Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-9258

"Remember me" doesn't work with Active Directory plugin

    • Icon: Bug Bug
    • Resolution: Fixed
    • Icon: Major Major
    • None
    • Debian Squeeze on Linux qa01 2.6.26-2-vserver-amd64 #1 SMP Tue Jan 25 06:09:17 UTC 2011 x86_64 GNU/Linux
      Mac OS X 10.7.3 x86_64
      FC13, Tomcat 6, Jenkins 1.480.2

      When clicking the "Remember me on this computer" during login, after some time the user is logged out.

      I'm using Active Directory as Security Realm.

      Example protocol:

      I logged in at 09:19 and checked the "Remember me on this computer" checkbox.

      At 10:10 I freshly opened the jenkins front page again and I was logged it.

      At 11:38 again, and I found myself logged out.

      All tests were conducted with Firefox 4, accepting cookies and such.

      This is reproducible on an installation via Debian package. At the time of writing the version number is 1.405

          [JENKINS-9258] "Remember me" doesn't work with Active Directory plugin

          Alexander Artemov added a comment - - edited

          Still reproduceble

          Alexander Artemov added a comment - - edited Still reproduceble

          Waldek M added a comment -

          Yes, it still is. And recently, when accessing e.g. job site, users aren't even redirected to login page - they just get an error message.

          Waldek M added a comment - Yes, it still is. And recently, when accessing e.g. job site, users aren't even redirected to login page - they just get an error message.

          Discovering my own comment in JENKINS-11643 that this is disabled in Active Directory plugin when Jenkins cannot load details of users by name. That is, either it needs to be running on Windows (where Jenkins can obtain information about other users through ADSI that uses the host computer's credential) or bind DN/password would have to be provided, where Jenkins can obtain information about other users by using this credential.

          So the cause is at least known.

          Kohsuke Kawaguchi added a comment - Discovering my own comment in JENKINS-11643 that this is disabled in Active Directory plugin when Jenkins cannot load details of users by name. That is, either it needs to be running on Windows (where Jenkins can obtain information about other users through ADSI that uses the host computer's credential) or bind DN/password would have to be provided, where Jenkins can obtain information about other users by using this credential. So the cause is at least known.

          m_broida added a comment - - edited

          What about setups where we do NOT use AD at all?
          We don't even have the ActiveDirectory plugin.

          We validate logins via a local script.
          Yet Jenkins still logs me out several times/day.
          Jenkins 1.542 on Windows.

          m_broida added a comment - - edited What about setups where we do NOT use AD at all? We don't even have the ActiveDirectory plugin. We validate logins via a local script. Yet Jenkins still logs me out several times/day. Jenkins 1.542 on Windows.

          Code changed in jenkins
          User: Kohsuke Kawaguchi
          Path:
          src/main/java/hudson/plugins/active_directory/ActiveDirectorySecurityRealm.java
          http://jenkins-ci.org/commit/active-directory-plugin/4f65a3f926aa857e94ea18b687c806eaabaff270
          Log:
          [JENKINS-11643 JENKINS-9258]

          Revisiting the defensive check needed for JENKINS-11643 in light of making remember me service works (JENKINS-9258)

          I've made changes in the core so that the TokenBasedRememberMeService2.autoLogin consults
          the LastGrantedAuthoritiesProperty of the User object in Jenkins 1.556. So when used with
          newer version of Jenkins, I can making remember me work with AD.

          This fix makes AD plugin behave gracefully with earlier versions, while still allowing me
          to leverage new additions in 1.556.

          SCM/JIRA link daemon added a comment - Code changed in jenkins User: Kohsuke Kawaguchi Path: src/main/java/hudson/plugins/active_directory/ActiveDirectorySecurityRealm.java http://jenkins-ci.org/commit/active-directory-plugin/4f65a3f926aa857e94ea18b687c806eaabaff270 Log: [JENKINS-11643 JENKINS-9258] Revisiting the defensive check needed for JENKINS-11643 in light of making remember me service works ( JENKINS-9258 ) I've made changes in the core so that the TokenBasedRememberMeService2.autoLogin consults the LastGrantedAuthoritiesProperty of the User object in Jenkins 1.556. So when used with newer version of Jenkins, I can making remember me work with AD. This fix makes AD plugin behave gracefully with earlier versions, while still allowing me to leverage new additions in 1.556.

          Changing the title to make sure people don't conflate this with other remember me problems.

          Kohsuke Kawaguchi added a comment - Changing the title to make sure people don't conflate this with other remember me problems.

          Implemented this in Active Directory plugin 1.35 in conjunction with core changes scheduled for 1.556.

          A work around in the mean time is to make sure you have bind DN and password.

          Kohsuke Kawaguchi added a comment - Implemented this in Active Directory plugin 1.35 in conjunction with core changes scheduled for 1.556. A work around in the mean time is to make sure you have bind DN and password.

          aflat added a comment -

          That workaround doesn't work if your master is on a windows 2008 machine, since you can't enter a bind DN/password, since those fields are hidden.

          aflat added a comment - That workaround doesn't work if your master is on a windows 2008 machine, since you can't enter a bind DN/password, since those fields are hidden.

          m_broida added a comment -

          The workaround also won't work if you're not using AD.
          We don't use AD, we use a local script for login.
          Yet Jenkins keeps logging me out, several times each day.
          Why?

          m_broida added a comment - The workaround also won't work if you're not using AD. We don't use AD, we use a local script for login. Yet Jenkins keeps logging me out, several times each day. Why?

          Hari Dara added a comment -

          @Kohsuke We have Jenkins 1.577 installation with AD and have this issue, but I see that your fix went into 1.556 itself. Could I be seeing a corner case?

          Hari Dara added a comment - @Kohsuke We have Jenkins 1.577 installation with AD and have this issue, but I see that your fix went into 1.556 itself. Could I be seeing a corner case?

            kohsuke Kohsuke Kawaguchi
            mfn mfn
            Votes:
            75 Vote for this issue
            Watchers:
            76 Start watching this issue

              Created:
              Updated:
              Resolved: