Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-48775

Proxy authentication error 407 even if 'check proxy' works

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Resolved (View Workflow)
    • Priority: Critical
    • Resolution: Fixed
    • Component/s: core
    • Environment:
    • Similar Issues:

      Description

      Proxy configuration doesn't work even if 'check proxy' works! No workaround found.

      Situation: Fresh installed Windows Server 2016 with latest, fresh installed  LTS Jenkins version 2.89.2. Server is behind a proxy. Check of Jenkins proxy configuration says 'Ok' but checking plugins crashes jenkins (see attached screen shot).

      I have a second machine (Windows 7 enterprise) with the same Jenkins version, behind the same proxy, with (really!) the same proxy configuration: Check Jenkins proxy settings says: "Error 407", BUT: Checking plugins works! (WTF!?!) One differrence is the java runtime verision: on this machine = 1.8.0_66-b18.

        Attachments

          Issue Links

            Activity

            Hide
            fuku1026 Fukusuke Takahashi added a comment -

            Same issue with 2.138.2 version

            Show
            fuku1026 Fukusuke Takahashi added a comment - Same issue with 2.138.2 version
            Hide
            israelromero Israel Romero Fijo added a comment - - edited

            I respond to myself here to help anyone with same issue.

            The problem wasn't Jenkins. Problem comes from Java JDK8 and above. Since this version, Oracle has disabled basic auth tunnelling for Basic authentication. If you want to use Basic mode again (security will be compromised), execute Jenkins adding this parameter to your JAVA_OPTS variable:

               "-Djdk.http.auth.tunneling.disabledSchemes="

            default value is

              "-Djdk.http.auth.tunneling.disabledSchemes=Basic", so Basic Schema is DISABLED by default and will return HTTP 407 error even if your credentials were OK.

             Proxy checking must use other method to validate Internet connection...

            I hope this can help you, guys.

             

            Show
            israelromero Israel Romero Fijo added a comment - - edited I respond to myself here to help anyone with same issue. The problem wasn't Jenkins. Problem comes from Java JDK8 and above. Since this version, Oracle has disabled basic auth tunnelling for Basic authentication. If you want to use Basic mode again (security will be compromised), execute Jenkins adding this parameter to your JAVA_OPTS variable:    "-Djdk.http.auth.tunneling.disabledSchemes=" default value is   "-Djdk.http.auth.tunneling.disabledSchemes=Basic", so Basic Schema is DISABLED by default and will return HTTP 407 error even if your credentials were OK.  Proxy checking must use other method to validate Internet connection... I hope this can help you, guys.  
            Hide
            stephenconnolly Stephen Connolly added a comment -

            Removing myself as assignee. My current work assignments do not provide sufficient bandwidth to review these issues and in the majority of cases I am only assigned by virtue of being the default assignee. For the credentials-api and scm-api related plugins I have permission to allocate time reviewing changes to these APIs themselves to ensure these APIs remain cohesive, but that can be handled through PR reviews rather than assigning issues in JIRA

            Show
            stephenconnolly Stephen Connolly added a comment - Removing myself as assignee. My current work assignments do not provide sufficient bandwidth to review these issues and in the majority of cases I am only assigned by virtue of being the default assignee. For the credentials-api and scm-api related plugins I have permission to allocate time reviewing changes to these APIs themselves to ensure these APIs remain cohesive, but that can be handled through PR reviews rather than assigning issues in JIRA
            Hide
            olivergondza Oliver Gondža added a comment -

            Postponing backport until 2.150.2 at least to give it some soak time.

            Show
            olivergondza Oliver Gondža added a comment - Postponing backport until 2.150.2 at least to give it some soak time.
            Hide
            danielbeck Daniel Beck added a comment -

            This introduced JENKINS-54903.

            Show
            danielbeck Daniel Beck added a comment - This introduced JENKINS-54903 .

              People

              • Assignee:
                Unassigned
                Reporter:
                go Gerald Ortner
              • Votes:
                7 Vote for this issue
                Watchers:
                17 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: