Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-25144

Basic Authentication in combination with Session is broken

    Details

    • Similar Issues:

      Description

      BasicAuthentication in combination with a sessionId is broken - after the first login following page refreshs fail with bad credentials.

      Here my analysis (I commented this on the corresponding commit on github as well):
      The BasicHeaderProcessor expects a not null Authentication Object

      From BasicHeaderProcessor:

      Authentication auth = a.authenticate(req, rsp, username, password);
      if (auth!=null) {
      LOGGER.log(FINE, "Request authenticated as

      {0}

      by

      {1}

      ", new Object[]

      {auth,a}

      );
      success(req, rsp, chain, auth);
      return;
      }
      From BasicHeaderRealPasswordAuthenticator:

      if (!authenticationIsRequired(username))
      return null;
      It seems that you need to return the existing authentication Object from BasicHeaderRealPasswordAuthenticator and not null if the current authentication is already valid...?

      Anyway since we are running jenkins through a proxy with basicAuth the current version is completely broken for us...

      Corresponding Github commit: https://github.com/jenkinsci/jenkins/commit/b2a98f6bc6924d1fd25f7da583888c2f4f36d83c

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                oleg_nenashev Oleg Nenashev
                Reporter:
                cschoell Christof Schoell
              • Votes:
                8 Vote for this issue
                Watchers:
                14 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: