-
Type:
Bug
-
Status: Resolved (View Workflow)
-
Priority:
Blocker
-
Resolution: Fixed
-
Component/s: active-directory-plugin
-
Labels:None
-
Environment:Jenkins 2.121.1
Active Directory Plugin 2.7
Jenkins running in Windows Server
-
Similar Issues:
I just did a system and plugin upgrade to the latest LTS along with all plugins, including Active Directory.
The first thing I noticed was that all of my binds broke (I was using anonymous on two custom domains), but that was easily fixable. Once I had everything back, I noticed the Authenticated Users line in the Matrix-based permissions. I changed the settings to match my project owner group since pretty much everybody who authenticates is at least a PO. Now I'm getting the following exceptions
{{Failed to test the validity of the user name Project_Ownersjava.lang.NullPointerException }}
{{ at hudson.plugins.active_directory.ActiveDirectorySecurityRealm$DescriptorImpl.bind(ActiveDirectorySecurityRealm.java:666) }}
{{ at hudson.plugins.active_directory.ActiveDirectorySecurityRealm$DescriptorImpl.bind(ActiveDirectorySecurityRealm.java:645) }}
{{ at hudson.plugins.active_directory.ActiveDirectorySecurityRealm$DescriptorImpl.bind(ActiveDirectorySecurityRealm.java:592) }}
{{ at hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider$1.call(ActiveDirectoryUnixAuthenticationProvider.java:358) }}
{{ at hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider$1.call(ActiveDirectoryUnixAuthenticationProvider.java:341) }}
{{ at com.google.common.cache.LocalCache$LocalManualCache$1.load(LocalCache.java:4767) }}
{{ at com.google.common.cache.LocalCache$LoadingValueReference.loadFuture(LocalCache.java:3568) }}
{{ at com.google.common.cache.LocalCache$Segment.loadSync(LocalCache.java:2350) }}
{{ at com.google.common.cache.LocalCache$Segment.lockedGetOrLoad(LocalCache.java:2313) }}
{{ at com.google.common.cache.LocalCache$Segment.get(LocalCache.java:2228) }}
{{Caused: com.google.common.util.concurrent.UncheckedExecutionException }}
{{ at com.google.common.cache.LocalCache$Segment.get(LocalCache.java:2234) }}
{{ at com.google.common.cache.LocalCache.get(LocalCache.java:3965) }}
{{ at com.google.common.cache.LocalCache$LocalManualCache.get(LocalCache.java:4764) }}
{{ at hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider.retrieveUser(ActiveDirectoryUnixAuthenticationProvider.java:341) }}
{{Caused: hudson.plugins.active_directory.CacheAuthenticationException: Authentication failed because there was a problem caching user Project_Owners; nested exception is com.google.common.util.concurrent.UncheckedExecutionException: java.lang.NullPointerException }}
{{ at hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider.retrieveUser(ActiveDirectoryUnixAuthenticationProvider.java:499) }}
{{ at hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider.retrieveUser(ActiveDirectoryUnixAuthenticationProvider.java:304) }}
{{ at hudson.plugins.active_directory.ActiveDirectoryUnixAuthenticationProvider.retrieveUser(ActiveDirectoryUnixAuthenticationProvider.java:226) }}
{{ at hudson.plugins.active_directory.AbstractActiveDirectoryAuthenticationProvider.loadUserByUsername(AbstractActiveDirectoryAuthenticationProvider.java:55) }}
{{ at hudson.plugins.active_directory.ActiveDirectorySecurityRealm.loadUserByUsername(ActiveDirectorySecurityRealm.java:848) }}
{{ at org.jenkinsci.plugins.matrixauth.AuthorizationContainerDescriptor.doCheckName_(AuthorizationContainerDescriptor.java:136) }}
{{ at hudson.security.GlobalMatrixAuthorizationStrategy$DescriptorImpl.doCheckName(GlobalMatrixAuthorizationStrategy.java:222) }}
{{ at java.lang.invoke.MethodHandle.invokeWithArguments(Unknown Source) }}
{{ at org.kohsuke.stapler.Function$MethodFunction.invoke(Function.java:343) }}
{{ at org.kohsuke.stapler.Function.bindAndInvoke(Function.java:184) }}
{{ at org.kohsuke.stapler.Function.bindAndInvokeAndServeResponse(Function.java:117) }}
{{ at org.kohsuke.stapler.MetaClass$1.doDispatch(MetaClass.java:129) }}
{{ at org.kohsuke.stapler.NameBasedDispatcher.dispatch(NameBasedDispatcher.java:58) }}
{{ at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:715) }}
{{ at org.kohsuke.stapler.Stapler.invoke(Stapler.java:845) }}
{{ at org.kohsuke.stapler.MetaClass$5.doDispatch(MetaClass.java:248) }}
{{ at org.kohsuke.stapler.NameBasedDispatcher.dispatch(NameBasedDispatcher.java:58) }}
{{ at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:715) }}
{{ at org.kohsuke.stapler.Stapler.invoke(Stapler.java:845) }}
{{ at org.kohsuke.stapler.Stapler.invoke(Stapler.java:649) }}
{{ at org.kohsuke.stapler.Stapler.service(Stapler.java:238) }}
{{ at javax.servlet.http.HttpServlet.service(HttpServlet.java:790) }}
{{ at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:860) }}
{{ at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1650) }}
{{ at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:154) }}
{{ at org.jenkinsci.plugins.ssegateway.Endpoint$SSEListenChannelFilter.doFilter(Endpoint.java:225) }}
{{ at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:151) }}
{{ at io.jenkins.blueocean.auth.jwt.impl.JwtAuthenticationFilter.doFilter(JwtAuthenticationFilter.java:61) }}
{{ at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:151) }}
{{ at com.cloudbees.jenkins.support.slowrequest.SlowRequestFilter.doFilter(SlowRequestFilter.java:37) }}
{{ at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:151) }}
{{ at io.jenkins.blueocean.ResourceCacheControl.doFilter(ResourceCacheControl.java:134) }}
{{ at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:151) }}
{{ at hudson.plugins.greenballs.GreenBallFilter.doFilter(GreenBallFilter.java:59) }}
{{ at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:151) }}
{{ at jenkins.metrics.impl.MetricsFilter.doFilter(MetricsFilter.java:125) }}
{{ at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:151) }}
{{ at hudson.util.PluginServletFilter.doFilter(PluginServletFilter.java:157) }}
{{ at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1637) }}
{{ at hudson.security.csrf.CrumbFilter.doFilter(CrumbFilter.java:105) }}
{{ at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1637) }}
{{ at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:84) }}
{{ at hudson.security.UnwrapSecurityExceptionFilter.doFilter(UnwrapSecurityExceptionFilter.java:51) }}
{{ at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) }}
{{ at jenkins.security.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:117) }}
{{ at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) }}
{{ at org.acegisecurity.providers.anonymous.AnonymousProcessingFilter.doFilter(AnonymousProcessingFilter.java:125) }}
{{ at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) }}
{{ at org.acegisecurity.ui.rememberme.RememberMeProcessingFilter.doFilter(RememberMeProcessingFilter.java:142) }}
{{ at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) }}
{{ at org.acegisecurity.ui.AbstractProcessingFilter.doFilter(AbstractProcessingFilter.java:271) }}
{{ at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) }}
{{ at jenkins.security.BasicHeaderProcessor.doFilter(BasicHeaderProcessor.java:93) }}
{{ at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) }}
{{ at org.acegisecurity.context.HttpSessionContextIntegrationFilter.doFilter(HttpSessionContextIntegrationFilter.java:249) }}
{{ at hudson.security.HttpSessionContextIntegrationFilter2.doFilter(HttpSessionContextIntegrationFilter2.java:67) }}
{{ at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) }}
{{ at hudson.security.ChainedServletFilter.doFilter(ChainedServletFilter.java:90) }}
{{ at hudson.security.HudsonFilter.doFilter(HudsonFilter.java:171) }}
{{ at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1637) }}
{{ at org.kohsuke.stapler.compression.CompressionFilter.doFilter(CompressionFilter.java:49) }}
{{ at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1637) }}
{{ at hudson.util.CharacterEncodingFilter.doFilter(CharacterEncodingFilter.java:82) }}
{{ at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1637) }}
{{ at org.kohsuke.stapler.DiagnosticThreadNameFilter.doFilter(DiagnosticThreadNameFilter.java:30) }}
{{ at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1637) }}
{{ at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:533) }}
{{ at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:143) }}
{{ at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:524) }}
{{ at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:132) }}
{{ at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:190) }}
{{ at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:1595) }}
{{ at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:188) }}
{{ at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1253) }}
{{ at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:168) }}
{{ at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:473) }}
{{ at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:1564) }}
{{ at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:166) }}
{{ at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1155) }}
{{ at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141) }}
{{ at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:132) }}
{{ at org.eclipse.jetty.server.Server.handle(Server.java:530) }}
{{ at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:347) }}
{{ at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:256) }}
{{ at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:279) }}
{{ at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:102) }}
{{ at org.eclipse.jetty.io.ChannelEndPoint$2.run(ChannelEndPoint.java:124) }}
{{ at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.doProduce(EatWhatYouKill.java:247) }}
{{ at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.produce(EatWhatYouKill.java:140) }}
{{ at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.run(EatWhatYouKill.java:131) }}
{{ at org.eclipse.jetty.util.thread.ReservedThreadExecutor$ReservedThread.run(ReservedThreadExecutor.java:382) }}{{}}
{{ at winstone.BoundedExecutorService$1.run(BoundedExecutorService.java:77) }}
{{ at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source) }}
{{ at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source) }}
{{ at java.lang.Thread.run(Unknown Source)}}
This is an AD group instead of a user, but I'm getting the same exception on user accounts as well.
- is blocked by
-
JENKINS-52045 Advanced configuration missing on Configure Global Security
-
- Resolved
-
- is related to
-
JENKINS-52045 Advanced configuration missing on Configure Global Security
-
- Resolved
-
-
JENKINS-52045 Advanced configuration missing on Configure Global Security
-
- Resolved
-
Manually adding startTls and tlsConfiguration to the Jenkins configuration and reloading from disk corrected this error. However, saving the security configuration removes these two settings from the file again. see linked issue for other details.