search

MCMicS / jenkins-control-plugin

Jenkins integration in IDEA Platforms
https://plugins.jetbrains.com/plugin/6110-jenkins-control-plugin
Apache License 2.0
250 stars 122 forks source link

Testing connection, get 500 error "Oops! A problem occurred while processing the request. Logging ID=<blah>" #592

Closed amaccormack-lumira closed 2 months ago

amaccormack-lumira commented 2 months ago

Seem to get a 500 error when trying to connect to Jenkins, but other API tools are working and the authentication seems to be OK (API token screen shows it was used today). Access via Jenkins web interface is all fine.

Tried the curl-v -u user:token https://ci.domain.com/user/login/api/json and get the same 500 error

MCMicS commented 2 months ago

Hi If curl has same error it looks like an Jenkins issue Can you please create a new API token and test again please? During last week's I saw multiple messages that user have issue with old API token

can you also test it with 

curl-v -u user:token https://ci.domain.com/api/json

And if possible and public avaialbe you can send me the server and credentials to test. (can also offer proivate channel like Gitter/Matrix)

amaccormack-lumira commented 2 months ago

Thanks for the superfast response!

Got 500 from /api/json too

I don't have log access on the server so I've asked our support guy to have a look if we can find the error Jenkins version is 2.346.3 if that makes any difference

MCMicS commented 2 months ago

Jenkins version looks fine I also use against multiple versions. One with lots and one with latest It works normally fine but could be some restrictions in infrastructure

If curl also not work correctly it seem something on network or server

Your curl response not say any more Infos?

amaccormack-lumira commented 2 months ago

Looks like it may be an ActiveDirectory problem, this was in the Jenkins log:

Weird, because I can log in on the GUI fine

May 01 11:40:59 ip-10-245.dev.ci.ldx jenkins[24472]: 2024-05-01 11:40:59.386+0000 [id=12049256] INFO c.a.c.util.logging.ClientLogger#performDeferredLogging: Azure Identity => getToken() result for scopes [https://graph.microsoft.com/.default]: SUCCESS May 01 11:40:59 ip-10-245.dev.ci.ldx jenkins[24472]: 2024-05-01 11:40:59.448+0000 [id=12081601] SEVERE c.m.graph.logger.DefaultLogger#logError: CoreHttpProvider[sendRequestInternal] - 408Graph service exception May 01 11:40:59 ip-10-245.dev.ci.ldx jenkins[24472]: 2024-05-01 11:40:59.448+0000 [id=12081601] SEVERE c.m.graph.logger.DefaultLogger#logError: Throwable detail: com.microsoft.graph.http.GraphServiceException: Error code: Request_ResourceNotFound May 01 11:40:59 ip-10-245.dev.ci.ldx jenkins[24472]: Error message: Resource 'andrew@domain.com' does not exist or one of its queried reference-property objects are not present. May 01 11:40:59 ip-10-245.dev.ci.ldx jenkins[24472]: GET https://graph.microsoft.com/v1.0/users/andrew@domain.com May 01 11:40:59 ip-10-245.dev.ci.ldx jenkins[24472]: SdkVersion : graph-java/v5.31.0 May 01 11:40:59 ip-10-245.dev.ci.ldx jenkins[24472]: 404 : May 01 11:40:59 ip-10-245.dev.ci.ldx jenkins[24472]: [...] May 01 11:40:59 ip-10-245.dev.ci.ldx jenkins[24472]: [Some information was truncated for brevity, enable debug logging for more details] May 01 11:40:59 ip-10-245.dev.ci.ldx jenkins[24472]: 2024-05-01 11:40:59.448+0000 [id=12081601] WARNING j.s.BasicHeaderApiTokenAuthenticator#authenticate2: API token matched for user andrew@domain.com but the impersonation failed May 01 11:40:59 ip-10-245.dev.ci.ldx jenkins[24472]: org.springframework.security.core.userdetails.UsernameNotFoundException: Cannot find user: andrew@domain.com

MCMicS commented 2 months ago

GUI works because it uses your real credentials to authenticate against the AD

Normally the API token for Our account should be used as additional auth against Jenkins But maybe there is something wrong

I can try to reproduce it to help but I need to setup a simple ad for test Do you use a self hosted ad or a cloud based?

From logs I assume it's a cloud version

MCMicS commented 2 months ago

What I see in error is that the API token is valid but then no user found. Is the mail andrew@ in Jenkins users to find?

MCMicS commented 2 months ago

Looks a bit like following Have you tried this? https://github.com/jenkinsci/azure-ad-plugin/issues/171

And https://github.com/jenkinsci/azure-ad-plugin/issues/246

Do you use the azure plugin? Are your rights coming from group or directly for user?

amaccormack-lumira commented 2 months ago

Thanks, I'll put these questions to the admins and try and get back

MCMicS commented 2 months ago

Ok I also try to reproduce it the days

amaccormack-lumira commented 2 months ago

Yeah, looks like there's a PR on the Azure AD plugin that went in a while back, but we can't pick it up for a while as it cascades into a full Jenkins upgrade. which will go on the backlog..

amaccormack-lumira commented 2 months ago

Happy to close as Jenkins/AzureAD plugin issue, not the jenkins control plugin. Thx for all the help.

MCMicS commented 2 months ago

Ok Thanks for feedback. Can you tell the pr so that I have it if it happens again for others

amaccormack-lumira commented 2 months ago

It was mentioned in one of the issues you linked: https://github.com/jenkinsci/azure-ad-plugin/pull/165

MCMicS commented 2 months ago

Thanks This pr is 3 y old So you longer not updated?

If this not help, feel free to reopen it for further assistance