Shiva Konduru
2018-11-11 09:55:21 UTC
Hi,
Given below is my Jenkins configuration using Windows 2016.
1. Jenkins is behind a NAT running on Windows 2016 EC2 instance behind a
load balancer.
2. I can access internet from Jenkins and I can confirm that there is no
proxy configuration on the Jenkins itself.
3. I manage to configure the OpenId based authentication for my
organization and I see that it works fine when I assign a public IP to the
machine.(Note that I still access it through the load balancer).
4. When I do not assign the public IP to the machine, after configuring
the openid, I get the following message if I choose anything other than
Anonymous users can do anything:
5. Jenkins does manage to redirect me to my Identity Provider when I hit
the home URL but once the IDP Provider redirects me to
<MyEndPoint>/securityRealm/finishLogin, I get the following error:
com.google.api.client.auth.oauth2.TokenResponseException: 405 Method Not Allowed
<html><head><title>Error</title></head><body>HTTP method POST is not
supported by this URL</body></html>
at com.google.api.client.auth.oauth2.TokenResponseException.from(TokenResponseException.java:105)
at com.google.api.client.auth.oauth2.TokenRequest.executeUnparsed(TokenRequest.java:287)
at com.google.api.client.auth.openidconnect.IdTokenResponse.execute(IdTokenResponse.java:120)
at org.jenkinsci.plugins.oic.OicSecurityRealm$3.onSuccess(OicSecurityRealm.java:328)
at org.jenkinsci.plugins.oic.OicSession.doFinishLogin(OicSession.java:108)
at org.jenkinsci.plugins.oic.OicSecurityRealm.doFinishLogin(OicSecurityRealm.java:564)
at java.lang.invoke.MethodHandle.invokeWithArguments(Unknown Source)
at org.kohsuke.stapler.Function$MethodFunction.invoke(Function.java:343)
at org.kohsuke.stapler.Function.bindAndInvoke(Function.java:184)
at org.kohsuke.stapler.Function.bindAndInvokeAndServeResponse(Function.java:117)
at org.kohsuke.stapler.MetaClass$1.doDispatch(MetaClass.java:130)
at org.kohsuke.stapler.NameBasedDispatcher.dispatch(NameBasedDispatcher.java:58)
at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:739)
at org.kohsuke.stapler.Stapler.invoke(Stapler.java:870)
Can someone please advice me what I am doing wrong here?
I tried performing the following steps:
1. Disabled XS scripting forgery option.
2. Enabled XSS option but did not enable Proxy compatibility.
3. Enabled XSS option & Enabled Proxy compatibility.
Other than these steps, I have not been able to figure out what else I
can try to make this work. Hoping to get some guidance from
community.
Happy Building,
Regards,
-Shiva
Given below is my Jenkins configuration using Windows 2016.
1. Jenkins is behind a NAT running on Windows 2016 EC2 instance behind a
load balancer.
2. I can access internet from Jenkins and I can confirm that there is no
proxy configuration on the Jenkins itself.
3. I manage to configure the OpenId based authentication for my
organization and I see that it works fine when I assign a public IP to the
machine.(Note that I still access it through the load balancer).
4. When I do not assign the public IP to the machine, after configuring
the openid, I get the following message if I choose anything other than
Anonymous users can do anything:
5. Jenkins does manage to redirect me to my Identity Provider when I hit
the home URL but once the IDP Provider redirects me to
<MyEndPoint>/securityRealm/finishLogin, I get the following error:
com.google.api.client.auth.oauth2.TokenResponseException: 405 Method Not Allowed
<html><head><title>Error</title></head><body>HTTP method POST is not
supported by this URL</body></html>
at com.google.api.client.auth.oauth2.TokenResponseException.from(TokenResponseException.java:105)
at com.google.api.client.auth.oauth2.TokenRequest.executeUnparsed(TokenRequest.java:287)
at com.google.api.client.auth.openidconnect.IdTokenResponse.execute(IdTokenResponse.java:120)
at org.jenkinsci.plugins.oic.OicSecurityRealm$3.onSuccess(OicSecurityRealm.java:328)
at org.jenkinsci.plugins.oic.OicSession.doFinishLogin(OicSession.java:108)
at org.jenkinsci.plugins.oic.OicSecurityRealm.doFinishLogin(OicSecurityRealm.java:564)
at java.lang.invoke.MethodHandle.invokeWithArguments(Unknown Source)
at org.kohsuke.stapler.Function$MethodFunction.invoke(Function.java:343)
at org.kohsuke.stapler.Function.bindAndInvoke(Function.java:184)
at org.kohsuke.stapler.Function.bindAndInvokeAndServeResponse(Function.java:117)
at org.kohsuke.stapler.MetaClass$1.doDispatch(MetaClass.java:130)
at org.kohsuke.stapler.NameBasedDispatcher.dispatch(NameBasedDispatcher.java:58)
at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:739)
at org.kohsuke.stapler.Stapler.invoke(Stapler.java:870)
Can someone please advice me what I am doing wrong here?
I tried performing the following steps:
1. Disabled XS scripting forgery option.
2. Enabled XSS option but did not enable Proxy compatibility.
3. Enabled XSS option & Enabled Proxy compatibility.
Other than these steps, I have not been able to figure out what else I
can try to make this work. Hoping to get some guidance from
community.
Happy Building,
Regards,
-Shiva
--
You received this message because you are subscribed to the Google Groups "Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-users+***@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/CAKnqCA%2BQiksyaoteqXMe-ukRTyUOs5jmBV82ZkZ4rEZPu7G7ZQ%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.
You received this message because you are subscribed to the Google Groups "Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-users+***@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/CAKnqCA%2BQiksyaoteqXMe-ukRTyUOs5jmBV82ZkZ4rEZPu7G7ZQ%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.