Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-69685

Constant failed to get groups for user warnings

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Unresolved
    • Icon: Major Major
    • build-user-vars-plugin
    • None
    • Official jenkins/jenkins:2.361.1-lts Docker image
      build user vars Version 1.9

      Jenkins keeps throwing warning logs when Build User vars are enabled globally:

      jenkins_1  | 2022-09-23 10:22:28.942+0000 [id=4066]     WARNING o.j.p.b.v.i.UserIdCauseDeterminant#setJenkinsUserBuildVars: Failed to get groups for user: exampleuser@example.com error: hudson.security.UserMayOrMayNotExistException2: Unable
to query user information: exampleuser@example.com

      For what it's worth we don't have groups enabled at all so that's why I think it's throwing this warning when any job is started.

          [JENKINS-69685] Constant failed to get groups for user warnings

          Petar created issue -

          Andrii Hava added a comment - - edited

          Have similar problem. The log filled with warnings, which make logs useless and hard to read.

          WARNING    o.j.p.b.v.i.UserIdCauseDeterminant#setJenkinsUserBuildVars: Failed to get groups for user: user.name@domain.com error: hudson.security.UserMayOrMayNotExistException: hudson.security.UserMayOrMayNotExistException2: Unable to query user information: user.name@domain.com; nested exception is hudson.security.UserMayOrMayNotExistException2: Unable to query user information: user.name@domain.com

          We use Google SSO with email and don't have any groups.
          Plugin v1.8
          Jenkins 2.332.3

          Andrii Hava added a comment - - edited Have similar problem. The log filled with warnings, which make logs useless and hard to read. WARNING    o.j.p.b.v.i.UserIdCauseDeterminant#setJenkinsUserBuildVars: Failed to get groups for user: user.name@domain.com error: hudson.security.UserMayOrMayNotExistException: hudson.security.UserMayOrMayNotExistException2: Unable to query user information: user.name@domain.com; nested exception is hudson.security.UserMayOrMayNotExistException2: Unable to query user information: user.name@domain.com We use Google SSO with email and don't have any groups. Plugin v1.8 Jenkins 2.332.3
          Fábio Silva made changes -
          Priority Original: Minor [ 4 ] New: Major [ 3 ]
          Fábio Silva made changes -
          Link New: This issue duplicates JENKINS-73420 [ JENKINS-73420 ]
          Gopal made changes -
          Component/s New: core [ 15593 ]

          Gopal added a comment -

          We are facing similar problem with lot of WARNING in our logs 

          2024-12-09 11:44:51.323+0000 [id=359758] WARNING o.j.p.b.v.i.UserIdCauseDeterminant#getUserGroups: Failed to get groups for user: user@domain.com error: hudson.security.UserMayOrMayNotExistException2: Unable to query user information: user@domain.com

           

          On digging further its seems to be an issue exactly when the below code is run

           

          import hudson.security.SecurityRealm;
import org.springframework.security.core.GrantedAuthority;
SecurityRealm realm = Jenkins.get().getSecurityRealm()
Collection<? extends GrantedAuthority> authorities = realm.loadUserByUsername2(userId).getAuthorities();

           

           

          We have two jenkins instances, one with securityRealm as SAML 2.0, and another with OIDC, and this warning happens only for the one with OIDC configured. Note we use Okta for SSO.

          Jenkins version: 2.479.1

          BuildVarsPlugin Version: 182.v378b_9f14b_487

          OIDC configuration: 
      oic:
        allowTokenAccessWithoutOicSession: true
        clientId: <HIDDEN>
        clientSecret: <HIDDEN>
        disableSslVerification: false
        emailFieldName: "email"
        escapeHatchSecret: “HIDDEN”
        groupsFieldName: "groups"
        logoutFromOpenidProvider: false
        pkceEnabled: true
        sendScopesInTokenRequest: true
        userNameField: "email"
        serverConfiguration:
          wellKnown:
            wellKnownOpenIDConfigurationUrl: "https://<company-sso-domain>/.well-known/openid-configuration"

           

          Gopal added a comment - We are facing similar problem with lot of WARNING in our logs  2024-12-09 11:44:51.323+0000 [id=359758] WARNING o.j.p.b.v.i.UserIdCauseDeterminant#getUserGroups: Failed to get groups for user: user@domain.com error: hudson.security.UserMayOrMayNotExistException2: Unable to query user information: user@domain.com   On digging further its seems to be an issue exactly when the below code is run   import hudson.security.SecurityRealm; import org.springframework.security.core.GrantedAuthority; SecurityRealm realm = Jenkins.get().getSecurityRealm() Collection<? extends GrantedAuthority> authorities = realm.loadUserByUsername2(userId).getAuthorities();     We have two jenkins instances, one with securityRealm as SAML 2.0, and another with OIDC, and this warning happens only for the one with OIDC configured. Note we use Okta for SSO. Jenkins version: 2.479.1 BuildVarsPlugin Version: 182.v378b_9f14b_487 OIDC configuration:        oic:         allowTokenAccessWithoutOicSession: true         clientId: <HIDDEN>         clientSecret: <HIDDEN>         disableSslVerification: false         emailFieldName: "email"         escapeHatchSecret: “HIDDEN”         groupsFieldName: "groups"         logoutFromOpenidProvider: false         pkceEnabled: true         sendScopesInTokenRequest: true         userNameField: "email"         serverConfiguration:           wellKnown:             wellKnownOpenIDConfigurationUrl: "https: //<company-sso-domain>/.well-known/openid-configuration"  
          Mark Waite made changes -
          Component/s Original: core [ 15593 ]

            zedasvacas Fábio Silva
            pbrzica Petar
            Votes:
            2 Vote for this issue
            Watchers:
            4 Start watching this issue

              Created:
              Updated: