-
Bug
-
Resolution: Unresolved
-
Major
-
None
As describe in this github issue https://github.com/jenkinsci/oic-auth-plugin/issues/343
Expected Results
During a Jenkins build, the BUILD_USER_GROUPS environment variable contains the groups of the user.
Actual Results
The variable is empty and a message is logged WARNING o.j.p.b.v.i.UserIdCauseDeterminant#setJenkinsUserBuildVars: Failed to get groups for user: myuser error: hudson.security.UserMayOrMayNotExistException2: Unable to query user information: myUser Show context
Analysis
[...]it throws UserMayOrMayNotExistException2 because at this point it does not, in fact, know for sure whether the user exists or not.
The fault lies in the build-user-vars-plugin for directly calling SecurityRealm.loadUserByUsername2 rather than going through User.getAuthorities, which is what would fall back to LastGrantedAuthoritiesProperty (via ImpersonatingUserDetailsService2).
- is duplicated by
-
-
- Open
-
[JENKINS-73420] [BUILD_USER_GROUPS] not compatible with some authentication realms
| Priority | Original: Minor [ 4 ] | New: Major [ 3 ] |
| Link | New: This issue is duplicated by JENKINS-69685 [ JENKINS-69685 ] |
| Description |
Original:
As describe in this github issue [https://github.com/jenkinsci/oic-auth-plugin/issues/343:]
h2. Expected Results During a Jenkins build, the BUILD_USER_GROUPS environment variable contains the groups of the user. h2. Actual Results The variable is empty and a message is logged WARNING o.j.p.b.v.i.UserIdCauseDeterminant#setJenkinsUserBuildVars: Failed to get groups for user: myuser error: hudson.security.UserMayOrMayNotExistException2: Unable to query user information: myUser Show context h2. Analysis [...]it throws UserMayOrMayNotExistException2 because at this point it does not, in fact, know for sure whether the user exists or not. The fault lies in the build-user-vars-plugin for directly calling SecurityRealm.loadUserByUsername2 rather than going through User.getAuthorities, which is what would fall back to LastGrantedAuthoritiesProperty (via ImpersonatingUserDetailsService2). |
New:
As describe in this github issue [https://github.com/jenkinsci/oic-auth-plugin/issues/343|https://github.com/jenkinsci/oic-auth-plugin/issues/343:]
h2. Expected Results During a Jenkins build, the BUILD_USER_GROUPS environment variable contains the groups of the user. h2. Actual Results The variable is empty and a message is logged WARNING o.j.p.b.v.i.UserIdCauseDeterminant#setJenkinsUserBuildVars: Failed to get groups for user: myuser error: hudson.security.UserMayOrMayNotExistException2: Unable to query user information: myUser Show context h2. Analysis [...]it throws UserMayOrMayNotExistException2 because at this point it does not, in fact, know for sure whether the user exists or not. The fault lies in the build-user-vars-plugin for directly calling SecurityRealm.loadUserByUsername2 rather than going through User.getAuthorities, which is what would fall back to LastGrantedAuthoritiesProperty (via ImpersonatingUserDetailsService2). |