Re: SSO with OAUTH/OIDC between OpenShift and Jenkins not working
Thanks Joel & Jordan. Deleted all the routes and created a new one with the same name as the 127.0.0.1.nip.io host but with a new host name and everything worked great. (Jenkins times out but i'm going to see if I just need to add some memory to the vm. Java's CPU is spiking at 100% On Sat, Nov 18, 2017 at 12:18 AM Jordan Liggittwrote: > Or add the new route to the service account annotations as well (it can > allow more than one) > > On Sat, Nov 18, 2017 at 12:15 AM, Joel Pearson < > japear...@agiledigital.com.au> wrote: > >> I’ve had this problem too. You need to use the original route name (you >> can change the host name) as the Jenkins service account refers to the >> route name for oauth purposes. >> On Sat, 18 Nov 2017 at 4:13 pm, Marc Boorshtein >> wrote: >> >>> I have a fresh install of Origin 3.6.1 on CentOS 7. In my project I >>> created a new persistent jenkins from the template included in origin with >>> oauth enabled. It creates a route to 127.0.0.1.nip.io. When I create >>> a new route with a routable domain name, and I try to login I get the >>> following error: >>> >>> { >>> "error": "invalid_request", >>> "error_description": "The request is missing a required parameter, >>> includes an invalid parameter value, includes a parameter more than once, >>> or is otherwise malformed.", >>> "state": "NGEyNWJlOTgtZTZlZC00" >>> } >>> >>> The redirect looks like: >>> >>> https://oslocal.tremolo.lan:8443/oauth/authorize?client_id=system:serviceaccount:jjacksontest:jenkins_uri=https://jenkins-jjacksontest.192.168.2.140.nip.io/securityRealm/finishLogin_type=code=user:info >>> user:check-access=NGEyNWJlOTgtZTZlZC00 >>> >>> I suspect the issue is that the redirect_uri is different then what is >>> expected, but I can't find a secret or environment variable to set so it >>> knows the correct redirect_uri. Is there some place I can set that? >>> >>> Thanks >>> >>> Marc >>> >>> ___ >>> users mailing list >>> users@lists.openshift.redhat.com >>> http://lists.openshift.redhat.com/openshiftmm/listinfo/users >>> >> >> ___ >> users mailing list >> users@lists.openshift.redhat.com >> http://lists.openshift.redhat.com/openshiftmm/listinfo/users >> >> > ___ users mailing list users@lists.openshift.redhat.com http://lists.openshift.redhat.com/openshiftmm/listinfo/users
Re: SSO with OAUTH/OIDC between OpenShift and Jenkins not working
I’ve had this problem too. You need to use the original route name (you can change the host name) as the Jenkins service account refers to the route name for oauth purposes. On Sat, 18 Nov 2017 at 4:13 pm, Marc Boorshteinwrote: > I have a fresh install of Origin 3.6.1 on CentOS 7. In my project I > created a new persistent jenkins from the template included in origin with > oauth enabled. It creates a route to 127.0.0.1.nip.io. When I create a > new route with a routable domain name, and I try to login I get the > following error: > > { > "error": "invalid_request", > "error_description": "The request is missing a required parameter, includes > an invalid parameter value, includes a parameter more than once, or is > otherwise malformed.", > "state": "NGEyNWJlOTgtZTZlZC00" > } > > The redirect looks like: > > https://oslocal.tremolo.lan:8443/oauth/authorize?client_id=system:serviceaccount:jjacksontest:jenkins_uri=https://jenkins-jjacksontest.192.168.2.140.nip.io/securityRealm/finishLogin_type=code=user:info > user:check-access=NGEyNWJlOTgtZTZlZC00 > > I suspect the issue is that the redirect_uri is different then what is > expected, but I can't find a secret or environment variable to set so it > knows the correct redirect_uri. Is there some place I can set that? > > Thanks > > Marc > > ___ > users mailing list > users@lists.openshift.redhat.com > http://lists.openshift.redhat.com/openshiftmm/listinfo/users > ___ users mailing list users@lists.openshift.redhat.com http://lists.openshift.redhat.com/openshiftmm/listinfo/users
SSO with OAUTH/OIDC between OpenShift and Jenkins not working
I have a fresh install of Origin 3.6.1 on CentOS 7. In my project I created a new persistent jenkins from the template included in origin with oauth enabled. It creates a route to 127.0.0.1.nip.io. When I create a new route with a routable domain name, and I try to login I get the following error: { "error": "invalid_request", "error_description": "The request is missing a required parameter, includes an invalid parameter value, includes a parameter more than once, or is otherwise malformed.", "state": "NGEyNWJlOTgtZTZlZC00" } The redirect looks like: https://oslocal.tremolo.lan:8443/oauth/authorize?client_id=system:serviceaccount:jjacksontest:jenkins_uri=https://jenkins-jjacksontest.192.168.2.140.nip.io/securityRealm/finishLogin_type=code=user:info user:check-access=NGEyNWJlOTgtZTZlZC00 I suspect the issue is that the redirect_uri is different then what is expected, but I can't find a secret or environment variable to set so it knows the correct redirect_uri. Is there some place I can set that? Thanks Marc ___ users mailing list users@lists.openshift.redhat.com http://lists.openshift.redhat.com/openshiftmm/listinfo/users