Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-55545

Specifying metadata via the Idp Metadata URL gets connection refused exception

    Details

    • Type: Bug
    • Status: Closed (View Workflow)
    • Priority: Minor
    • Resolution: Not A Defect
    • Component/s: saml-plugin
    • Labels:
    • Environment:
      jdk11 with jenkins/jenkins:jdk11 dockerfile
    • Similar Issues:

      Description

      I tried to configure the SAML plugin by first entering a url in the Idp Metadata URL field and then clicking on the validate button.  I got "Was not possible to get the Metadata from the URL". 

      To be more specific, I started simpleSAMLPHP with the following command:

      #!/usr/bin/env bash
      docker run --name=simpleSaml \
      --rm \
      --detach \
      -p 9090:8080 \
      -p 9493:8443 \
      -e SIMPLESAMLPHP_SP_ENTITY_ID=
      
      [http://localhost:8080/securityRealm/finishLogin]
      
      \
      -e SIMPLESAMLPHP_SP_ASSERTION_CONSUMER_SERVICE=
      
      [http://localhost:8080/securityRealm/finishLogin]
      
      \
      -e SIMPLESAMLPHP_SP_SINGLE_LOGOUT_SERVICE=
      
      [http://localhost:8080/logout]
      
      \
      kristophjunge/test-saml-idp
      

       

      Then I entered "http://localhost:9090/simplesaml/saml2/idp/metadata.php" as the idp metadata url and clicked on the validate button.  I can open this link in another browser tab or get the contents via wget on the same machine (without any credentials)

       

      I get the exception below in the Jenkins console.  NOTE that this worked properly for me recently (in 2.150?) using jdk8.

       

      Jan 11, 2019 1:49:41 PM org.jenkinsci.plugins.saml.IdpMetadataConfiguration$DescriptorImpl doTestIdpMetadataURL
      SEVERE: Connection refused (Connection refused)
      java.net.ConnectException: Connection refused (Connection refused)
       at java.base/java.net.PlainSocketImpl.socketConnect(Native Method)
       at java.base/java.net.AbstractPlainSocketImpl.doConnect(AbstractPlainSocketImpl.java:399)
       at java.base/java.net.AbstractPlainSocketImpl.connectToAddress(AbstractPlainSocketImpl.java:242)
       at java.base/java.net.AbstractPlainSocketImpl.connect(AbstractPlainSocketImpl.java:224)
       at java.base/java.net.Socket.connect(Socket.java:591)
       at java.base/sun.net.NetworkClient.doConnect(NetworkClient.java:177)
       at java.base/sun.net.www.http.HttpClient.openServer(HttpClient.java:474)
       at java.base/sun.net.www.http.HttpClient.openServer(HttpClient.java:569)
       at java.base/sun.net.www.http.HttpClient.<init>(HttpClient.java:242)
       at java.base/sun.net.www.http.HttpClient.New(HttpClient.java:341)
       at java.base/sun.net.www.http.HttpClient.New(HttpClient.java:362)
       at java.base/sun.net.www.protocol.http.HttpURLConnection.getNewHttpClient(HttpURLConnection.java:1242)
       at java.base/sun.net.www.protocol.http.HttpURLConnection.plainConnect0(HttpURLConnection.java:1181)
       at java.base/sun.net.www.protocol.http.HttpURLConnection.plainConnect(HttpURLConnection.java:1075)
       at java.base/sun.net.www.protocol.http.HttpURLConnection.connect(HttpURLConnection.java:1009)
       at java.base/sun.net.www.protocol.http.HttpURLConnection.getInputStream0(HttpURLConnection.java:1581)
       at java.base/sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1509)
       at org.jenkinsci.plugins.saml.IdpMetadataConfiguration$DescriptorImpl.doTestIdpMetadataURL(IdpMetadataConfiguration.java:239)
       at java.base/java.lang.invoke.MethodHandle.invokeWithArguments(MethodHandle.java:710)
       at org.kohsuke.stapler.Function$MethodFunction.invoke(Function.java:396)
       at org.kohsuke.stapler.Function$InstanceFunction.invoke(Function.java:408)
       at org.kohsuke.stapler.Function.bindAndInvoke(Function.java:212)
       at org.kohsuke.stapler.Function.bindAndInvokeAndServeResponse(Function.java:145)
       at org.kohsuke.stapler.MetaClass$11.doDispatch(MetaClass.java:537)
       at org.kohsuke.stapler.NameBasedDispatcher.dispatch(NameBasedDispatcher.java:58)
       at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:739)
       at org.kohsuke.stapler.Stapler.invoke(Stapler.java:870)
       at org.kohsuke.stapler.MetaClass$4.doDispatch(MetaClass.java:282)
       at org.kohsuke.stapler.NameBasedDispatcher.dispatch(NameBasedDispatcher.java:58)
       at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:739)
       at org.kohsuke.stapler.Stapler.invoke(Stapler.java:870)
       at org.kohsuke.stapler.Stapler.invoke(Stapler.java:668)
       at org.kohsuke.stapler.Stapler.service(Stapler.java:238)
       at javax.servlet.http.HttpServlet.service(HttpServlet.java:790)
       at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:865)
       at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1655)
       at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:154)
       at jenkins.telemetry.impl.UserLanguages$AcceptLanguageFilter.doFilter(UserLanguages.java:128)
       at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:151)
       at hudson.util.PluginServletFilter.doFilter(PluginServletFilter.java:157)
       at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1642)
       at hudson.security.csrf.CrumbFilter.doFilter(CrumbFilter.java:99)
       at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1642)
       at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:84)
       at hudson.security.UnwrapSecurityExceptionFilter.doFilter(UnwrapSecurityExceptionFilter.java:51)
       at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
       at jenkins.security.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:117)
       at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
       at org.acegisecurity.providers.anonymous.AnonymousProcessingFilter.doFilter(AnonymousProcessingFilter.java:125)
       at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
       at org.acegisecurity.ui.rememberme.RememberMeProcessingFilter.doFilter(RememberMeProcessingFilter.java:142)
       at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
       at org.acegisecurity.ui.AbstractProcessingFilter.doFilter(AbstractProcessingFilter.java:271)
       at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
       at jenkins.security.BasicHeaderProcessor.doFilter(BasicHeaderProcessor.java:93)
       at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
       at org.acegisecurity.context.HttpSessionContextIntegrationFilter.doFilter(HttpSessionContextIntegrationFilter.java:249)
       at hudson.security.HttpSessionContextIntegrationFilter2.doFilter(HttpSessionContextIntegrationFilter2.java:67)
       at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
       at hudson.security.ChainedServletFilter.doFilter(ChainedServletFilter.java:90)
       at hudson.security.HudsonFilter.doFilter(HudsonFilter.java:171)
       at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1642)
       at org.kohsuke.stapler.compression.CompressionFilter.doFilter(CompressionFilter.java:49)
       at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1642)
       at hudson.util.CharacterEncodingFilter.doFilter(CharacterEncodingFilter.java:82)
       at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1642)
       at org.kohsuke.stapler.DiagnosticThreadNameFilter.doFilter(DiagnosticThreadNameFilter.java:30)
       at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1642)
       at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:533)
       at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:146)
       at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:524)
       at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:132)
       at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:257)
       at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:1595)
       at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:255)
       at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1340)
       at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:203)
       at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:473)
       at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:1564)
       at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:201)
       at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1242)
       at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:144)
       at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:132)
       at org.eclipse.jetty.server.Server.handle(Server.java:503)
       at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:364)
       at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:260)
       at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:305)
       at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:103)
       at org.eclipse.jetty.io.ChannelEndPoint$2.run(ChannelEndPoint.java:118)
       at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.runTask(EatWhatYouKill.java:333)
       at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.doProduce(EatWhatYouKill.java:310)
       at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.tryProduce(EatWhatYouKill.java:168)
       at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.run(EatWhatYouKill.java:126)
       at org.eclipse.jetty.util.thread.ReservedThreadExecutor$ReservedThread.run(ReservedThreadExecutor.java:366)
       at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:765)
       at org.eclipse.jetty.util.thread.QueuedThreadPool$2.run(QueuedThreadPool.java:683)
       at java.base/java.lang.Thread.run(Thread.java:834)
      

       

       

       

        Attachments

          Activity

          Hide
          ifernandezcalvo Ivan Fernandez Calvo added a comment - - edited

          Is Jenkins also in a Docker container? if so, localhost does not point to the SimpleSAML Docker container points to the Docker container lo device

          Show
          ifernandezcalvo Ivan Fernandez Calvo added a comment - - edited Is Jenkins also in a Docker container? if so, localhost does not point to the SimpleSAML Docker container points to the Docker container lo device
          Hide
          ifernandezcalvo Ivan Fernandez Calvo added a comment -

          The TAH make exactly this with Docker containers and works so it is weird that it fails.

          https://github.com/jenkinsci/acceptance-test-harness/blob/master/src/test/java/plugins/SAMLPluginTest.java#L66-L85

          Show
          ifernandezcalvo Ivan Fernandez Calvo added a comment - The TAH make exactly this with Docker containers and works so it is weird that it fails. https://github.com/jenkinsci/acceptance-test-harness/blob/master/src/test/java/plugins/SAMLPluginTest.java#L66-L85
          Hide
          kearls Kevin EARLS added a comment -

          D'oh.  Yes, Ivan Fernandez Calvo I think you're correct.  Let me double check and I'll close this assuming that was the case.

           

          Show
          kearls Kevin EARLS added a comment - D'oh.  Yes, Ivan Fernandez Calvo I think you're correct.  Let me double check and I'll close this assuming that was the case.  

            People

            • Assignee:
              ifernandezcalvo Ivan Fernandez Calvo
              Reporter:
              kearls Kevin EARLS
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: