Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-55886

JCasC cannot configure TLS for Active Directory

    Details

    • Similar Issues:

      Description

      The issue appeared after updating active-directory plugin to 2.11 which is a security update. Downgrade to active-directory:2.10 resolves the issue.

      Jenkins startup fails due to JCasC complaining about invalid configuration element: tlsConfiguration

      Caused by: io.jenkins.plugins.casc.ConfiguratorException: Invalid configuration elements for type class hudson.plugins.active_directory.ActiveDirectorySecurityRealm : tlsConfiguration.
      Available attributes : bindName, bindPassword, cache, captchaSupport, customDomain, domain, domains, environmentProperties, groupLookupStrategy, internalUsersDatabase, removeIrrelevantGroups, server, site, startTls

      If TLS is not configured it defaults to (Unsecure) Trust all Certificates option.

       

       

        Attachments

          Activity

          didried Edgars Didrihsons created issue -
          didried Edgars Didrihsons made changes -
          Field Original Value New Value
          Description The issue appeared after updating active-directory plugin to 2.11 which is a security update.

          Jenkins startup fails due to JCasC complaining about invalid configuration element: tlsConfiguration
          {code:java}
          Caused by: io.jenkins.plugins.casc.ConfiguratorException: Invalid configuration elements for type class hudson.plugins.active_directory.ActiveDirectorySecurityRealm : tlsConfiguration.
          Available attributes : bindName, bindPassword, cache, captchaSupport, customDomain, domain, domains, environmentProperties, groupLookupStrategy, internalUsersDatabase, removeIrrelevantGroups, server, site, startTls{code}
          If TLS is not configured it defaults to (Unsecure) Trust all Certificates option.

           

           
          The issue appeared after updating active-directory plugin to 2.11 which is a security update. Downgrade to 

          Jenkins startup fails due to JCasC complaining about invalid configuration element: tlsConfiguration
          {code:java}
          Caused by: io.jenkins.plugins.casc.ConfiguratorException: Invalid configuration elements for type class hudson.plugins.active_directory.ActiveDirectorySecurityRealm : tlsConfiguration.
          Available attributes : bindName, bindPassword, cache, captchaSupport, customDomain, domain, domains, environmentProperties, groupLookupStrategy, internalUsersDatabase, removeIrrelevantGroups, server, site, startTls{code}
          If TLS is not configured it defaults to (Unsecure) Trust all Certificates option.

           

           
          didried Edgars Didrihsons made changes -
          Description The issue appeared after updating active-directory plugin to 2.11 which is a security update. Downgrade to 

          Jenkins startup fails due to JCasC complaining about invalid configuration element: tlsConfiguration
          {code:java}
          Caused by: io.jenkins.plugins.casc.ConfiguratorException: Invalid configuration elements for type class hudson.plugins.active_directory.ActiveDirectorySecurityRealm : tlsConfiguration.
          Available attributes : bindName, bindPassword, cache, captchaSupport, customDomain, domain, domains, environmentProperties, groupLookupStrategy, internalUsersDatabase, removeIrrelevantGroups, server, site, startTls{code}
          If TLS is not configured it defaults to (Unsecure) Trust all Certificates option.

           

           
          The issue appeared after updating active-directory plugin to 2.11 which is a security update. Downgrade to active-directory:2.10 resolves the issue.

          Jenkins startup fails due to JCasC complaining about invalid configuration element: tlsConfiguration
          {code:java}
          Caused by: io.jenkins.plugins.casc.ConfiguratorException: Invalid configuration elements for type class hudson.plugins.active_directory.ActiveDirectorySecurityRealm : tlsConfiguration.
          Available attributes : bindName, bindPassword, cache, captchaSupport, customDomain, domain, domains, environmentProperties, groupLookupStrategy, internalUsersDatabase, removeIrrelevantGroups, server, site, startTls{code}
          If TLS is not configured it defaults to (Unsecure) Trust all Certificates option.

           

           
          Hide
          gimler Gordon Franke added a comment -

          try this it works for me

          securityRealm:
            activeDirectory:
              domains:
              - bindName: "CN=..."
                bindPassword: "{...}"
                name: "your.domain"
                tlsConfiguration: TRUST_ALL_CERTIFICATES
              cache:
                size: 256
                ttl: 3600
              groupLookupStrategy: RECURSIVE
              startTls: true
          
          Show
          gimler Gordon Franke added a comment - try this it works for me securityRealm: activeDirectory: domains: - bindName: "CN=..." bindPassword: "{...}" name: "your.domain" tlsConfiguration: TRUST_ALL_CERTIFICATES cache: size: 256 ttl: 3600 groupLookupStrategy: RECURSIVE startTls: true
          Hide
          didried Edgars Didrihsons added a comment -

          I tried and it does work, thanks Gordon Franke!

          I did not notice the tlsConfiguration moved from activeDirectory level to domain level. I suppose this can be closed then.

          Show
          didried Edgars Didrihsons added a comment - I tried and it does work, thanks Gordon Franke ! I did not notice the tlsConfiguration moved from  activeDirectory level to domain level. I suppose this can be closed then.
          Hide
          wfollonier Wadeck Follonier added a comment -

          Edgars Didrihsons thank you for the feedback. Yes we moved it to have a more secure approach.

          Gordon Franke thank you for the help there!

          Show
          wfollonier Wadeck Follonier added a comment - Edgars Didrihsons thank you for the feedback. Yes we moved it to have a more secure approach. Gordon Franke thank you for the help there!
          wfollonier Wadeck Follonier made changes -
          Status Open [ 1 ] Closed [ 6 ]
          Resolution Not A Defect [ 7 ]

            People

            • Assignee:
              fbelzunc Félix Belzunce Arcos
              Reporter:
              didried Edgars Didrihsons
            • Votes:
              1 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: