New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Doesn't work after upgrade to Jenkins 2.150.2 #54
Comments
Same here. Windows Server 2012R2 |
And here with the official Jenkins docker image. |
The latest weekly release (2.160) is broken too. |
I'm able to reproduce as well, seems to silently fail. I'll look into it. |
So the good news is that your still logged in and the code in the plugin works as expected. which indeed was introduced due to SECURITY-901: jenkinsci/jenkins@8c490d1 So many thanks for pointing out the advisory @wschomburg because I would have been looking a long time for this. WORKAROUND: Working on an actual fix. |
rely on new code introduced in 2.150.2 we now also depend on >2.150.2 As this is related to security it might not be a bad thing, protecting others from themselves. The actual fix is setting the session attributed related to the UserSeed.
Will pick it up in the next release, there where some pending things on it already have a fix for some things I spotted. Hopefully I can resolve them soon else I might opt to revert the other changes to get this out fast. |
That's also happening to other plugins: Maybe this fix will require a more broad redesign. |
in case any runs in this issue, the best way to set the var is to add to
|
Security realms need to invoke |
Could you test with the following PR: #56 ? |
@daniel-beck that ties into #22 , @Wadeck are those all the events that need to be triggered? |
@mjmbischoff for the moment only the |
Setting
|
try -Djenkins.security.seed.UserSeedProperty.disableUserSeed=true |
@hypery2k Working 👍 (I see you've updated your former post, that's good) |
1.5 has been released, so the workaround shouldn't be necessary anymore. Can anyone reporting this issue confirm that the problem no longer persists after upgrading so I can close this? |
I verified this issue resolved. Thanks! |
ok, great. thanks! |
New version works, great work. Thank you. |
@mjmbischoff 1.5 version you mentioned, is it for LTS ? As I can see only 2.150.2 on the website https://jenkins.io/changelog-stable/ as the latest one. |
1.5 is the version of the plugin that fixes issues with the 2.150.2 jenkins LTS release. So yes you can pick up jenkins 2.150.2 (current latest LTS) and then add the openid connect plugin version 1.5 to it and it should all work. |
@mjmbischoff Thanks a lot for the reply. But in my case we dont use openid connect authentication. Only normal security from Jenkins was enabled before 2.150.2. But soon upgrading to 2.150.2 the login attempts are failing for all the users. I being the administrator cant log in as well. Thereby had to turn off the security for time being to allow members to login. Is this related to the same. |
@slayer201 Ah, euh.. yeah while this is the issue tracker for the plugin I focused on this :-) 2.150.2 introduced changes around the handling of security see If your setup doesn't match any of the issues under the 'security-901' label then I suggest creating a new issue highlighting your setup. Feel free to @ me (https://issues.jenkins-ci.org/secure/ViewProfile.jspa?name=mbischoff) and given time, I try to have a quick look. |
My testing gets fails, with a 1 error but no error message display. :( what is the problem in Jenkins, locally all of my tests are done successfully. |
After upgraded Jenkins from 2.150.1 to 2.150.2 (see Security Advisor https://jenkins.io/security/advisory/2019-01-16/), it's not possible to login into Jenkins anymore.
The text was updated successfully, but these errors were encountered: