search

jenkinsci / oic-auth-plugin

A Jenkins plugin which lets you login to Jenkins using your own, self-hosted or public openid connect server.
https://plugins.jenkins.io/oic-auth
MIT License
71 stars 88 forks source link

Session Timeout not working when integrating with oic auth plugin #380

Open zhassanpixel opened 2 weeks ago

zhassanpixel commented 2 weeks ago

Jenkins and plugins versions report

Environment ```text Jenkins: 2.401.2 OS: Linux - 6.8.0-1014-aws Java: 11.0.24 - Ubuntu (OpenJDK 64-Bit Server VM) --- ant:497.v94e7d9fffa_b_9 antisamy-markup-formatter:162.v0e6ec0fcfcf6 apache-httpcomponents-client-4-api:4.5.14-208.v438351942757 bootstrap5-api:5.3.2-3 bouncycastle-api:2.30.1.78.1-248.ve27176eb_46cb_ branch-api:2.1128.v717130d4f816 build-timeout:1.31 caffeine-api:3.1.8-133.v17b_1ff2e0599 checks-api:2.0.2 cloudbees-folder:6.858.v898218f3609d commons-lang3-api:3.16.0-82.ve2b_07d659d95 commons-text-api:1.11.0-94.v3e1f4a_926e49 credentials:1319.v7eb_51b_3a_c97b_ credentials-binding:642.v737c34dea_6c2 display-url-api:2.204.vf6fddd8a_8b_e9 durable-task:568.v8fb_5c57e8417 echarts-api:5.4.0-7 email-ext:2.105 font-awesome-api:6.5.1-2 generic-webhook-trigger:2.0.1 git:5.2.1 git-client:4.6.0 github:1.37.3.1 github-api:1.321-468.v6a_9f5f2d5a_7e github-branch-source:1771.v59b_6a_fa_1b_89e gradle:2.12 instance-identity:185.v303dc7c645f9 ionicons-api:74.v93d5eb_813d5f jackson2-api:2.15.3-363.v82c51b_de9f60 jakarta-activation-api:2.1.3-1 jakarta-mail-api:2.1.3-1 javax-activation-api:1.2.0-7 javax-mail-api:1.6.2-10 jaxb:2.3.9-1 jjwt-api:0.11.5-112.ve82dfb_224b_a_d jquery3-api:3.7.1-1 junit:1265.v65b_14fa_f12f0 ldap:725.v3cb_b_711b_1a_ef mailer:470.vc91f60c5d8e2 matrix-auth:3.2.2 matrix-project:818.v7eb_e657db_924 mina-sshd-api-common:2.12.1-101.v85b_e08b_780dd mina-sshd-api-core:2.12.1-101.v85b_e08b_780dd oic-auth:4.290.v6f5e8da_e98b_2 okhttp-api:4.11.0-172.vda_da_1feeb_c6e pam-auth:1.11 pipeline-build-step:540.vb_e8849e1a_b_d8 pipeline-github-lib:61.v629f2cc41d83 pipeline-graph-analysis:216.vfd8b_ece330ca_ pipeline-groovy-lib:689.veec561a_dee13 pipeline-input-step:477.v339683a_8d55e pipeline-milestone-step:119.vdfdc43fc3b_9a_ pipeline-model-api:2.2150.v4cfd8916915c pipeline-model-definition:2.2150.v4cfd8916915c pipeline-model-extensions:2.2150.v4cfd8916915c pipeline-rest-api:2.34 pipeline-stage-step:312.v8cd10304c27a_ pipeline-stage-tags-metadata:2.2150.v4cfd8916915c pipeline-stage-view:2.34 plain-credentials:182.v468b_97b_9dcb_8 plugin-util-api:3.8.0 resource-disposer:0.23 role-strategy:689.v731678c3e0eb_ scm-api:676.v886669a_199a_a_ script-security:1354.va_70a_fe478c7f snakeyaml-api:2.2-121.v5a_68b_9300b_d4 ssh-credentials:337.v395d2403ccd4 ssh-slaves:2.948.vb_8050d697fec structs:325.vcb_307d2a_2782 timestamper:1.27 token-macro:384.vf35b_f26814ec trilead-api:2.84.86.vf9c960e9b_458 variant:60.v7290fc0eb_b_cd workflow-aggregator:600.vb_57cdd26fdd7 workflow-api:1291.v51fd2a_625da_7 workflow-basic-steps:1058.vcb_fc1e3a_21a_9 workflow-cps:3837.v305192405b_c0 workflow-durable-task-step:1331.vc8c2fed35334 workflow-job:1326.ve643e00e9220 workflow-multibranch:770.v1a_d0708dd1f6 workflow-scm-step:427.v4ca_6512e7df1 workflow-step-api:639.v6eca_cd8c04a_a_ workflow-support:920.v59f71ce16f04 ws-cleanup:0.46 ```

What Operating System are you using (both controller, and any agents involved in the problem)?

Ubuntu 24.04 LTS

Reproduction steps

1- set the JENKINS_OPTS session timeout (JENKINS_OPTS=--sessionTimeout=2 --sessionEviction=4) 2- login and wait 4 minutes it should log you out 3- integrate with oic-auth plugin

Expected Results

it should log you out after 4 minutes

Actual Results

it keeps the session open for almost a day

Anything else?

No response

Are you interested in contributing a fix?

No response

michael-doubez commented 2 weeks ago

Those parameters handle jetty session timeout. I don t think the plugin has any impact.

Can you run the following in console ?

import org.kohsuke.stapler.Stapler;
Stapler.getCurrentRequest().getSession().getMaxInactiveInterval() / 60
zhassanpixel commented 2 weeks ago

HYG Result: Session@6d5b15a7{id=node01rshgy07xth66ukyfo5uj3pyg13791,x=node01rshgy07xth66ukyfo5uj3pyg13791.node0,req=1,res=true}

michael-doubez commented 2 weeks ago

@zhassanpixel Sorry. Wrong copy/paste on my phone :(

The goal is to have the stapler configuration

zhassanpixel commented 2 weeks ago

Result: 2

but since i installed the plugin it doesn't log me out .

rsareth commented 2 weeks ago

I faced an issue on it too. After the timeout, people face the HTTP 403 error page, so they need to clean their cookies to be able to log in. I had to downgrade the plugin

eva-mueller-coremedia commented 6 days ago

I faced an issue on it too. After the timeout, people face the HTTP 403 error page, so they need to clean their cookies to be able to log in. I had to downgrade the plugin

I cannot confirm this behaviour. Configuration

I need to update my comment. I observe the following behaviour, when trying to logout:

2024-09-09T15:01:28.005193335Z 2024-09-09 15:01:27.997+0000 [id=95]     WARNING h.i.i.InstallUncaughtExceptionHandler#handleException: Caught unhandled exception with ID 9998156e-b366-4a5a-b5b9-9400f9dac087
2024-09-09T15:01:28.005227668Z java.lang.IllegalArgumentException: User must not be null
2024-09-09T15:01:28.005230626Z  at org.springframework.util.Assert.notNull(Assert.java:201)
2024-09-09T15:01:28.005232918Z  at PluginClassLoader for cm-oic-auth//org.jenkinsci.plugins.oic.OicSecurityRealm.doLogout(OicSecurityRealm.java:1294)
2024-09-09T15:01:28.005235085Z  at jenkins.model.Jenkins.doLogout(Jenkins.java:4417)

See also: https://github.com/jenkinsci/oic-auth-plugin/blob/4.331.vd925b_f76f3a_c/src/main/java/org/jenkinsci/plugins/oic/OicSecurityRealm.java#L1268

Additionally, I can't use the script console anymore

Screenshot 2024-09-09 at 17 01 05

This behaviour vanishes, when I increase the session options...