[JIRA] (JENKINS-49274) Reverse proxy auth is not authenticating users
Title: Message Title roadrunner2 commented on JENKINS-49274 Re: Reverse proxy auth is not authenticating users For Apache I think the more proper setting is: RequestHeader unset Authorization (verified this fixes the issues for me too) Add Comment This message was sent by Atlassian JIRA (v7.3.0#73011-sha1:3c73d0e) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[JIRA] (JENKINS-49274) Reverse proxy auth is not authenticating users
Title: Message Title Krasimir Popov commented on JENKINS-49274 Re: Reverse proxy auth is not authenticating users What kind of webserver you use to proxy the requests. You need to ensure that all other unnecessary authentication headers are removed (Not proxied to jenkins jetty server). In the case of swarm it is basic auth and the header that you have to remove is Authorization. For nginx proxy_set_header Authorization ""; For Apache RequestHeader set Authorization "" I believe that this is more feature rather then a bug, jenkins security is improved and now there is better order of security layers. If Authorization header is present then jenkins follows to that and you will get 401. Your X-Forwarded-For header is ignored in that case. Add Comment This message was sent by Atlassian JIRA (v7.3.0#73011-sha1:3c73d0e) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[JIRA] (JENKINS-49274) Reverse proxy auth is not authenticating users
Title: Message Title Chance Zibolski commented on JENKINS-49274 Re: Reverse proxy auth is not authenticating users I think I am also hitting this. I can auth as my user, but my swarm agents aren't able to get through. The proxy is authenticating them successfully, and should be forwarding the user via the X-Forwarded-For header which is how I've configured jenkins, but the agents just are stuck 401ing the whole time against the /plugin/swarm/slaveInfo url. Add Comment This message was sent by Atlassian JIRA (v7.3.0#73011-sha1:3c73d0e) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[JIRA] (JENKINS-49274) Reverse proxy auth is not authenticating users
Title: Message Title Krasimir Popov commented on JENKINS-49274 Re: Reverse proxy auth is not authenticating users Glad to hear that. Cheers... Add Comment This message was sent by Atlassian JIRA (v7.3.0#73011-sha1:3c73d0e) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[JIRA] (JENKINS-49274) Reverse proxy auth is not authenticating users
Title: Message Title Laurent Le Grandois commented on JENKINS-49274 Re: Reverse proxy auth is not authenticating users Hi Krasimir, it works !! Config for Apache is : RequestHeader set Authorization "" Thanks Add Comment This message was sent by Atlassian JIRA (v7.3.0#73011-sha1:3c73d0e) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[JIRA] (JENKINS-49274) Reverse proxy auth is not authenticating users
Title: Message Title Krasimir Popov commented on JENKINS-49274 Re: Reverse proxy auth is not authenticating users I was just digging into a problem with Jenkins swarm plugin that I had after the upgrade and I noticed then now they changed the order of authentication somehow and if Authorization: Basic is present it will take advantage over the custom header you are sending to the Reverse proxy auth plugin. The result of this is that you will get 401 HTTP error from the Jetty server. You need to configure your apache to remove the Authorization header. For nginx I did proxy_set_header Authorization ""; Not sure what is the equivalent for Apache. Add Comment This message was sent by Atlassian JIRA (v7.3.0#73011-sha1:3c73d0e) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[JIRA] (JENKINS-49274) Reverse proxy auth is not authenticating users
Title: Message Title Laurent Le Grandois edited a comment on JENKINS-49274 Re: Reverse proxy auth is not authenticating users Authorization: Basic is correctly setted and other backends behind this reverse-proxy (Alfresco, Nexus, etc ..) got user id from Apache. PS : sorry, didn't see your html file : no, header doesn't appear Add Comment This message was sent by Atlassian JIRA (v7.3.0#73011-sha1:3c73d0e) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[JIRA] (JENKINS-49274) Reverse proxy auth is not authenticating users
Title: Message Title Laurent Le Grandois commented on JENKINS-49274 Re: Reverse proxy auth is not authenticating users Authorization: Basic is correctly setted and other backends behind this reverse-proxy (Alfresco, Nexus, etc ..) got user id from Apache. Add Comment This message was sent by Atlassian JIRA (v7.3.0#73011-sha1:3c73d0e) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[JIRA] (JENKINS-49274) Reverse proxy auth is not authenticating users
Title: Message Title Krasimir Popov commented on JENKINS-49274 Re: Reverse proxy auth is not authenticating users When you visit https://yourjenkinsurl/whoAmI/ do you have the X-Alfresco-Remote-User present there? Add Comment This message was sent by Atlassian JIRA (v7.3.0#73011-sha1:3c73d0e) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[JIRA] (JENKINS-49274) Reverse proxy auth is not authenticating users
Title: Message Title
Laurent Le Grandois edited a comment on JENKINS-49274
Re: Reverse proxy auth is not authenticating users
Hi, here is the configuration :Centos 7 : * httpd-2.4.6-67.el7.centos.6.x86_64 * jenkins-2.105-1.1.noarchJenkins config :{code:java} false uid={0} 15 X-Alfresco-Remote-User X-Forwarded-Groups | false {code}Apache config : {code:java} AuthBasicProvider file ldap AuthType Basic AuthName "Ldap Authentication" AuthUserFile "/etc/httpd/security/passwd" AuthLDAPURL ldaps:?uid AuthLDAPBindDN uid=*** AuthLDAPBindPassword "***" Require valid-user RewriteEngine On RewriteCond %{LA-U:REMOTE_USER} (.+) RewriteRule . - [E=RU:%1,NS] RequestHeader set X-Alfresco-Remote-User "%{RU}e" RewriteRule ^ - [E=X-Alfresco-Remote-User:${uc:%{LA-U:X-Alfresco-Remote-User}},NS,L] Options +Indexes RewriteCond % { REQUEST_URI} ^/computer/.*$ RewriteRule ^/computer/(.*)$ /jenkins/computer/$1 [L,R] ProxyPass /jenkins http://localhost:8080/jenkins ProxyPassReverse /jenkins http://localhost:8080/jenkins{ code}
Add Comment
This message was sent by Atlassian JIRA (v7.3.0#73011-sha1:3c73d0e)
--
You received this message because you are subscribed to the Google Groups "Jenkins Issues" group.
To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
[JIRA] (JENKINS-49274) Reverse proxy auth is not authenticating users
Title: Message Title
Laurent Le Grandois commented on JENKINS-49274
Re: Reverse proxy auth is not authenticating users
Hi, here is the configuration : Centos 7 :
httpd-2.4.6-67.el7.centos.6.x86_64
jenkins-2.105-1.1.noarch
Jenkins config :
"org.jenkinsci.plugins.reverse_proxy_auth.ReverseProxySecurityRealm" plugin="reverse-proxy-auth-plugin@1.5">
false
uid={0}
15
X-Alfresco-Remote-User
X-Forwarded-Groups
|
false
Apache config :
AuthBasicProvider file ldap
AuthType Basic
AuthName "Ldap Authentication"
AuthUserFile "/etc/httpd/security/passwd"
AuthLDAPURL ldaps:?uid
AuthLDAPBindDN uid=***
AuthLDAPBindPassword "***"
Require valid-user
RewriteEngine On
RewriteCond %{LA-U:REMOTE_USER} (.+)
RewriteRule . - [E=RU:%1,NS]
RequestHeader set X-Alfresco-Remote-User "%{RU}e"
RewriteRule ^ - [E=X-Alfresco-Remote-User:${uc:%{LA-U:X-Alfresco-Remote-User}},NS,L]
Options +Indexes
Add Comment
This message was sent by Atlassian JIRA (v7.3.0#73011-sha1:3c73d0e)
[JIRA] (JENKINS-49274) Reverse proxy auth is not authenticating users
Title: Message Title Krasimir Popov commented on JENKINS-49274 Re: Reverse proxy auth is not authenticating users For me it works fine with the Snapshot build and with the official 1.6.3 release. Jenkins ver. 2.105 and Plugin v1.6.3 in production since this morning and no issues since then. Laurent Le Grandois give more details about your entire setup so we can reproduce. Add Comment This message was sent by Atlassian JIRA (v7.3.0#73011-sha1:3c73d0e) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[JIRA] (JENKINS-49274) Reverse proxy auth is not authenticating users
Title: Message Title Laurent Le Grandois commented on JENKINS-49274 Re: Reverse proxy auth is not authenticating users Same problem with 1.6.3 : févr. 09, 2018 7:38:33 AM org.jenkinsci.plugins.reverse_proxy_auth.auth.DefaultReverseProxyAuthenticator authenticate INFOS: DefaultReverseProxyAuthenticator::authenticate ==> null to null févr. 09, 2018 7:38:33 AM org.jenkinsci.plugins.reverse_proxy_auth.auth.DefaultReverseProxyAuthenticator authenticate INFOS: DefaultReverseProxyAuthenticator::authenticate ==> null to null févr. 09, 2018 7:38:33 AM org.jenkinsci.plugins.reverse_proxy_auth.auth.DefaultReverseProxyAuthenticator authenticate INFOS: DefaultReverseProxyAuthenticator::authenticate ==> null to null Need to revert to 1.5 Add Comment This message was sent by Atlassian JIRA (v7.3.0#73011-sha1:3c73d0e) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
