-
Bug
-
Resolution: Unresolved
-
Critical
-
None
-
Jenkins 2.361.1 with OpenJDK (jdk-11.0.9.1+1-jre) running on Windows Server 2012 R2
Agent running on Windows 10 Enterprise (20H2), also using OpenJDK (jdk-11.0.9.1+1-jre)
agent.jar remoting version "3044.vb_940a_a_e4f72e"
Windows Negtiate SSO plugin version 1.5-SNAPSHOT (private-ea450567-win2012-737400$)Jenkins 2.361.1 with OpenJDK (jdk-11.0.9.1+1-jre) running on Windows Server 2012 R2 Agent running on Windows 10 Enterprise (20H2), also using OpenJDK (jdk-11.0.9.1+1-jre) agent.jar remoting version "3044.vb_940a_a_e4f72e" Windows Negtiate SSO plugin version 1.5-SNAPSHOT (private-ea450567-win2012-737400$)
When I try to register a new agent or even start a pre-registered agent while the Windows Negotiate SSO plugin is active, the agent reports the following error. The agent is configured to use "Launch agent by connecting it to the controller".
C:\Jenkins2>SET JAVA_HOME=C:\Jenkins\jdk-11.0.9.1+1-jre
C:\Jenkins2>"C:\Jenkins\jdk-11.0.9.1+1-jre\bin\java.exe" -jar agent.jar -jnlpUrl http://JENKINS-URL:8085/computer/AGENT-NAME/jenkins-agent.jnlp -secret MY_SECRET -workDir "C:\Jenkins2"
Nov. 03, 2022 9:45:31 VORM. org.jenkinsci.remoting.engine.WorkDirManager initializeWorkDir
INFO: Using C:\Jenkins2\remoting as a remoting work directory
Nov. 03, 2022 9:45:31 VORM. org.jenkinsci.remoting.engine.WorkDirManager setupLogging
INFO: Both error and output logs will be printed to C:\Jenkins2\remoting
Failed to obtain http://JENKINS-URL.dspace.de:8085/computer/AGENT-NAME/jenkins-agent.jnlp?encrypt=true
java.io.IOException: Failed to load http://JENKINS-URL.dspace.de:8085/computer/AGENT-NAME/jenkins-agent.jnlp?encrypt=true: 500 Server Error
at hudson.remoting.Launcher.parseJnlpArguments(Launcher.java:514)
at hudson.remoting.Launcher.run(Launcher.java:346)
at hudson.remoting.Launcher.main(Launcher.java:297)
When I deactivate the plugin, restart the Jenkins server and register/run the agent, it starts up just fine. I can then re-activate the plugin, restart the server and the (still running) agent reconnects. But once I restart the agent with activated plugin, it again fails to start up.
Anyhow, we must use the SSO plugin since we have a 2-factor authentication, i.e., the standard Jenkins login does not work for us 
Our longer existing agents that have been registered using "Java Web Start" are still working fine. Unfortunately, this option is no longer available with Java 11.
PS: Even older Jenkins versions have shown this issue.
A fix would be highly appreciated!
[JENKINS-70001] Agent registration fails when Windows Negotiate SSO plugin is active
Markus
created issue -
Bryson Gibbons
added a comment - Found the reason for this: because of when the request filter occurs in the chain, there is information that is not set in the checks that are performed in built-in methods to see if authentication is required, specifically for the slave-agent/jenkins-agent paths. Instead I need to have a copy of that code and check for that request information in the plugin, and that has not been updated since the change to jenkins-agent.jnlp.
Bryson Gibbons
added a comment - Found the reason for this: because of when the request filter occurs in the chain, there is information that is not set in the checks that are performed in built-in methods to see if authentication is required, specifically for the slave-agent/jenkins-agent paths. Instead I need to have a copy of that code and check for that request information in the plugin, and that has not been updated since the change to jenkins-agent.jnlp. Bryson Gibbons
made changes -
| Status | Original: Open [ 1 ] | New: In Progress [ 3 ] |
Markus
added a comment - Great news, many thanks! Looking forward to testing the fixed plugin Bryson Gibbons
added a comment - And... make sure you only use release 100.v53ffca_9b_116f or newer. One commit I had queued up from January 2021 led to problems when Jenkins starts (I thought I had tested it, but apparently not!), so none of the releases between 1.4 and 100.v53ffca_9b_116f (exclusive) will load in Jenkins properly.
There are some valuable changes I in those release that I rolled back and need to add back in, but having a functional plugin comes first.
Bryson Gibbons
added a comment - And... make sure you only use release 100.v53ffca_9b_116f or newer. One commit I had queued up from January 2021 led to problems when Jenkins starts (I thought I had tested it, but apparently not!), so none of the releases between 1.4 and 100.v53ffca_9b_116f (exclusive) will load in Jenkins properly.
There are some valuable changes I in those release that I rolled back and need to add back in, but having a functional plugin comes first. Markus
added a comment - Hi Bryson, I just tested the new release and it's working fine. Well done and many thanks 
Markus
added a comment - Hi Bryson, I just tested the new release and it's working fine. Well done and many thanks Bryson Gibbons
made changes -
| Status | Original: In Progress [ 3 ] | New: In Review [ 10005 ] |
This may be relevant as well:
UPDATE: It does not matter whether the Windows system where the agent is run, is joined to the domain or not. Does not work either.