Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-49747

java.io.FileNotFoundException: /tmp/saml-jenkins-keystore-5345145658381646927.jks (No such file or directory)

    Details

    • Type: Bug
    • Status: Resolved (View Workflow)
    • Priority: Minor
    • Resolution: Duplicate
    • Component/s: saml-plugin
    • Labels:
      None
    • Similar Issues:

      Description

      I'm not sure why /tmp/saml-jenkins-keystore-5345145658381646927.jks ceased to exist (it was created/working and there have been no system restarts or Jenkins restarts).  I have no log or any way of finding out what caused that file to be removed.

      That said - because this file is created by the saml plugin/pac4j, if it does not exist and the plugin needs it - it should be re-created.

      This error prevented users from authenticating and was fixed by a restart of Jenkins.

      I am using saml-plugin 1.0.5 with Azure AD and retrieving metadata from a URL every 1 minute.

      WARNING: Error while serving https://tst-jenkins/securityRealm/commenceLogin

       

       java.io.FileNotFoundException: /tmp/saml-jenkins-keystore-5345145658381646927.jks (No such file or directory)
       at java.io.FileInputStream.open0(Native Method)
       at java.io.FileInputStream.open(FileInputStream.java:195)
       at java.io.FileInputStream.<init>(FileInputStream.java:138)
       at java.io.FileInputStream.<init>(FileInputStream.java:93)
       at org.pac4j.core.util.CommonHelper.newFileInputStream(CommonHelper.java:312)
       Caused: org.pac4j.core.exception.TechnicalException
       at org.pac4j.core.util.CommonHelper.newFileInputStream(CommonHelper.java:314)
       at org.pac4j.core.util.CommonHelper.getInputStreamFromName(CommonHelper.java:304)
       at org.pac4j.core.util.CommonHelper$1.getInputStream(CommonHelper.java:348)
       at org.pac4j.saml.crypto.KeyStoreCredentialProvider.<init>(KeyStoreCredentialProvider.java:66)
       at org.pac4j.saml.crypto.KeyStoreCredentialProvider.<init>(KeyStoreCredentialProvider.java:90)
       at org.pac4j.saml.client.SAML2Client.initCredentialProvider(SAML2Client.java:174)
       at org.pac4j.saml.client.SAML2Client.internalInit(SAML2Client.java:111)
       at org.pac4j.core.util.InitializableWebObject.init(InitializableWebObject.java:24)
       at org.jenkinsci.plugins.saml.OpenSAMLWrapper.createSAML2Client(OpenSAMLWrapper.java:145)
       at org.jenkinsci.plugins.saml.SamlRedirectActionWrapper.process(SamlRedirectActionWrapper.java:45)
       at org.jenkinsci.plugins.saml.SamlRedirectActionWrapper.process(SamlRedirectActionWrapper.java:30)
       at org.jenkinsci.plugins.saml.OpenSAMLWrapper.get(OpenSAMLWrapper.java:65)
       at org.jenkinsci.plugins.saml.SamlSecurityRealm.doCommenceLogin(SamlSecurityRealm.java:238)
       at java.lang.invoke.MethodHandle.invokeWithArguments(MethodHandle.java:627)
       at org.kohsuke.stapler.Function$MethodFunction.invoke(Function.java:343)
       at org.kohsuke.stapler.Function.bindAndInvoke(Function.java:184)
       at org.kohsuke.stapler.Function.bindAndInvokeAndServeResponse(Function.java:117)
       at org.kohsuke.stapler.MetaClass$1.doDispatch(MetaClass.java:129)
       at org.kohsuke.stapler.NameBasedDispatcher.dispatch(NameBasedDispatcher.java:58)
       at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:715)
       Caused: javax.servlet.ServletException
       at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:765)
       at org.kohsuke.stapler.Stapler.invoke(Stapler.java:845)
       at org.kohsuke.stapler.MetaClass$3.doDispatch(MetaClass.java:209)
       at org.kohsuke.stapler.NameBasedDispatcher.dispatch(NameBasedDispatcher.java:58)
       at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:715)
       at org.kohsuke.stapler.Stapler.invoke(Stapler.java:845)
       at org.kohsuke.stapler.Stapler.invoke(Stapler.java:649)
       at org.kohsuke.stapler.Stapler.service(Stapler.java:238)
       at javax.servlet.http.HttpServlet.service(HttpServlet.java:790)
       at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:841)
       at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1650)
       at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:135)
       at org.jenkinsci.plugins.ssegateway.Endpoint$SSEListenChannelFilter.doFilter(Endpoint.java:225)
       at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:132)
       at io.jenkins.blueocean.auth.jwt.impl.JwtAuthenticationFilter.doFilter(JwtAuthenticationFilter.java:61)
       at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:132)
       at com.cloudbees.jenkins.support.slowrequest.SlowRequestFilter.doFilter(SlowRequestFilter.java:37)
       at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:132)
       at io.jenkins.blueocean.ResourceCacheControl.doFilter(ResourceCacheControl.java:134)
       at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:132)
       at hudson.plugins.scm_sync_configuration.extensions.ScmSyncConfigurationFilter$1.call(ScmSyncConfigurationFilter.java:49)
       at hudson.plugins.scm_sync_configuration.extensions.ScmSyncConfigurationFilter$1.call(ScmSyncConfigurationFilter.java:44)
       at hudson.plugins.scm_sync_configuration.ScmSyncConfigurationDataProvider.provideRequestDuring(ScmSyncConfigurationDataProvider.java:106)
       at hudson.plugins.scm_sync_configuration.extensions.ScmSyncConfigurationFilter.doFilter(ScmSyncConfigurationFilter.java:44)
       at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:132)
       at jenkins.metrics.impl.MetricsFilter.doFilter(MetricsFilter.java:125)
       at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:132)
       at hudson.util.PluginServletFilter.doFilter(PluginServletFilter.java:138)
       at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1637)
       at hudson.security.csrf.CrumbFilter.doFilter(CrumbFilter.java:50)
       at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1637)
       at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:84)
       at hudson.security.UnwrapSecurityExceptionFilter.doFilter(UnwrapSecurityExceptionFilter.java:51)
       at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
       at jenkins.security.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:117)
       at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
       at org.acegisecurity.providers.anonymous.AnonymousProcessingFilter.doFilter(AnonymousProcessingFilter.java:125)
       at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
       at org.acegisecurity.ui.rememberme.RememberMeProcessingFilter.doFilter(RememberMeProcessingFilter.java:135)
       at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
       at org.acegisecurity.ui.AbstractProcessingFilter.doFilter(AbstractProcessingFilter.java:271)
       at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
       at jenkins.security.BasicHeaderProcessor.doFilter(BasicHeaderProcessor.java:93)
       at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
       at org.acegisecurity.context.HttpSessionContextIntegrationFilter.doFilter(HttpSessionContextIntegrationFilter.java:249)
       at hudson.security.HttpSessionContextIntegrationFilter2.doFilter(HttpSessionContextIntegrationFilter2.java:67)
       at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
       at hudson.security.ChainedServletFilter.doFilter(ChainedServletFilter.java:90)
       at hudson.security.HudsonFilter.doFilter(HudsonFilter.java:171)
       at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1637)
       at org.kohsuke.stapler.compression.CompressionFilter.doFilter(CompressionFilter.java:49)
       at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1637)
       at hudson.util.CharacterEncodingFilter.doFilter(CharacterEncodingFilter.java:82)
       at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1637)
       at org.kohsuke.stapler.DiagnosticThreadNameFilter.doFilter(DiagnosticThreadNameFilter.java:30)
       at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1637)
       at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:533)
       at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:143)
       at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:524)
       at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:132)
       at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:190)
       at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:1595)
       at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:188)
       at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1253)
       at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:168)
       at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:473)
       at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:1564)
       at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:166)
       at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1155)
       at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141)
       at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:132)
       at org.eclipse.jetty.server.Server.handle(Server.java:564)
       at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:317)
       at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:251)
       at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:279)
       at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:110)
       at org.eclipse.jetty.io.ChannelEndPoint$2.run(ChannelEndPoint.java:124)
       at org.eclipse.jetty.util.thread.Invocable.invokePreferred(Invocable.java:128)
       at org.eclipse.jetty.util.thread.Invocable$InvocableExecutor.invoke(Invocable.java:222)
       at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.doProduce(EatWhatYouKill.java:294)
       at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.run(EatWhatYouKill.java:199)
       at winstone.BoundedExecutorService$1.run(BoundedExecutorService.java:77)
       at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
       at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
       at java.lang.Thread.run(Thread.java:748)
       

