Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-39234

User identified as Tomcat's unix user id when using Kerberos SSO behind reverse proxy

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Fixed
    • Icon: Major Major
    • kerberos-sso-plugin
    • Jenkins 2.19.1 LTS
      Kerberos SSO plugin 1.3
      Active Directory plugin 2.0
      Nginx Plus 1.11.3
      Oracle JDK 8u112

      Jenkins, Active Directory connectivity, and Kerberos setup and working well (including Single Sign-On through Kerberos) when accessing Jenkins directly (http://servername.domain:8080).

      When accessing Jenkins through a reverse proxy (Nginx) running on the same host (performs SSL offloading) the user is identified as the Unix user that runs the Tomcat process instead of the actual user. In our case the Jenkins Tomcat runs as Unix user id 'tomcat', thus all logged in users are identified as 'tomcat'.

      Interestingly this happens only when accessing Jenkins through the reverse proxy.

      With Kerberos SSO plugin disabled, login works well when accessing through the reverse proxy.

      I'm attaching the Nginx configuration for reference.

        1. jenkins.conf
          2 kB
          Stephan Austermühle

            t_westling Tomas Westling
            stephan Stephan Austermühle
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Created:
              Updated:
              Resolved: