Bitbucket Server with requirement of client certificate auth for HTTP access # Configure jenkins with client certs and configure the JVM with appropriate flags (e.g. javax.net.ssl.keyStore) # Install bitbucket-branch-source plugin and confirm communication with Bitbucket succeeds # Remove bitbucket-branch-source plugin # Install atlassian-server-integration plugin and confirm that connections to Bitbucket are rejected Expected: The plugin should utilize the configured client cert when communicating with Bitbucket OR the plugin should provide a way for the user to configure this functionality. Workaround: None. |
New:
Observed:
Presently, when compared to {{bitbucket-branch-source plugin}}, it seems that the {{atlassian-bitbucket-server-integration}} plugin may not be utilizing client certificates for authentication when these are installed in the JVM keystore. {{As a result, we receive only receive the following type error in Jenkins when the connection is rejected:}} {quote}2021-02-24 00:26:55.340+0000 [id=1880] INFO c.a.b.j.i.h.HttpRequestExecutorImpl#handleError: Bitbucket - did not accept the request {quote} Without this we are unable to utilize this plugin in environments with such security constraints. To reproduce: # Deploy Bitbucket Server with requirement of client certificate auth for HTTP access # Configure jenkins with client certs and configure the JVM with appropriate flags (e.g. javax.net.ssl.keyStore) # Install bitbucket-branch-source plugin and confirm communication with Bitbucket succeeds # Remove bitbucket-branch-source plugin # Install atlassian-server-integration plugin and confirm that connections to Bitbucket are rejected Expected: The plugin should utilize the configured client cert when communicating with Bitbucket OR the plugin should provide a way for the user to configure this functionality. Workaround: None. |
| Description |
Original:
Observed:
Presently, when compared to {{bitbucket-branch-source plugin}}, it seems that the {{atlassian-bitbucket-server-integration}} plugin may not be utilizing client certificates for authentication when these are installed in the JVM keystore. {{As a result, we receive only receive the following type error in Jenkins when the connection is rejected:}} {quote}2021-02-24 00:26:55.340+0000 [id=1880] INFO c.a.b.j.i.h.HttpRequestExecutorImpl#handleError: Bitbucket - did not accept the request {quote} Without this we are unable to utilize this plugin in environments with such security constraints. To reproduce: # Deploy Bitbucket Server with requirement of client certificate auth for HTTP access # Configure jenkins with client certs and configure the JVM with appropriate flags (e.g. javax.net.ssl.keyStore) # Install bitbucket-branch-source plugin and confirm communication with Bitbucket succeeds # Remove bitbucket-branch-source plugin # Install atlassian-server-integration plugin and confirm that connections to Bitbucket are rejected Expected: The plugin should utilize the configured client cert when communicating with Bitbucket OR the plugin should provide a way for the user to configure this functionality. Workaround: None. |
New:
h2. Observed
Presently, when compared to {{bitbucket-branch-source plugin}}, it seems that the {{atlassian-bitbucket-server-integration}} plugin may not be utilizing client certificates for authentication when these are installed in the JVM keystore. {{As a result, we receive only receive the following type error in Jenkins when the connection is rejected:}} {quote}2021-02-24 00:26:55.340+0000 [id=1880] INFO c.a.b.j.i.h.HttpRequestExecutorImpl#handleError: Bitbucket - did not accept the request {quote} Without this we are unable to utilize this plugin in environments with such security constraints. h2. Reproduce # Deploy Bitbucket Server with requirement of client certificate auth for HTTP access # Configure jenkins with client certs and configure the JVM with appropriate flags (e.g. javax.net.ssl.keyStore) # Install bitbucket-branch-source plugin and confirm communication with Bitbucket succeeds # Remove bitbucket-branch-source plugin # Install atlassian-server-integration plugin and confirm that connections to Bitbucket are rejected h2. Expected The plugin should utilize the configured client cert when communicating with Bitbucket OR the plugin should provide a way for the user to configure this functionality. Workaround: None. |
| Description |
Original:
h2. Observed
Presently, when compared to {{bitbucket-branch-source plugin}}, it seems that the {{atlassian-bitbucket-server-integration}} plugin may not be utilizing client certificates for authentication when these are installed in the JVM keystore. {{As a result, we receive only receive the following type error in Jenkins when the connection is rejected:}} {quote}2021-02-24 00:26:55.340+0000 [id=1880] INFO c.a.b.j.i.h.HttpRequestExecutorImpl#handleError: Bitbucket - did not accept the request {quote} Without this we are unable to utilize this plugin in environments with such security constraints. h2. Reproduce # Deploy Bitbucket Server with requirement of client certificate auth for HTTP access # Configure jenkins with client certs and configure the JVM with appropriate flags (e.g. javax.net.ssl.keyStore) # Install bitbucket-branch-source plugin and confirm communication with Bitbucket succeeds # Remove bitbucket-branch-source plugin # Install atlassian-server-integration plugin and confirm that connections to Bitbucket are rejected h2. Expected The plugin should utilize the configured client cert when communicating with Bitbucket OR the plugin should provide a way for the user to configure this functionality. Workaround: None. |
New:
h2. Observed
Presently, when compared to {{bitbucket-branch-source plugin}}, it seems that the {{atlassian-bitbucket-server-integration}} plugin may not be utilizing client certificates for authentication when these are installed in the JVM keystore. {{As a result, we receive only receive the following type error in Jenkins when the connection is rejected:}} {quote}2021-02-24 00:26:55.340+0000 [id=1880] INFO c.a.b.j.i.h.HttpRequestExecutorImpl#handleError: Bitbucket - did not accept the request {quote} Without this we are unable to utilize this plugin in environments with such security constraints. h2. Reproduce # Deploy Bitbucket Server with requirement of client certificate auth for HTTP access # Configure jenkins with client certs and configure the JVM with appropriate flags (e.g. javax.net.ssl.keyStore) # Install bitbucket-branch-source plugin and confirm communication with Bitbucket succeeds # Remove bitbucket-branch-source plugin # Install atlassian-server-integration plugin and confirm that connections to Bitbucket are rejected h2. Expected The plugin should utilize the configured client cert when communicating with Bitbucket OR the plugin should provide a way for the user to configure this functionality. h2. Workaround None. |
| Assignee | Original: Kristy Hughes [ khughes ] |
| Issue Type | Original: Bug [ 1 ] | New: New Feature [ 2 ] |