[JENKINS-64952] Enable support for TLS Client Certificate Auth - Jenkins Jira

A created issue - 2021-02-25 04:50

A made changes - 2021-02-25 04:52

Field	Original Value	New Value
Description	Observed: {{Presently, when compared to bitbucket-branch-source, it seems that the atlassian-bitbucket-server-integration may not be utilizing client certificates for authentication when these are installed in the JVM keystore.}} {{As a result, we receive only receive the following type error in Jenkins when the connection is rejected:}} {quote}2021-02-24 00:26:55.340+0000 [id=1880] INFO c.a.b.j.i.h.HttpRequestExecutorImpl#handleError: Bitbucket - did not accept the request{quote} Without this we are unable to utilize this plugin in environments with such security constraints. To reproduce: # Deploy Bitbucket Server with requirement of client certificate auth for HTTP access # Configure jenkins with client certs and configure the JVM with appropriate flags (e.g. javax.net.ssl.keyStore) # Install bitbucket-branch-source plugin and confirm communication with Bitbucket succeeds # Remove bitbucket-branch-source plugin # Install atlassian-server-integration plugin and confirm that connections to Bitbucket are rejected Expected: The plugin should utilize the configured client cert when communicating with Bitbucket OR the plugin should provide a way for the user to configure this functionality. Workaround: None.	Observed: Presently, when compared to {{bitbucket-branch-source plugin}}, it seems that the {{atlassian-bitbucket-server-integration}} plugin may not be utilizing client certificates for authentication when these are installed in the JVM keystore. {{As a result, we receive only receive the following type error in Jenkins when the connection is rejected:}} {quote}2021-02-24 00:26:55.340+0000 [id=1880] INFO c.a.b.j.i.h.HttpRequestExecutorImpl#handleError: Bitbucket - did not accept the request {quote} Without this we are unable to utilize this plugin in environments with such security constraints. To reproduce: # Deploy Bitbucket Server with requirement of client certificate auth for HTTP access # Configure jenkins with client certs and configure the JVM with appropriate flags (e.g. javax.net.ssl.keyStore) # Install bitbucket-branch-source plugin and confirm communication with Bitbucket succeeds # Remove bitbucket-branch-source plugin # Install atlassian-server-integration plugin and confirm that connections to Bitbucket are rejected Expected: The plugin should utilize the configured client cert when communicating with Bitbucket OR the plugin should provide a way for the user to configure this functionality. Workaround: None.

A made changes - 2021-02-25 04:54

Description

Observed:

Presently, when compared to {{bitbucket-branch-source plugin}}, it seems that the {{atlassian-bitbucket-server-integration}} plugin may not be utilizing client certificates for authentication when these are installed in the JVM keystore.

{{As a result, we receive only receive the following type error in Jenkins when the connection is rejected:}}
{quote}2021-02-24 00:26:55.340+0000 [id=1880] INFO c.a.b.j.i.h.HttpRequestExecutorImpl#handleError: Bitbucket - did not accept the request
{quote}
Without this we are unable to utilize this plugin in environments with such security constraints.

To reproduce:
# Deploy Bitbucket Server with requirement of client certificate auth for HTTP access
# Configure jenkins with client certs and configure the JVM with appropriate flags (e.g. javax.net.ssl.keyStore)
# Install bitbucket-branch-source plugin and confirm communication with Bitbucket succeeds
# Remove bitbucket-branch-source plugin
# Install atlassian-server-integration plugin and confirm that connections to Bitbucket are rejected

Expected:

The plugin should utilize the configured client cert when communicating with Bitbucket OR the plugin should provide a way for the user to configure this functionality.

Workaround:

None.

h2. Observed

Presently, when compared to {{bitbucket-branch-source plugin}}, it seems that the {{atlassian-bitbucket-server-integration}} plugin may not be utilizing client certificates for authentication when these are installed in the JVM keystore.

{{As a result, we receive only receive the following type error in Jenkins when the connection is rejected:}}
{quote}2021-02-24 00:26:55.340+0000 [id=1880] INFO c.a.b.j.i.h.HttpRequestExecutorImpl#handleError: Bitbucket - did not accept the request
{quote}
Without this we are unable to utilize this plugin in environments with such security constraints.

h2. Reproduce
# Deploy Bitbucket Server with requirement of client certificate auth for HTTP access
# Configure jenkins with client certs and configure the JVM with appropriate flags (e.g. javax.net.ssl.keyStore)
# Install bitbucket-branch-source plugin and confirm communication with Bitbucket succeeds
# Remove bitbucket-branch-source plugin
# Install atlassian-server-integration plugin and confirm that connections to Bitbucket are rejected

h2. Expected

The plugin should utilize the configured client cert when communicating with Bitbucket OR the plugin should provide a way for the user to configure this functionality.

Workaround:

None.

A made changes - 2021-02-25 04:54

Description

h2. Observed

Presently, when compared to {{bitbucket-branch-source plugin}}, it seems that the {{atlassian-bitbucket-server-integration}} plugin may not be utilizing client certificates for authentication when these are installed in the JVM keystore.

{{As a result, we receive only receive the following type error in Jenkins when the connection is rejected:}}
{quote}2021-02-24 00:26:55.340+0000 [id=1880] INFO c.a.b.j.i.h.HttpRequestExecutorImpl#handleError: Bitbucket - did not accept the request
{quote}
Without this we are unable to utilize this plugin in environments with such security constraints.

h2. Reproduce
# Deploy Bitbucket Server with requirement of client certificate auth for HTTP access
# Configure jenkins with client certs and configure the JVM with appropriate flags (e.g. javax.net.ssl.keyStore)
# Install bitbucket-branch-source plugin and confirm communication with Bitbucket succeeds
# Remove bitbucket-branch-source plugin
# Install atlassian-server-integration plugin and confirm that connections to Bitbucket are rejected

h2. Expected

The plugin should utilize the configured client cert when communicating with Bitbucket OR the plugin should provide a way for the user to configure this functionality.

Workaround:

None.

h2. Observed

Presently, when compared to {{bitbucket-branch-source plugin}}, it seems that the {{atlassian-bitbucket-server-integration}} plugin may not be utilizing client certificates for authentication when these are installed in the JVM keystore.

{{As a result, we receive only receive the following type error in Jenkins when the connection is rejected:}}
{quote}2021-02-24 00:26:55.340+0000 [id=1880] INFO c.a.b.j.i.h.HttpRequestExecutorImpl#handleError: Bitbucket - did not accept the request
{quote}
Without this we are unable to utilize this plugin in environments with such security constraints.

h2. Reproduce
# Deploy Bitbucket Server with requirement of client certificate auth for HTTP access
# Configure jenkins with client certs and configure the JVM with appropriate flags (e.g. javax.net.ssl.keyStore)
# Install bitbucket-branch-source plugin and confirm communication with Bitbucket succeeds
# Remove bitbucket-branch-source plugin
# Install atlassian-server-integration plugin and confirm that connections to Bitbucket are rejected

h2. Expected

The plugin should utilize the configured client cert when communicating with Bitbucket OR the plugin should provide a way for the user to configure this functionality.

h2. Workaround

None.

Martin Henschke made changes - 2021-03-15 02:42

Assignee

Kristy Hughes [ khughes ]

Martin Henschke made changes - 2021-04-26 00:10

Issue Type

Bug [ 1 ]

New Feature [ 2 ]

Jenkins

Enable support for TLS Client Certificate Auth

Details

Description

Observed

Reproduce

Expected

Workaround

Attachments

Activity

People

Dates