Quantcast

Unable to connect slaves after enabling security

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Unable to connect slaves after enabling security

jbdundas
Hi,

We are running into a serious problem which is causing us to disable security on our Jenkins instance(Jenkins ver. 2.7.2).

1)  We have about 5 slaves which are connected to this Jenkins right now and they run fine without security.
2) Now, we are trying to enable security on it and it seems to work fine( We use the Enable Security option with Matrix based Security)  which also works fine.
3) We delegate authentication to our company based authentication mechanism and it works perfectly.

Now the problem part:-
1) When we enable security, it causes the nodes to disconnect and no matter what we try, it keeps giving us a 403 Forbidden error.
2) We must have tried everything to make this work. Deleted a node and tried to add a new Slave node and see if it works. Even that does not work.
3) I am feeling that the config.xml has a problem and it must causing these issues.

We use the Java Web Start option to kickstart the node and all the nodes are on Linux.

I have gone through all the stackoverflow and google groups threads to make this work.

So I request anyone to help me understand how to fix the Master Slave setup with security enabled. Note that we have the Master Slave Control unchecked right now since we sit behind the company intranet and do not need it.

Thanks,
Jitesh

--
You received this message because you are subscribed to the Google Groups "Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/74d2f10f-1eb8-4c2d-bb0b-51eed5c814ab%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Unable to connect slaves after enabling security

Daniel Beck

> On 16.03.2017, at 07:00, jbdundas <[hidden email]> wrote:
>
> 3) We delegate authentication to our company based authentication mechanism and it works perfectly.

Is this a private plugin, or what (public) plugin handles this?

--
You received this message because you are subscribed to the Google Groups "Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/8FDFBCED-2E0F-4F01-A940-BE9FF76037DC%40beckweb.net.
For more options, visit https://groups.google.com/d/optout.
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Unable to connect slaves after enabling security

jbdundas
Hi Daniel,

Thanks for responding. yes it is a private plugin for authentication ( Delegate to Servlet container. It works like a servlet filter which does cookie based authentication)

Thanks & Regards,
Jitesh Dundas

Phone - 732-357-6292




On Thu, Mar 16, 2017 at 7:58 PM, Daniel Beck <[hidden email]> wrote:

> On 16.03.2017, at 07:00, jbdundas <[hidden email]> wrote:
>
> 3) We delegate authentication to our company based authentication mechanism and it works perfectly.

Is this a private plugin, or what (public) plugin handles this?

--
You received this message because you are subscribed to the Google Groups "Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/8FDFBCED-2E0F-4F01-A940-BE9FF76037DC%40beckweb.net.
For more options, visit https://groups.google.com/d/optout.

--
You received this message because you are subscribed to the Google Groups "Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/CADA5cDB7tOqDHQt0unYpHZfuwmmPK7Ctmd7t7gi5czjL5DEU5A%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Unable to connect slaves after enabling security

Daniel Beck

> On 17.03.2017, at 10:18, jitesh dundas <[hidden email]> wrote:
>
> Thanks for responding. yes it is a private plugin for authentication ( Delegate to Servlet container. It works like a servlet filter which does cookie based authentication)

Then your plugin likely does not respect the well-known URLs that should be available without authentication to anyone.

Jenkins 2.37 introduced Jenkins#isSubjectToMandatoryReadPermissionCheck(String) to allow you to check whether something is exempt from that.


--
You received this message because you are subscribed to the Google Groups "Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/A5163AF8-CEE7-45F5-BB6A-297CF64B5950%40beckweb.net.
For more options, visit https://groups.google.com/d/optout.
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Unable to connect slaves after enabling security

jbdundas
Hi Daniel,

Thanks for the quick response. We tested this setup on our Dev and Test environments and it works fine there.
However, when we do this on Production which is this box with the issue at hand, then it gives the 403 Forbidden error.

Thanks & Regards,
Jitesh Dundas

Phone - 732-357-6292




On Fri, Mar 17, 2017 at 11:22 AM, Daniel Beck <[hidden email]> wrote:

> On 17.03.2017, at 10:18, jitesh dundas <[hidden email]> wrote:
>
> Thanks for responding. yes it is a private plugin for authentication ( Delegate to Servlet container. It works like a servlet filter which does cookie based authentication)

Then your plugin likely does not respect the well-known URLs that should be available without authentication to anyone.

Jenkins 2.37 introduced Jenkins#isSubjectToMandatoryReadPermissionCheck(String) to allow you to check whether something is exempt from that.


--
You received this message because you are subscribed to the Google Groups "Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/A5163AF8-CEE7-45F5-BB6A-297CF64B5950%40beckweb.net.
For more options, visit https://groups.google.com/d/optout.

--
You received this message because you are subscribed to the Google Groups "Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/CADA5cDAQB3v%3DbOYa9A%2BDavGYAWhFOsHdaNFXz6q-ANmkMhD04Q%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.
Loading...