Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-7278

infinite redirect loop when proxying with security enabled

    Details

    • Type: Bug
    • Status: Closed (View Workflow)
    • Priority: Major
    • Resolution: Won't Fix
    • Component/s: core
    • Labels:
      None
    • Environment:
      ubuntu 10.04, apache 2.2, hudson 1.372, 1.373
    • Similar Issues:

      Description

      Hi,

      Given all available tutorials, I've easily succeeded in configuring an apache proxy as a front end to our standalone hudson installation (btw, thanks for the debian package). I've used 2 approaches: mod_proxy/http and mod_jk/ajp13.
      So, we have:
      https://gateway.company.com/hudson ----> http://server.company.local:8042/hudson
      or
      https://gateway.company.com/hudson ----> ajp://server.company.local:8009/hudson
      Both work, with same (good) results.

      Now I have to pass (valid) apache credentials to hudson so that it can honor the "Project-based Matrix Authorization Strategy". So, I've chosen "Delegate to servlet container" as Security Realm.

      It starts well: (please see attached winstone.log)
      1. https://gateway.company.com/hudson/manage is transparently redirected to http://server.company.local:8042/hudson/manage
      2. j_username and j_password are passed to Winstone. (clear text)
      3. "Passed authentication check"
      4. "Response: HTTP/1.1 302 Found"
      5. redirection to "/hudson/secured?"
      6. https://gateway.company.com/hudson/secured is transparently redirected to http://server.company.local:8042/hudson/secured
      7. goto 2.
      ... after a few loops, my browser (Firefox) complaints that "The page isn't redirecting properly" with "This problem can sometimes be caused by disabling or refusing to accept cookies".

      A few ideas:
      1. Should I/how to instruct apache that the security negotiation shouldn't be visible from the client side?
      2. Is there a problem around then /j_security_check mechanism? Especially, why is there "Header: Location: /hudson/secured?" instead of "Header: Location: /hudson/secured/manage"? hudson.security.BasicAuthenticationFilter doc says "/abc/def -> /secured/abc/def -> /abc/def".
      3. As Firefox suggests, is there something wrong with cookies?

      Best regards,
      Régis

        Attachments

          Issue Links

            Activity

            Hide
            rdesgroppes Régis Desgroppes added a comment -

            Obsolete.

            Show
            rdesgroppes Régis Desgroppes added a comment - Obsolete.

              People

              • Assignee:
                Unassigned
                Reporter:
                rdesgroppes Régis Desgroppes
              • Votes:
                2 Vote for this issue
                Watchers:
                3 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: