[JIRA] (JENKINS-53859) Login fails consistently with "No subject alternative DNS name matching login.microsoftonline.com found"
Title: Message Title Ole Tolshave commented on JENKINS-53859 Re: Login fails consistently with "No subject alternative DNS name matching login.microsoftonline.com found" I am so sorry! This was due to a configuration error on our side. What happened was that a NAT rule was set up on the docker host running Jenkins. This had the effect of redirecting HTTPS traffic for all docker containers. When logging on with the Azure AD plugin the outbound request for https://login.microsoftonline.com ended up at the wrong host, which caused the "No subject alternative DNS name matching login.microsoftonline.com found." The wrong target host actually had HTTPS running, but of course using a different certificate. I fixed the NAT rule on the host and Azure AD logon works again! So this issue can be closed. I apologize for wasting anyones time. Add Comment This message was sent by Atlassian Jira (v7.11.2#711002-sha1:fdc329d) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[JIRA] (JENKINS-53859) Login fails consistently with "No subject alternative DNS name matching login.microsoftonline.com found"
Title: Message Title Ole Tolshave created an issue Jenkins / JENKINS-53859 Login fails consistently with "No subject alternative DNS name matching login.microsoftonline.com found" Issue Type: Bug Assignee: Azure DevOps Attachments: StackTrace.txt Components: azure-ad-plugin Created: 2018-10-01 19:44 Environment: Docker image: "FROM jenkins/jenkins:lts". Runs on Debian GNU/Linux 9 (stretch). Priority: Major Reporter: Ole Tolshave Jenkins installation has been running fine for a few months, using Azure AD version 0.3.1. Suddenly (first failure encountered on 30-SEP-2018 - was definitely working on 28-SEP-2018) all logins through Azure SSO fails with the "Oops!" Jenkins error and error message "java.security.cert.CertificateException: No subject alternative DNS name matching login.microsoftonline.com found." Full stack trace is attached as "StackTrace.txt". The Azure SSO account used for login works fine on the Azure portal and another internal site, so I do not suspect that the user account is the problem. I would suspect either an expired certificate somewhere or perhaps a policy change based on the current time?