Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-35418

Unauthorized user gets HTTP 500 when member of many groups

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed (View Workflow)
    • Priority: Minor
    • Resolution: Duplicate
    • Component/s: winstone-jetty
    • Labels:
      None
    • Environment:
      Jenkins 1.656 run directly (no container) on Centos 7.2
    • Similar Issues:

      Description

      Users who are successfully authenticated but not authorized get a HTTP 500 error instead of the expected HTTP 403 "access denied" page.

      The log shows the following error:

      header full: java.lang.RuntimeException: Header>6144
      

      Our understanding: when a user is authenticated (via the SAML plugin in our environment) but not authorized, Jenkins generates a HTTP response header X-You-Are-In-Group for every group the user is member of. For users who are member of a large number of groups, this exceeds the total header size allowed by Jetty and causes a HTTP 500 error.

      To allow users to see the expected "access denied" page, I suppose there should be some control on these X-You-Are-In-Group headers; or we should be able to set a larger value for ResponseHeaderSize in Jetty's HttpConfig (as is already possible for request header size)

      Thanks in advance

        Attachments

          Issue Links

            Activity

            There are no comments yet on this issue.

              People

              • Assignee:
                Unassigned
                Reporter:
                alexcern Alex Lossent
              • Votes:
                0 Vote for this issue
                Watchers:
                1 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: