Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-64952

Enable support for TLS Client Certificate Auth

    XMLWordPrintable

    Details

    • Type: New Feature
    • Status: Open (View Workflow)
    • Priority: Major
    • Resolution: Unresolved
    • Labels:
    • Environment:
    • Similar Issues:

      Description

      Observed

      Presently, when compared to bitbucket-branch-source plugin, it seems that the atlassian-bitbucket-server-integration plugin may not be utilizing client certificates for authentication when these are installed in the JVM keystore.

       

      As a result, we receive only receive the following type error in Jenkins when the connection is rejected:

      2021-02-24 00:26:55.340+0000 [id=1880] INFO c.a.b.j.i.h.HttpRequestExecutorImpl#handleError: Bitbucket - did not accept the request

      Without this we are unable to utilize this plugin in environments with such security constraints.

       

      Reproduce

      1. Deploy Bitbucket Server with requirement of client certificate auth for HTTP access
      2. Configure jenkins with client certs and configure the JVM with appropriate flags (e.g. javax.net.ssl.keyStore)
      3. Install bitbucket-branch-source plugin and confirm communication with Bitbucket succeeds
      4. Remove bitbucket-branch-source plugin
      5. Install atlassian-server-integration plugin and confirm that connections to Bitbucket are rejected

       

      Expected

      The plugin should utilize the configured client cert when communicating with Bitbucket OR the plugin should provide a way for the user to configure this functionality. 

       

      Workaround

      None. 

        Attachments

          Activity

          elepantz A created issue -
          elepantz A made changes -
          Field Original Value New Value
          Description Observed:

          {{Presently, when compared to bitbucket-branch-source, it seems that the atlassian-bitbucket-server-integration may not be utilizing client certificates for authentication when these are installed in the JVM keystore.}}

           

          {{As a result, we receive only receive the following type error in Jenkins when the connection is rejected:}}
          {quote}2021-02-24 00:26:55.340+0000 [id=1880] INFO c.a.b.j.i.h.HttpRequestExecutorImpl#handleError: Bitbucket - did not accept the request{quote}
          Without this we are unable to utilize this plugin in environments with such security constraints.

           

          To reproduce:
           # Deploy Bitbucket Server with requirement of client certificate auth for HTTP access
           # Configure jenkins with client certs and configure the JVM with appropriate flags (e.g. javax.net.ssl.keyStore)
           # Install bitbucket-branch-source plugin and confirm communication with Bitbucket succeeds
           # Remove bitbucket-branch-source plugin
           # Install atlassian-server-integration plugin and confirm that connections to Bitbucket are rejected

           

          Expected:

          The plugin should utilize the configured client cert when communicating with Bitbucket OR the plugin should provide a way for the user to configure this functionality. 

           

          Workaround:

          None. 
          Observed:

          Presently, when compared to {{bitbucket-branch-source plugin}}, it seems that the {{atlassian-bitbucket-server-integration}} plugin may not be utilizing client certificates for authentication when these are installed in the JVM keystore.

           

          {{As a result, we receive only receive the following type error in Jenkins when the connection is rejected:}}
          {quote}2021-02-24 00:26:55.340+0000 [id=1880] INFO c.a.b.j.i.h.HttpRequestExecutorImpl#handleError: Bitbucket - did not accept the request
          {quote}
          Without this we are unable to utilize this plugin in environments with such security constraints.

           

          To reproduce:
           # Deploy Bitbucket Server with requirement of client certificate auth for HTTP access
           # Configure jenkins with client certs and configure the JVM with appropriate flags (e.g. javax.net.ssl.keyStore)
           # Install bitbucket-branch-source plugin and confirm communication with Bitbucket succeeds
           # Remove bitbucket-branch-source plugin
           # Install atlassian-server-integration plugin and confirm that connections to Bitbucket are rejected

           

          Expected:

          The plugin should utilize the configured client cert when communicating with Bitbucket OR the plugin should provide a way for the user to configure this functionality. 

           

          Workaround:

          None. 
          elepantz A made changes -
          Description Observed:

          Presently, when compared to {{bitbucket-branch-source plugin}}, it seems that the {{atlassian-bitbucket-server-integration}} plugin may not be utilizing client certificates for authentication when these are installed in the JVM keystore.

           

          {{As a result, we receive only receive the following type error in Jenkins when the connection is rejected:}}
          {quote}2021-02-24 00:26:55.340+0000 [id=1880] INFO c.a.b.j.i.h.HttpRequestExecutorImpl#handleError: Bitbucket - did not accept the request
          {quote}
          Without this we are unable to utilize this plugin in environments with such security constraints.

           

          To reproduce:
           # Deploy Bitbucket Server with requirement of client certificate auth for HTTP access
           # Configure jenkins with client certs and configure the JVM with appropriate flags (e.g. javax.net.ssl.keyStore)
           # Install bitbucket-branch-source plugin and confirm communication with Bitbucket succeeds
           # Remove bitbucket-branch-source plugin
           # Install atlassian-server-integration plugin and confirm that connections to Bitbucket are rejected

           

          Expected:

          The plugin should utilize the configured client cert when communicating with Bitbucket OR the plugin should provide a way for the user to configure this functionality. 

           

          Workaround:

          None. 
          h2. Observed

          Presently, when compared to {{bitbucket-branch-source plugin}}, it seems that the {{atlassian-bitbucket-server-integration}} plugin may not be utilizing client certificates for authentication when these are installed in the JVM keystore.

           

          {{As a result, we receive only receive the following type error in Jenkins when the connection is rejected:}}
          {quote}2021-02-24 00:26:55.340+0000 [id=1880] INFO c.a.b.j.i.h.HttpRequestExecutorImpl#handleError: Bitbucket - did not accept the request
          {quote}
          Without this we are unable to utilize this plugin in environments with such security constraints.

           
          h2. Reproduce
           # Deploy Bitbucket Server with requirement of client certificate auth for HTTP access
           # Configure jenkins with client certs and configure the JVM with appropriate flags (e.g. javax.net.ssl.keyStore)
           # Install bitbucket-branch-source plugin and confirm communication with Bitbucket succeeds
           # Remove bitbucket-branch-source plugin
           # Install atlassian-server-integration plugin and confirm that connections to Bitbucket are rejected

           
          h2. Expected

          The plugin should utilize the configured client cert when communicating with Bitbucket OR the plugin should provide a way for the user to configure this functionality. 

           

          Workaround:

          None. 
          elepantz A made changes -
          Description h2. Observed

          Presently, when compared to {{bitbucket-branch-source plugin}}, it seems that the {{atlassian-bitbucket-server-integration}} plugin may not be utilizing client certificates for authentication when these are installed in the JVM keystore.

           

          {{As a result, we receive only receive the following type error in Jenkins when the connection is rejected:}}
          {quote}2021-02-24 00:26:55.340+0000 [id=1880] INFO c.a.b.j.i.h.HttpRequestExecutorImpl#handleError: Bitbucket - did not accept the request
          {quote}
          Without this we are unable to utilize this plugin in environments with such security constraints.

           
          h2. Reproduce
           # Deploy Bitbucket Server with requirement of client certificate auth for HTTP access
           # Configure jenkins with client certs and configure the JVM with appropriate flags (e.g. javax.net.ssl.keyStore)
           # Install bitbucket-branch-source plugin and confirm communication with Bitbucket succeeds
           # Remove bitbucket-branch-source plugin
           # Install atlassian-server-integration plugin and confirm that connections to Bitbucket are rejected

           
          h2. Expected

          The plugin should utilize the configured client cert when communicating with Bitbucket OR the plugin should provide a way for the user to configure this functionality. 

           

          Workaround:

          None. 
          h2. Observed

          Presently, when compared to {{bitbucket-branch-source plugin}}, it seems that the {{atlassian-bitbucket-server-integration}} plugin may not be utilizing client certificates for authentication when these are installed in the JVM keystore.

           

          {{As a result, we receive only receive the following type error in Jenkins when the connection is rejected:}}
          {quote}2021-02-24 00:26:55.340+0000 [id=1880] INFO c.a.b.j.i.h.HttpRequestExecutorImpl#handleError: Bitbucket - did not accept the request
          {quote}
          Without this we are unable to utilize this plugin in environments with such security constraints.

           
          h2. Reproduce
           # Deploy Bitbucket Server with requirement of client certificate auth for HTTP access
           # Configure jenkins with client certs and configure the JVM with appropriate flags (e.g. javax.net.ssl.keyStore)
           # Install bitbucket-branch-source plugin and confirm communication with Bitbucket succeeds
           # Remove bitbucket-branch-source plugin
           # Install atlassian-server-integration plugin and confirm that connections to Bitbucket are rejected

           
          h2. Expected

          The plugin should utilize the configured client cert when communicating with Bitbucket OR the plugin should provide a way for the user to configure this functionality. 

           
          h2. Workaround

          None. 
          mhenschke_atlassian Martin Henschke made changes -
          Assignee Kristy Hughes [ khughes ]
          mhenschke_atlassian Martin Henschke made changes -
          Issue Type Bug [ 1 ] New Feature [ 2 ]

            People

            Assignee:
            Unassigned Unassigned
            Reporter:
            elepantz A
            Votes:
            1 Vote for this issue
            Watchers:
            4 Start watching this issue

              Dates

              Created:
              Updated: