-
Notifications
You must be signed in to change notification settings - Fork 88
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[REGRESSION] After updating from 2.5 to 2.6 my user do not detect any groups provided by Oic Application #236
Comments
@Madball777123 thanks. Do you mean that you lost the whole configuration ? |
Lost Jenkins admin access after update to 2.6. Is it possible to return by deleting the lines and re-reading the config?
|
No, the configuration is present. Only new lines have been added with 2.6. And perhaps for some reason the |
I'll try to reproduce but it would help if there was something in the logs. |
Did you try to set nonceDisabled to true ? |
No, I didn't lose it, it just didn't load properly. That's my guess. |
Sorry, I missed an important point. I use keycloak. Not Okta |
I will check it tomorrow morning. |
@michael-doubez |
Same problem as you. After updating, Losted all groups in Jenkins. |
Same issue here with keycloak. Changing nonceDisabled to true did not resolve the issue either. |
Same issue with authelia, disable nonce does not solve the issue either. |
We just hit this issue too. I'm not certain this was the fix, but I did notice that the I ticked on 'POST' and after saving the settings, I was able to see my group membership from my profile page again. |
I also just experienced this issue with Keycloak and Jenkins. My only luck was, that permissions for the user directly still worked. Therefore I can tell, all permissions load as far as displaying them in the admin panel. I've checked the log as well, there is no message from the oicd plugin. I'm on Jenkins: 2.387.3 |
Whoops, another victim. We use Drupal with oauth2_server as oidc provider. Happily checking the Disable Nonce verification box did resolve the issue for us. |
Same here. Had to rollback to version 2.5 |
Hi, same problem here, I had to revert to 2.5 as I found no solution to the issue :( |
Had to rollback to version 2.5 too! |
Hi, I had the same problem, and it was fixed by forcing the config.xml (securityRealm part) to be regenerated. So yes, probably a consequence of #198 Funny thing is that I first disabled Nonce verification as suggested here on a test server, which made it work (I did it through the GUI / secuirty settings), but then I edited the config.xml directly on another server, and it was still broken. That's when I edited something else in the security settings through the GUI that it started working and it made me understood that it was probably related to some new parameter. People who disabled Nonce verification can probably activate it again. Hope this helps ;) |
Thank you for your research. You are correct in your statement. For me it did not cause any problems to reactivate the Nonce verification. |
This solved the issue for me. Thanks! |
Sorry for hijacking this issue, but trying to setup jenkins + authelia. Currently when I try to login, I see in the logs
Thanks EDIT: nvm, figured it out. userNameField: preferred_username
fullNameFieldName: name
groupsFieldName: groups
emailFieldName: email |
For me too. Thank you |
Jenkins and plugins versions report
Environment
Reproduction steps
Upgrade from 2.5 to 2.6
Expected Results
The application should be able to fetch user data
Actual Results
I was able to log in thanks to the okta session token, but I lost management access.
Only user ID was correct, and any okta group was detected, like it lost connection with OicApplication.
Anything else?
I guess those new fields broke a serialization structure.
Removing and re-typing whole oic config fixed the problem.
The text was updated successfully, but these errors were encountered: