New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

OAuth authentication doesn't work with Origin v1.3.x #8

Closed
danielfn opened this Issue Jan 19, 2017 · 5 comments

Comments

Projects
None yet
2 participants
@danielfn

danielfn commented Jan 19, 2017

By default, the plugin tries to get the OAuth provider with a request to .well-known/oauth-authorization-server. However, this .well-known URI only exists in Openshift Origin starting with the version v1.4.x, therefore with prior versions it fails with a 403 and the message:

"message": "User \"system:serviceaccount:myproject:jenkins\" cannot \"get\" on \"/.well-known/oauth-authorization-server\"",

@gabemontero gabemontero self-assigned this Jan 19, 2017

@gabemontero

This comment has been minimized.

Contributor

gabemontero commented Jan 19, 2017

Yes, this is intentional / expected. I can update the README to clarify, but if you want to use this plugin without manually configuring the various parameters, you need to be running against OpenShift Origin v1.4.x in order to obtain the necessary information.

Use of this plugin without configuring it explicitly and against an older version is not supported.

@gabemontero

This comment has been minimized.

Contributor

gabemontero commented Jan 19, 2017

fyi - I've updated the README.

@danielfn

This comment has been minimized.

danielfn commented Jan 20, 2017

Seems fair, thanks. I found this problem by using the instant-app Jenkins template which comes with the Ansible installation.

https://github.com/openshift/openshift-ansible/blob/master/roles/openshift_examples/files/examples/v1.3/quickstart-templates/jenkins-persistent-template.json

Here OAuth is enabled by default, so probably it should be better to disable it completely and clarify why -- but that is an issue out of this repo, so I'm closing this one.

@danielfn danielfn closed this Jan 20, 2017

@gabemontero

This comment has been minimized.

Contributor

gabemontero commented Jan 20, 2017

Yeah, the 1.3 version of the template shouldn't be mentioning oauth. @bparees - do I remember you seeing this as well?

If @danielfn hasn't already done so, I'm going to open a PR to address.

@gabemontero

This comment has been minimized.

Contributor

gabemontero commented Jan 20, 2017

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment