Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-24958

UsernameNotFoundException when ActiveDirectory used for API and token authentication

    Details

    • Similar Issues:

      Description

      When a valid username and api-token are used from the Jenkins Python API, the Jenkins server (version 1.582) returns an exception (see stack trace below).

      Note: When active-directory is not used, the Jenkins API authentication works (tested on Jenkins 1.554.2).

      ----- exception stack trace
      javax.servlet.ServletException: org.acegisecurity.userdetails.UsernameNotFoundException: Authentication was successful but cannot locate the user information for ci_dev_test
      at jenkins.security.BasicHeaderApiTokenAuthenticator.authenticate(BasicHeaderApiTokenAuthenticator.java:36)
      at jenkins.security.BasicHeaderProcessor.doFilter(BasicHeaderProcessor.java:72)
      at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
      at org.acegisecurity.context.HttpSessionContextIntegrationFilter.doFilter(HttpSessionContextIntegrationFilter.java:249)
      at hudson.security.HttpSessionContextIntegrationFilter2.doFilter(HttpSessionContextIntegrationFilter2.java:67)
      at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
      at hudson.security.ChainedServletFilter.doFilter(ChainedServletFilter.java:76)
      at hudson.security.HudsonFilter.doFilter(HudsonFilter.java:164)
      at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1482)
      at org.kohsuke.stapler.compression.CompressionFilter.doFilter(CompressionFilter.java:46)
      at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1482)
      at hudson.util.CharacterEncodingFilter.doFilter(CharacterEncodingFilter.java:81)
      at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1474)
      at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:499)
      at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:137)
      at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:533)
      at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:231)
      at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1086)
      at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:428)
      at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:193)
      at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1020)
      at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:135)
      at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:116)
      at org.eclipse.jetty.server.Server.handle(Server.java:370)
      at org.eclipse.jetty.server.AbstractHttpConnection.handleRequest(AbstractHttpConnection.java:489)
      at org.eclipse.jetty.server.AbstractHttpConnection.headerComplete(AbstractHttpConnection.java:949)
      at org.eclipse.jetty.server.AbstractHttpConnection$RequestHandler.headerComplete(AbstractHttpConnection.java:1011)
      at org.eclipse.jetty.http.HttpParser.parseNext(HttpParser.java:644)
      at org.eclipse.jetty.http.HttpParser.parseAvailable(HttpParser.java:235)
      at org.eclipse.jetty.server.AsyncHttpConnection.handle(AsyncHttpConnection.java:82)
      at org.eclipse.jetty.io.nio.SelectChannelEndPoint.handle(SelectChannelEndPoint.java:668)
      at org.eclipse.jetty.io.nio.SelectChannelEndPoint$1.run(SelectChannelEndPoint.java:52)
      at winstone.BoundedExecutorService$1.run(BoundedExecutorService.java:77)
      at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
      at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
      at java.lang.Thread.run(Thread.java:745)
      Caused by: org.acegisecurity.userdetails.UsernameNotFoundException: Authentication was successful but cannot locate the user information for ci_dev_test
      at hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider.retrieveUser(ActiveDirectoryUnixAuthenticationProvider.java:273)
      at hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider.retrieveUser(ActiveDirectoryUnixAuthenticationProvider.java:196)
      at hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider.retrieveUser(ActiveDirectoryUnixAuthenticationProvider.java:140)
      at hudson.plugins.active_directory.AbstractActiveDirectoryAuthenticationProvider.loadUserByUsername(AbstractActiveDirectoryAuthenticationProvider.java:30)
      at jenkins.security.ImpersonatingUserDetailsService.loadUserByUsername(ImpersonatingUserDetailsService.java:32)
      at hudson.model.User.impersonate(User.java:282)
      at jenkins.security.BasicHeaderApiTokenAuthenticator.authenticate(BasicHeaderApiTokenAuthenticator.java:31)
      ... 35 more

      Help us localize this page
      Page generated: 1-Oct-2014 5:11:08 PMREST APIJenkins ver. 1.582

        Attachments

          Activity

          Hide
          laurin1 Keith Davis added a comment -

          To clarify, Active Directory Plugin. It has options in the security preferences.

          Default settings (Domain Name & Domain controller are blank, Remove irrelevant groups is unchecked)

          Not sure what you mean. Just go to http://whateveryourjenkinshostnameis/whoAmI when logged in.

          Do you want all of this data (it's a lot)? The information is correct.

          https://wiki.jenkins-ci.org/display/JENKINS/Logging

          I did that, ran the test, the log is not capturing anything.

          Show
          laurin1 Keith Davis added a comment - To clarify, Active Directory Plugin. It has options in the security preferences. Default settings (Domain Name & Domain controller are blank, Remove irrelevant groups is unchecked) Not sure what you mean. Just go to http://whateveryourjenkinshostnameis/whoAmI when logged in. Do you want all of this data (it's a lot)? The information is correct. https://wiki.jenkins-ci.org/display/JENKINS/Logging I did that, ran the test, the log is not capturing anything.
          Hide
          laurin1 Keith Davis added a comment -

          Even changed the logging level to ALL, still nothing.

          Show
          laurin1 Keith Davis added a comment - Even changed the logging level to ALL, still nothing.
          Hide
          laurin1 Keith Davis added a comment -

          In fact, I just logged out and back in using the UI and that log still shows nothing. I also tried adding these 2 loggers, still nothing:

          hudson.plugins.active_directory.ActiveDirectoryAuthenticationProvider
          hudson.plugins.active_directory.ActiveDirectoryUserDetail

          Show
          laurin1 Keith Davis added a comment - In fact, I just logged out and back in using the UI and that log still shows nothing. I also tried adding these 2 loggers, still nothing: hudson.plugins.active_directory.ActiveDirectoryAuthenticationProvider hudson.plugins.active_directory.ActiveDirectoryUserDetail
          Hide
          kyounger Kenneth Younger added a comment -

          We're seeming to hit this same issue. We use AD for all user access into Jenkins, and only add AD Groups in the global security config.

           

          Keith Davis did you end up figuring this out?

          Show
          kyounger Kenneth Younger added a comment - We're seeming to hit this same issue. We use AD for all user access into Jenkins, and only add AD Groups in the global security config.   Keith Davis did you end up figuring this out?
          Hide
          laurin1 Keith Davis added a comment -

          No. We switched to running a PHP script and uses the cURL extension.

          Show
          laurin1 Keith Davis added a comment - No. We switched to running a PHP script and uses the cURL extension.

            People

            • Assignee:
              Unassigned
              Reporter:
              mbells Matthew Bells
            • Votes:
              0 Vote for this issue
              Watchers:
              8 Start watching this issue

              Dates

              • Created:
                Updated: