Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-49274

Reverse proxy auth is not authenticating users

    Details

    • Similar Issues:

      Description

      After configuring the reverse-proxy-auth-plugin, users are not authenticated in Jenkins.

      it appears that ReverseProxySecurityRealm is correctly identifying the user from the following logs:

      PM FINE org.jenkinsci.plugins.reverse_proxy_auth.ReverseProxySecurityRealm
      USER LOGGED IN: tad@simple.com
      

      However, DefaultReverseProxyAuthenticator does not appear to receive the username:

      PM INFO org.jenkinsci.plugins.reverse_proxy_auth.auth.DefaultReverseProxyAuthenticator authenticate
      DefaultReverseProxyAuthenticator::authenticate ==> null to [Lorg.acegisecurity.GrantedAuthority;@6d8c3052
      

      We are not using LDAP authentication.

      Here is the relevant section of config.xml:

        <securityRealm class="org.jenkinsci.plugins.reverse_proxy_auth.ReverseProxySecurityRealm" plugin="reverse-proxy-auth-plugin@1.6.2">
          <proxyTemplate/>
          <inhibitInferRootDN>false</inhibitInferRootDN>
          <userSearchBase></userSearchBase>
          <userSearch>uid={0}</userSearch>
          <updateInterval>15</updateInterval>
          <forwardedUser>X-Simple-Internal-User</forwardedUser>
          <retrievedUser>vanvlack@simple.com</retrievedUser>
          <headerGroups></headerGroups>
          <headerGroupsDelimiter>|</headerGroupsDelimiter>
          <disableLdapEmailResolver>true</disableLdapEmailResolver>
          <displayNameLdapAttribute></displayNameLdapAttribute>
          <emailAddressLdapAttribute></emailAddressLdapAttribute>
        </securityRealm>
      

      What's interesting is the persistence of "retrievedUser", which might mean a leak of transient state.

      Attached is a sanitized dump of /whoAmI.

        Attachments

          Activity

            People

            • Assignee:
              tad Tad Fisher
              Reporter:
              tad Tad Fisher
            • Votes:
              1 Vote for this issue
              Watchers:
              9 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: