Closed jtnord closed 2 weeks ago
Note started Jenkins with -Dhudson.security.csrf.GlobalCrumbIssuerConfiguration.DISABLE_CSRF_PROTECTION=true
(unsafe) for testing and end up with
[WARNING] Error while serving http://localhost:8080/jenkins/securityRealm/finishLogin
java.lang.reflect.InvocationTargetException
at org.kohsuke.stapler.Function$MethodFunction.invoke (Function.java:401)
at org.kohsuke.stapler.Function$InstanceFunction.invoke (Function.java:409)
at org.kohsuke.stapler.Function.bindAndInvoke (Function.java:207)
at org.kohsuke.stapler.Function.bindAndInvokeAndServeResponse (Function.java:140)
at org.kohsuke.stapler.MetaClass$11.doDispatch (MetaClass.java:558)
at org.kohsuke.stapler.NameBasedDispatcher.dispatch (NameBasedDispatcher.java:59)
at org.kohsuke.stapler.Stapler.tryInvoke (Stapler.java:770)
at org.kohsuke.stapler.Stapler.invoke (Stapler.java:900)
at org.kohsuke.stapler.MetaClass$2.doDispatch (MetaClass.java:224)
at org.kohsuke.stapler.NameBasedDispatcher.dispatch (NameBasedDispatcher.java:59)
at org.kohsuke.stapler.Stapler.tryInvoke (Stapler.java:770)
at org.kohsuke.stapler.Stapler.invoke (Stapler.java:900)
at org.kohsuke.stapler.Stapler.invoke (Stapler.java:698)
at org.kohsuke.stapler.Stapler.service (Stapler.java:248)
at javax.servlet.http.HttpServlet.service (HttpServlet.java:590)
at org.eclipse.jetty.servlet.ServletHolder.handle (ServletHolder.java:764)
at org.eclipse.jetty.servlet.ServletHandler$ChainEnd.doFilter (ServletHandler.java:1665)
at hudson.util.PluginServletFilter$1.doFilter (PluginServletFilter.java:163)
at jenkins.util.HttpServletFilter$1.doFilter (HttpServletFilter.java:76)
at hudson.util.PluginServletFilter$1.doFilter (PluginServletFilter.java:160)
at hudson.util.PluginServletFilter.doFilter (PluginServletFilter.java:166)
at org.eclipse.jetty.servlet.FilterHolder.doFilter (FilterHolder.java:202)
at org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter (ServletHandler.java:1635)
at jenkins.ErrorAttributeFilter.doFilter (ErrorAttributeFilter.java:29)
at org.eclipse.jetty.servlet.FilterHolder.doFilter (FilterHolder.java:202)
at org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter (ServletHandler.java:1635)
at hudson.security.csrf.CrumbFilter.doFilter (CrumbFilter.java:118)
at org.eclipse.jetty.servlet.FilterHolder.doFilter (FilterHolder.java:202)
at org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter (ServletHandler.java:1635)
at hudson.security.ChainedServletFilter$1.doFilter (ChainedServletFilter.java:94)
at org.jenkinsci.plugins.oic.OicSecurityRealm$1.doFilter (OicSecurityRealm.java:833)
at hudson.security.ChainedServletFilter$1.doFilter (ChainedServletFilter.java:99)
at hudson.security.ChainedServletFilter$1.doFilter (ChainedServletFilter.java:94)
at jenkins.security.AcegiSecurityExceptionFilter.doFilter (AcegiSecurityExceptionFilter.java:52)
at hudson.security.ChainedServletFilter$1.doFilter (ChainedServletFilter.java:99)
at hudson.security.UnwrapSecurityExceptionFilter.doFilter (UnwrapSecurityExceptionFilter.java:54)
at hudson.security.ChainedServletFilter$1.doFilter (ChainedServletFilter.java:99)
at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter (ExceptionTranslationFilter.java:126)
at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter (ExceptionTranslationFilter.java:120)
at hudson.security.ChainedServletFilter$1.doFilter (ChainedServletFilter.java:99)
at org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter (AnonymousAuthenticationFilter.java:100)
at hudson.security.ChainedServletFilter$1.doFilter (ChainedServletFilter.java:99)
at org.springframework.security.web.authentication.rememberme.RememberMeAuthenticationFilter.doFilter (RememberMeAuthenticationFilter.java:145)
at org.springframework.security.web.authentication.rememberme.RememberMeAuthenticationFilter.doFilter (RememberMeAuthenticationFilter.java:101)
at hudson.security.ChainedServletFilter$1.doFilter (ChainedServletFilter.java:99)
at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter (AbstractAuthenticationProcessingFilter.java:227)
at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter (AbstractAuthenticationProcessingFilter.java:221)
at hudson.security.ChainedServletFilter$1.doFilter (ChainedServletFilter.java:99)
at jenkins.security.BasicHeaderProcessor.doFilter (BasicHeaderProcessor.java:97)
at hudson.security.ChainedServletFilter$1.doFilter (ChainedServletFilter.java:99)
at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter (SecurityContextPersistenceFilter.java:117)
at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter (SecurityContextPersistenceFilter.java:87)
at hudson.security.HttpSessionContextIntegrationFilter2.doFilter (HttpSessionContextIntegrationFilter2.java:63)
at hudson.security.ChainedServletFilter$1.doFilter (ChainedServletFilter.java:99)
at hudson.security.ChainedServletFilter.doFilter (ChainedServletFilter.java:111)
at hudson.security.ChainedServletFilter$1.doFilter (ChainedServletFilter.java:99)
at hudson.security.ChainedServletFilter.doFilter (ChainedServletFilter.java:111)
at hudson.security.HudsonFilter.doFilter (HudsonFilter.java:172)
at org.eclipse.jetty.servlet.FilterHolder.doFilter (FilterHolder.java:202)
at org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter (ServletHandler.java:1635)
at org.kohsuke.stapler.compression.CompressionFilter.doFilter (CompressionFilter.java:53)
at org.eclipse.jetty.servlet.FilterHolder.doFilter (FilterHolder.java:202)
at org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter (ServletHandler.java:1635)
at hudson.util.CharacterEncodingFilter.doFilter (CharacterEncodingFilter.java:86)
at org.eclipse.jetty.servlet.FilterHolder.doFilter (FilterHolder.java:202)
at org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter (ServletHandler.java:1635)
at org.kohsuke.stapler.DiagnosticThreadNameFilter.doFilter (DiagnosticThreadNameFilter.java:30)
at org.eclipse.jetty.servlet.FilterHolder.doFilter (FilterHolder.java:202)
at org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter (ServletHandler.java:1635)
at jenkins.security.SuspiciousRequestFilter.doFilter (SuspiciousRequestFilter.java:38)
at org.eclipse.jetty.servlet.FilterHolder.doFilter (FilterHolder.java:202)
at org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter (ServletHandler.java:1635)
at org.eclipse.jetty.servlet.ServletHandler.doHandle (ServletHandler.java:527)
at org.eclipse.jetty.server.handler.ScopedHandler.handle (ScopedHandler.java:131)
at org.eclipse.jetty.security.SecurityHandler.handle (SecurityHandler.java:569)
at org.eclipse.jetty.server.handler.HandlerWrapper.handle (HandlerWrapper.java:122)
at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle (ScopedHandler.java:223)
at org.eclipse.jetty.server.session.SessionHandler.doHandle (SessionHandler.java:1580)
at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle (ScopedHandler.java:221)
at org.eclipse.jetty.server.handler.ContextHandler.doHandle (ContextHandler.java:1384)
at org.eclipse.jetty.server.handler.ScopedHandler.nextScope (ScopedHandler.java:176)
at org.eclipse.jetty.servlet.ServletHandler.doScope (ServletHandler.java:484)
at org.eclipse.jetty.server.session.SessionHandler.doScope (SessionHandler.java:1553)
at org.eclipse.jetty.server.handler.ScopedHandler.nextScope (ScopedHandler.java:174)
at org.eclipse.jetty.server.handler.ContextHandler.doScope (ContextHandler.java:1306)
at org.eclipse.jetty.server.handler.ScopedHandler.handle (ScopedHandler.java:129)
at org.eclipse.jetty.server.handler.ContextHandlerCollection.handle (ContextHandlerCollection.java:149)
at org.eclipse.jetty.server.handler.HandlerList.handle (HandlerList.java:51)
at org.eclipse.jetty.server.handler.HandlerWrapper.handle (HandlerWrapper.java:122)
at org.eclipse.jetty.server.Server.handle (Server.java:563)
at org.eclipse.jetty.server.HttpChannel$RequestDispatchable.dispatch (HttpChannel.java:1598)
at org.eclipse.jetty.server.HttpChannel.dispatch (HttpChannel.java:753)
at org.eclipse.jetty.server.HttpChannel.handle (HttpChannel.java:501)
at org.eclipse.jetty.server.HttpConnection.onFillable (HttpConnection.java:287)
at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded (AbstractConnection.java:314)
at org.eclipse.jetty.io.FillInterest.fillable (FillInterest.java:100)
at org.eclipse.jetty.io.SelectableChannelEndPoint$1.run (SelectableChannelEndPoint.java:53)
at org.eclipse.jetty.util.thread.strategy.AdaptiveExecutionStrategy.runTask (AdaptiveExecutionStrategy.java:421)
at org.eclipse.jetty.util.thread.strategy.AdaptiveExecutionStrategy.consumeTask (AdaptiveExecutionStrategy.java:390)
at org.eclipse.jetty.util.thread.strategy.AdaptiveExecutionStrategy.tryProduce (AdaptiveExecutionStrategy.java:277)
at org.eclipse.jetty.util.thread.strategy.AdaptiveExecutionStrategy.run (AdaptiveExecutionStrategy.java:199)
at org.eclipse.jetty.util.thread.ReservedThreadExecutor$ReservedThread.run (ReservedThreadExecutor.java:411)
at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob (QueuedThreadPool.java:969)
at org.eclipse.jetty.util.thread.QueuedThreadPool$Runner.doRunJob (QueuedThreadPool.java:1194)
at org.eclipse.jetty.util.thread.QueuedThreadPool$Runner.run (QueuedThreadPool.java:1149)
at java.lang.Thread.run (Thread.java:829)
Caused by: java.lang.IllegalArgumentException
at com.google.common.base.Preconditions.checkArgument (Preconditions.java:129)
at com.google.api.client.util.Preconditions.checkArgument (Preconditions.java:35)
at com.google.api.client.auth.oauth2.AuthorizationCodeResponseUrl.<init> (AuthorizationCodeResponseUrl.java:90)
at org.jenkinsci.plugins.oic.OicSession.finishLogin (OicSession.java:192)
at org.jenkinsci.plugins.oic.OicSecurityRealm.doFinishLogin (OicSecurityRealm.java:1370)
at java.lang.invoke.MethodHandle.invokeWithArguments (MethodHandle.java:710)
at org.kohsuke.stapler.Function$MethodFunction.invoke (Function.java:397)
at org.kohsuke.stapler.Function$InstanceFunction.invoke (Function.java:409)
at org.kohsuke.stapler.Function.bindAndInvoke (Function.java:207)
at org.kohsuke.stapler.Function.bindAndInvokeAndServeResponse (Function.java:140)
at org.kohsuke.stapler.MetaClass$11.doDispatch (MetaClass.java:558)
at org.kohsuke.stapler.NameBasedDispatcher.dispatch (NameBasedDispatcher.java:59)
at org.kohsuke.stapler.Stapler.tryInvoke (Stapler.java:770)
at org.kohsuke.stapler.Stapler.invoke (Stapler.java:900)
at org.kohsuke.stapler.MetaClass$2.doDispatch (MetaClass.java:224)
at org.kohsuke.stapler.NameBasedDispatcher.dispatch (NameBasedDispatcher.java:59)
at org.kohsuke.stapler.Stapler.tryInvoke (Stapler.java:770)
at org.kohsuke.stapler.Stapler.invoke (Stapler.java:900)
at org.kohsuke.stapler.Stapler.invoke (Stapler.java:698)
at org.kohsuke.stapler.Stapler.service (Stapler.java:248)
at javax.servlet.http.HttpServlet.service (HttpServlet.java:590)
at org.eclipse.jetty.servlet.ServletHolder.handle (ServletHolder.java:764)
at org.eclipse.jetty.servlet.ServletHandler$ChainEnd.doFilter (ServletHandler.java:1665)
at hudson.util.PluginServletFilter$1.doFilter (PluginServletFilter.java:163)
at jenkins.util.HttpServletFilter$1.doFilter (HttpServletFilter.java:76)
at hudson.util.PluginServletFilter$1.doFilter (PluginServletFilter.java:160)
at hudson.util.PluginServletFilter.doFilter (PluginServletFilter.java:166)
at org.eclipse.jetty.servlet.FilterHolder.doFilter (FilterHolder.java:202)
at org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter (ServletHandler.java:1635)
at jenkins.ErrorAttributeFilter.doFilter (ErrorAttributeFilter.java:29)
at org.eclipse.jetty.servlet.FilterHolder.doFilter (FilterHolder.java:202)
at org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter (ServletHandler.java:1635)
at hudson.security.csrf.CrumbFilter.doFilter (CrumbFilter.java:118)
at org.eclipse.jetty.servlet.FilterHolder.doFilter (FilterHolder.java:202)
at org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter (ServletHandler.java:1635)
at hudson.security.ChainedServletFilter$1.doFilter (ChainedServletFilter.java:94)
at org.jenkinsci.plugins.oic.OicSecurityRealm$1.doFilter (OicSecurityRealm.java:833)
at hudson.security.ChainedServletFilter$1.doFilter (ChainedServletFilter.java:99)
at hudson.security.ChainedServletFilter$1.doFilter (ChainedServletFilter.java:94)
at jenkins.security.AcegiSecurityExceptionFilter.doFilter (AcegiSecurityExceptionFilter.java:52)
at hudson.security.ChainedServletFilter$1.doFilter (ChainedServletFilter.java:99)
at hudson.security.UnwrapSecurityExceptionFilter.doFilter (UnwrapSecurityExceptionFilter.java:54)
at hudson.security.ChainedServletFilter$1.doFilter (ChainedServletFilter.java:99)
at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter (ExceptionTranslationFilter.java:126)
at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter (ExceptionTranslationFilter.java:120)
at hudson.security.ChainedServletFilter$1.doFilter (ChainedServletFilter.java:99)
at org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter (AnonymousAuthenticationFilter.java:100)
at hudson.security.ChainedServletFilter$1.doFilter (ChainedServletFilter.java:99)
at org.springframework.security.web.authentication.rememberme.RememberMeAuthenticationFilter.doFilter (RememberMeAuthenticationFilter.java:145)
at org.springframework.security.web.authentication.rememberme.RememberMeAuthenticationFilter.doFilter (RememberMeAuthenticationFilter.java:101)
at hudson.security.ChainedServletFilter$1.doFilter (ChainedServletFilter.java:99)
at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter (AbstractAuthenticationProcessingFilter.java:227)
at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter (AbstractAuthenticationProcessingFilter.java:221)
at hudson.security.ChainedServletFilter$1.doFilter (ChainedServletFilter.java:99)
at jenkins.security.BasicHeaderProcessor.doFilter (BasicHeaderProcessor.java:97)
at hudson.security.ChainedServletFilter$1.doFilter (ChainedServletFilter.java:99)
at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter (SecurityContextPersistenceFilter.java:117)
at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter (SecurityContextPersistenceFilter.java:87)
at hudson.security.HttpSessionContextIntegrationFilter2.doFilter (HttpSessionContextIntegrationFilter2.java:63)
at hudson.security.ChainedServletFilter$1.doFilter (ChainedServletFilter.java:99)
at hudson.security.ChainedServletFilter.doFilter (ChainedServletFilter.java:111)
at hudson.security.ChainedServletFilter$1.doFilter (ChainedServletFilter.java:99)
at hudson.security.ChainedServletFilter.doFilter (ChainedServletFilter.java:111)
at hudson.security.HudsonFilter.doFilter (HudsonFilter.java:172)
at org.eclipse.jetty.servlet.FilterHolder.doFilter (FilterHolder.java:202)
at org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter (ServletHandler.java:1635)
at org.kohsuke.stapler.compression.CompressionFilter.doFilter (CompressionFilter.java:53)
at org.eclipse.jetty.servlet.FilterHolder.doFilter (FilterHolder.java:202)
at org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter (ServletHandler.java:1635)
at hudson.util.CharacterEncodingFilter.doFilter (CharacterEncodingFilter.java:86)
at org.eclipse.jetty.servlet.FilterHolder.doFilter (FilterHolder.java:202)
at org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter (ServletHandler.java:1635)
at org.kohsuke.stapler.DiagnosticThreadNameFilter.doFilter (DiagnosticThreadNameFilter.java:30)
at org.eclipse.jetty.servlet.FilterHolder.doFilter (FilterHolder.java:202)
at org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter (ServletHandler.java:1635)
at jenkins.security.SuspiciousRequestFilter.doFilter (SuspiciousRequestFilter.java:38)
at org.eclipse.jetty.servlet.FilterHolder.doFilter (FilterHolder.java:202)
at org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter (ServletHandler.java:1635)
at org.eclipse.jetty.servlet.ServletHandler.doHandle (ServletHandler.java:527)
at org.eclipse.jetty.server.handler.ScopedHandler.handle (ScopedHandler.java:131)
at org.eclipse.jetty.security.SecurityHandler.handle (SecurityHandler.java:569)
at org.eclipse.jetty.server.handler.HandlerWrapper.handle (HandlerWrapper.java:122)
at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle (ScopedHandler.java:223)
at org.eclipse.jetty.server.session.SessionHandler.doHandle (SessionHandler.java:1580)
at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle (ScopedHandler.java:221)
at org.eclipse.jetty.server.handler.ContextHandler.doHandle (ContextHandler.java:1384)
at org.eclipse.jetty.server.handler.ScopedHandler.nextScope (ScopedHandler.java:176)
at org.eclipse.jetty.servlet.ServletHandler.doScope (ServletHandler.java:484)
at org.eclipse.jetty.server.session.SessionHandler.doScope (SessionHandler.java:1553)
at org.eclipse.jetty.server.handler.ScopedHandler.nextScope (ScopedHandler.java:174)
at org.eclipse.jetty.server.handler.ContextHandler.doScope (ContextHandler.java:1306)
at org.eclipse.jetty.server.handler.ScopedHandler.handle (ScopedHandler.java:129)
at org.eclipse.jetty.server.handler.ContextHandlerCollection.handle (ContextHandlerCollection.java:149)
at org.eclipse.jetty.server.handler.HandlerList.handle (HandlerList.java:51)
at org.eclipse.jetty.server.handler.HandlerWrapper.handle (HandlerWrapper.java:122)
at org.eclipse.jetty.server.Server.handle (Server.java:563)
at org.eclipse.jetty.server.HttpChannel$RequestDispatchable.dispatch (HttpChannel.java:1598)
at org.eclipse.jetty.server.HttpChannel.dispatch (HttpChannel.java:753)
at org.eclipse.jetty.server.HttpChannel.handle (HttpChannel.java:501)
at org.eclipse.jetty.server.HttpConnection.onFillable (HttpConnection.java:287)
at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded (AbstractConnection.java:314)
at org.eclipse.jetty.io.FillInterest.fillable (FillInterest.java:100)
at org.eclipse.jetty.io.SelectableChannelEndPoint$1.run (SelectableChannelEndPoint.java:53)
at org.eclipse.jetty.util.thread.strategy.AdaptiveExecutionStrategy.runTask (AdaptiveExecutionStrategy.java:421)
at org.eclipse.jetty.util.thread.strategy.AdaptiveExecutionStrategy.consumeTask (AdaptiveExecutionStrategy.java:390)
at org.eclipse.jetty.util.thread.strategy.AdaptiveExecutionStrategy.tryProduce (AdaptiveExecutionStrategy.java:277)
at org.eclipse.jetty.util.thread.strategy.AdaptiveExecutionStrategy.run (AdaptiveExecutionStrategy.java:199)
at org.eclipse.jetty.util.thread.ReservedThreadExecutor$ReservedThread.run (ReservedThreadExecutor.java:411)
at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob (QueuedThreadPool.java:969)
at org.eclipse.jetty.util.thread.QueuedThreadPool$Runner.doRunJob (QueuedThreadPool.java:1194)
at org.eclipse.jetty.util.thread.QueuedThreadPool$Runner.run (QueuedThreadPool.java:1149)
at java.lang.Thread.run (Thread.java:829)
and this is because the plugin (via the way of the google library) is expecting these to be passed as query paramters not a form parameter.
Jenkins and plugins versions report
mvn hpi:run
from master (cddbd8ae4694860c0115cb784f87eaa3f32df2cf)Environment
Microsoft AD FS server (2022) https://learn.microsoft.com/en-us/windows-server/identity/ad-fs/operations/set-up-an-ad-fs-lab-environment#install-the-ad-fs-server-role ```text nap ```For whatever reason and despite advertising differently the AD FS server is usign HTTP POST for the return URL.
https://learn.microsoft.com/en-us/windows-server/identity/ad-fs/overview/ad-fs-openid-connect-oauth-flows-scenarios
This causes issues as the crumb issuer intercepts the call finds there is no crumb and says go away.
What Operating System are you using (both controller, and any agents involved in the problem)?
Windows.
Reproduction steps
Expected Results
login works
Actual Results
login fails as the reirect is a crumb
Anything else?
specifying
response_mode
asfragement
orquery
which should be the default should force this even if it is supposed to be the default.Are you interested in contributing a fix?
No response