-
Bug
-
Resolution: Won't Fix
-
Critical
-
None
-
Azure AD
I applied a certificate for jenkins then I followed the guidance here to integrate with Azure AD: https://wiki.jenkins.io/display/JENKINS/Azure+AD+Plugin
First I enabled the https by using the keystore:
openssl pkcs12 -export -out jenkins_keystore.p12 -passout 'pass:xxx' -inkey example.key -in example.crt -certfile CertCA.crt -name example keytool -importkeystore -srckeystore jenkins_keystore.p12 -srcstorepass 'xxx' -srcstoretype PKCS12 -srcalias example -deststoretype JKS -destkeystore jenkins_keystore.jks -deststorepass 'xxx' -destalias example
After I installed the Azure AD plugin, the error occurs:
org.jose4j.jwt.consumer.InvalidJwtException: JWT (claims->{"aud":"9533d0f1-2b45-4ca0-88d3-f68fbf14b959","iss":"https://sts.windows.net/4e1eab56-1e20-410c-9a33-208f4489fbd3/v2.0","iat":1571229543,"nbf":1571229543,"exp":1571233443,"cloud_instance_name":"microsoftonline.us","cloud_graph_host_name":"graph.windows.net","msgraph_host":"graph.microsoft.com","aio":"AWQAm/8EAAAA1CKvXcdx/kWs/H9GLm4BKBJkNd2hV7AiP07c00YPdCiqcsaVig9Oi674f0poQOIXwp0Y91z1vX0cAm03oW9p1p9nRlPdTC6z+JmFDaKX6NMLv9v+fIgdPer15Yas4idi","email":"xxx","name":"xxx","nonce":"wGtXIHVvwR","oid":"29979360-f175-4da8-808e-4c03db48be59","preferred_username":"xxx","sub":"tg4kqDvDX3um45hIsQfrfexxEllNVI5JnL9tOo","tid":"4e1eab56c-9a33-xx208f4489fbd3","uti":"3l8w0S49w0Whx4_5FM0FAA","ver":"2.0"}) rejected due to invalid claims. Additional details: [[12] Issuer (iss) claim value (https://sts.windows.net/4e1eab56-1e20-410c-9a33-208f4489fbd3/v2.0) doesn't match expected value of https://login.microsoftonline.com/4e1eab56-1e20-410c-9a33-208f4489fbd3/v2.0] at org.jose4j.jwt.consumer.JwtConsumer.validate(JwtConsumer.java:449) at org.jose4j.jwt.consumer.JwtConsumer.processContext(JwtConsumer.java:294) at org.jose4j.jwt.consumer.JwtConsumer.process(JwtConsumer.java:416) at org.jose4j.jwt.consumer.JwtConsumer.processToClaims(JwtConsumer.java:164) at com.microsoft.jenkins.azuread.AzureSecurityRealm.validateAndParseIdToken(AzureSecurityRealm.java:237) at com.microsoft.jenkins.azuread.AzureSecurityRealm.doFinishLogin(AzureSecurityRealm.java:203) at java.lang.invoke.MethodHandle.invokeWithArguments(MethodHandle.java:627) at org.kohsuke.stapler.Function$MethodFunction.invoke(Function.java:396) at org.kohsuke.stapler.Function$InstanceFunction.invoke(Function.java:408) at org.kohsuke.stapler.Function.bindAndInvoke(Function.java:212) at org.kohsuke.stapler.Function.bindAndInvokeAndServeResponse(Function.java:145) at org.kohsuke.stapler.MetaClass$11.doDispatch(MetaClass.java:535) at org.kohsuke.stapler.NameBasedDispatcher.dispatch(NameBasedDispatcher.java:58) at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:747) Caused: javax.servlet.ServletException at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:797) at org.kohsuke.stapler.Stapler.invoke(Stapler.java:878) at org.kohsuke.stapler.MetaClass$2.doDispatch(MetaClass.java:219) at org.kohsuke.stapler.NameBasedDispatcher.dispatch(NameBasedDispatcher.java:58) at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:747) at org.kohsuke.stapler.Stapler.invoke(Stapler.java:878) at org.kohsuke.stapler.Stapler.invoke(Stapler.java:676) at org.kohsuke.stapler.Stapler.service(Stapler.java:238) at javax.servlet.http.HttpServlet.service(HttpServlet.java:790) at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:873) at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1623) at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:154) at jenkins.telemetry.impl.UserLanguages$AcceptLanguageFilter.doFilter(UserLanguages.java:128)
Can someone please look into this issue, thanks very much!