After configuring the reverse-proxy-auth-plugin, users are not authenticated in Jenkins.
it appears that ReverseProxySecurityRealm is correctly identifying the user from the following logs:
However, DefaultReverseProxyAuthenticator does not appear to receive the username:
We are not using LDAP authentication.
Here is the relevant section of config.xml:
What's interesting is the persistence of "retrievedUser", which might mean a leak of transient state.
Attached is a sanitized dump of /whoAmI.