        Attachments

          Issue Links

            Activity

            Hide
            stradenko C added a comment -

            Looking at at org.jenkinsci.plugins.saml.OpenSAMLWrapper.createSAML2Client() and org.jenkinsci.plugins.saml.BundleKeyStore.init() it seems like the keystore should've been recreated, but I'm not familiar enough to follow what is really going on there.

            Show
            stradenko C added a comment - Looking at at org.jenkinsci.plugins.saml.OpenSAMLWrapper.createSAML2Client() and org.jenkinsci.plugins.saml.BundleKeyStore.init() it seems like the keystore should've been recreated, but I'm not familiar enough to follow what is really going on there.
            Hide
            ifernandezcalvo Ivan Fernandez Calvo added a comment -

            If you do not configure encryption settings, this file is automatically created when you configured the Plugin, the workaround would be entered on Security settings and save a change, or to configure encryption settings, or restart the Jenkins instance

            Show
            ifernandezcalvo Ivan Fernandez Calvo added a comment - If you do not configure encryption settings, this file is automatically created when you configured the Plugin, the workaround would be entered on Security settings and save a change, or to configure encryption settings, or restart the Jenkins instance
            Hide
            qwrrty Tim Pierce added a comment -

            Possibly related to JENKINS-49532?

            Show
            qwrrty Tim Pierce added a comment - Possibly related to JENKINS-49532 ?

              People

              • Assignee:
                ifernandezcalvo Ivan Fernandez Calvo
                Reporter:
                stradenko C
              • Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: