Re: SSO with OAUTH/OIDC between OpenShift and Jenkins not working

2017-11-17 Thread Marc Boorshtein 
Thanks Joel & Jordan.  Deleted all the routes and created a new one with
the same name as the 127.0.0.1.nip.io host but with a new host name and
everything worked great. (Jenkins times out but i'm going to see if I just
need to add some memory to the vm.  Java's CPU is spiking at 100%

On Sat, Nov 18, 2017 at 12:18 AM Jordan Liggitt  wrote:

> Or add the new route to the service account annotations as well (it can
> allow more than one)
>
> On Sat, Nov 18, 2017 at 12:15 AM, Joel Pearson <
> japear...@agiledigital.com.au> wrote:
>
>> I’ve had this problem too. You need to use the original route name (you
>> can change the host name) as the Jenkins service account refers to the
>> route name for oauth purposes.
>> On Sat, 18 Nov 2017 at 4:13 pm, Marc Boorshtein 
>> wrote:
>>
>>> I have a fresh install of Origin 3.6.1 on CentOS 7.  In my project I
>>> created a new persistent jenkins from the template included in origin with
>>> oauth enabled.  It creates a route to 127.0.0.1.nip.io.  When I create
>>> a new route with a routable domain name, and I try to login I get the
>>> following error:
>>>
>>> {
>>>   "error": "invalid_request",
>>>   "error_description": "The request is missing a required parameter, 
>>> includes an invalid parameter value, includes a parameter more than once, 
>>> or is otherwise malformed.",
>>>   "state": "NGEyNWJlOTgtZTZlZC00"
>>> }
>>>
>>> The redirect looks like:
>>>
>>> https://oslocal.tremolo.lan:8443/oauth/authorize?client_id=system:serviceaccount:jjacksontest:jenkins_uri=https://jenkins-jjacksontest.192.168.2.140.nip.io/securityRealm/finishLogin_type=code=user:info
>>>  user:check-access=NGEyNWJlOTgtZTZlZC00
>>>
>>> I suspect the issue is that the redirect_uri is different then what is 
>>> expected, but I can't find a secret or environment variable to set so it 
>>> knows the correct redirect_uri.  Is there some place I can set that?
>>>
>>> Thanks
>>>
>>> Marc
>>>
>>> ___
>>> users mailing list
>>> users@lists.openshift.redhat.com
>>> http://lists.openshift.redhat.com/openshiftmm/listinfo/users
>>>
>>
>> ___
>> users mailing list
>> users@lists.openshift.redhat.com
>> http://lists.openshift.redhat.com/openshiftmm/listinfo/users
>>
>>
>
___
users mailing list
users@lists.openshift.redhat.com
http://lists.openshift.redhat.com/openshiftmm/listinfo/users

Re: SSO with OAUTH/OIDC between OpenShift and Jenkins not working

2017-11-17 Thread Joel Pearson 
I’ve had this problem too. You need to use the original route name (you can
change the host name) as the Jenkins service account refers to the route
name for oauth purposes.
On Sat, 18 Nov 2017 at 4:13 pm, Marc Boorshtein 
wrote:

> I have a fresh install of Origin 3.6.1 on CentOS 7.  In my project I
> created a new persistent jenkins from the template included in origin with
> oauth enabled.  It creates a route to 127.0.0.1.nip.io.  When I create a
> new route with a routable domain name, and I try to login I get the
> following error:
>
> {
>   "error": "invalid_request",
>   "error_description": "The request is missing a required parameter, includes 
> an invalid parameter value, includes a parameter more than once, or is 
> otherwise malformed.",
>   "state": "NGEyNWJlOTgtZTZlZC00"
> }
>
> The redirect looks like:
>
> https://oslocal.tremolo.lan:8443/oauth/authorize?client_id=system:serviceaccount:jjacksontest:jenkins_uri=https://jenkins-jjacksontest.192.168.2.140.nip.io/securityRealm/finishLogin_type=code=user:info
>  user:check-access=NGEyNWJlOTgtZTZlZC00
>
> I suspect the issue is that the redirect_uri is different then what is 
> expected, but I can't find a secret or environment variable to set so it 
> knows the correct redirect_uri.  Is there some place I can set that?
>
> Thanks
>
> Marc
>
> ___
> users mailing list
> users@lists.openshift.redhat.com
> http://lists.openshift.redhat.com/openshiftmm/listinfo/users
>
___
users mailing list
users@lists.openshift.redhat.com
http://lists.openshift.redhat.com/openshiftmm/listinfo/users

SSO with OAUTH/OIDC between OpenShift and Jenkins not working

2017-11-17 Thread Marc Boorshtein 
I have a fresh install of Origin 3.6.1 on CentOS 7.  In my project I
created a new persistent jenkins from the template included in origin with
oauth enabled.  It creates a route to 127.0.0.1.nip.io.  When I create a
new route with a routable domain name, and I try to login I get the
following error:

{
  "error": "invalid_request",
  "error_description": "The request is missing a required parameter,
includes an invalid parameter value, includes a parameter more than
once, or is otherwise malformed.",
  "state": "NGEyNWJlOTgtZTZlZC00"
}

The redirect looks like:

https://oslocal.tremolo.lan:8443/oauth/authorize?client_id=system:serviceaccount:jjacksontest:jenkins_uri=https://jenkins-jjacksontest.192.168.2.140.nip.io/securityRealm/finishLogin_type=code=user:info
user:check-access=NGEyNWJlOTgtZTZlZC00

I suspect the issue is that the redirect_uri is different then what is
expected, but I can't find a secret or environment variable to set so
it knows the correct redirect_uri.  Is there some place I can set
that?

Thanks

Marc
___
users mailing list
users@lists.openshift.redhat.com
http://lists.openshift.redhat.com/openshiftmm/listinfo/users