oic-auth-plugin icon indicating copy to clipboard operation
oic-auth-plugin copied to clipboard

Published 20 hours ago verified publisher icon jenkinsci

Issues with Escapehatch configuration and logging in to Jenkins to generate API token

Open pkpatrykpk opened this issue 1 year ago • 1 comments

Jenkins and plugins versions report

Environment 
Jenkins: 2.346.3
OS: Linux - 4.18.0-305.57.1.el8_4.x86_64
Java: 11.0.16.1 - Red Hat, Inc. (OpenJDK 64-Bit Server VM)
---
Parameterized-Remote-Trigger:3.1.6.3
ace-editor:1.1
ansicolor:1.0.2
ant:481.v7b_09e538fcca
antisamy-markup-formatter:155.v795fb_8702324
apache-httpcomponents-client-4-api:4.5.13-138.v4e7d9a_7b_a_e61
authentication-tokens:1.4
basic-branch-build-strategies:71.vc1421f89888e
blueocean:1.26.0
blueocean-autofavorite:1.2.5
blueocean-bitbucket-pipeline:1.26.0
blueocean-commons:1.26.0
blueocean-config:1.26.0
blueocean-core-js:1.26.0
blueocean-dashboard:1.26.0
blueocean-display-url:2.4.1
blueocean-events:1.26.0
blueocean-git-pipeline:1.26.0
blueocean-github-pipeline:1.26.0
blueocean-i18n:1.26.0
blueocean-jira:1.26.0
blueocean-jwt:1.26.0
blueocean-personalization:1.26.0
blueocean-pipeline-api-impl:1.26.0
blueocean-pipeline-editor:1.26.0
blueocean-pipeline-scm-api:1.26.0
blueocean-rest:1.26.0
blueocean-rest-impl:1.26.0
blueocean-web:1.26.0
bootstrap4-api:4.6.0-5
bootstrap5-api:5.2.1-3
bouncycastle-api:2.26
branch-api:2.1051.v9985666b_f6cc
caffeine-api:2.9.3-65.v6a_47d0f4d1fe
checks-api:1.8.0
cloud-stats:254.v47891b_b_5b_6f6
cloudbees-bitbucket-branch-source:791.vb_eea_a_476405b
cloudbees-disk-usage-simple:178.v1a_4d2f6359a_8
cloudbees-folder:6.740.ve4f4ffa_dea_54
command-launcher:90.v669d7ccb_7c31
commons-lang3-api:3.12.0-36.vd97de6465d5b_
commons-text-api:1.10.0-27.vb_fa_3896786a_7
conditional-buildstep:1.4.2
config-file-provider:3.11.1
configuration-as-code:1569.vb_72405b_80249
configuration-as-code-groovy:1.1
credentials:1143.vb_e8b_b_ceee347
credentials-binding:523.vd859a_4b_122e6
display-url-api:2.3.6
docker-commons:1.21
docker-workflow:563.vd5d2e5c4007f
durable-task:503.v57154d18d478
echarts-api:5.4.0-1
email-ext:2.92
extended-read-permission:3.2
external-monitor-job:203.v683c09d993b_9
favorite:2.4.1
folder-properties:1.2.1
font-awesome-api:6.2.0-3
generic-webhook-trigger:1.86.1
git:4.12.1
git-client:3.13.1
git-server:1.11
github:1.34.5
github-api:1.303-400.v35c2d8258028
github-branch-source:1696.v3a_7603564d04
google-oauth-plugin:1.0.7
groovy:453.vcdb_a_c5c99890
handlebars:3.0.8
handy-uri-templates-2-api:2.1.8-22.v77d5b_75e6953
htmlpublisher:1.31
ionicons-api:31.v4757b_6987003
jackson2-api:2.14.1-313.v504cdd45c18b
jakarta-activation-api:2.0.1-2
jakarta-mail-api:2.0.1-2
javadoc:226.v71211feb_e7e9
javax-activation-api:1.2.0-5
javax-mail-api:1.6.2-8
jaxb:2.3.7-1
jdk-tool:63.v62d2fd4b_4793
jenkins-design-language:1.26.0
jersey2-api:2.37-1
jira:3.8
jjwt-api:0.11.5-77.v646c772fddb_0
jnr-posix-api:3.1.16-1
job-dsl:1.81
jquery-detached:1.2.1
jquery3-api:3.6.1-2
jsch:0.1.55.61.va_e9ee26616e7
junit:1166.va_436e268e972
kubernetes:1.31.0
kubernetes-client-api:5.10.1-171.vaa0774fb8c20
kubernetes-credentials:0.9.0
locale:204.v2a_f305fe7e9d
lockable-resources:2.18
mailer:435.v79ef3972b_5c7
mapdb-api:1.0.9.0
matrix-auth:3.1.5
matrix-project:772.v494f19991984
maven-plugin:3.20
mercurial:1260.vdfb_723cdcc81
metrics:4.2.13-420.vea_2f17932dd6
mina-sshd-api-common:2.9.2-50.va_0e1f42659a_a
mina-sshd-api-core:2.9.2-50.va_0e1f42659a_a
momentjs:1.1.1
multibranch-scan-webhook-trigger:1.0.9
oauth-credentials:0.5
oic-auth:2.5
okhttp-api:4.9.3-108.v0feda04578cf
openshift-client:1.0.38
openshift-login:1.0.29
openshift-sync:1.0.55
openstack-cloud:2.63
pam-auth:1.10
parameter-separator:1.3
parameterized-trigger:2.45
pipeline-build-step:2.18
pipeline-github-lib:38.v445716ea_edda_
pipeline-graph-analysis:195.v5812d95a_a_2f9
pipeline-groovy-lib:629.vb_5627b_ee2104
pipeline-input-step:466.v6d0a_5df34f81
pipeline-milestone-step:101.vd572fef9d926
pipeline-model-api:2.2118.v31fd5b_9944b_5
pipeline-model-declarative-agent:1.1.1
pipeline-model-definition:2.2118.v31fd5b_9944b_5
pipeline-model-extensions:2.2118.v31fd5b_9944b_5
pipeline-rest-api:2.28
pipeline-stage-step:296.v5f6908f017a_5
pipeline-stage-tags-metadata:2.2118.v31fd5b_9944b_5
pipeline-stage-view:2.28
pipeline-utility-steps:2.13.0
plain-credentials:139.ved2b_9cf7587b
plugin-util-api:2.18.0
popper-api:1.16.1-3
popper2-api:2.11.6-2
prometheus:2.0.11
pubsub-light:1.16
rebuild:1.34
resource-disposer:0.20
role-strategy:575.v4d286a_03e6d7
run-condition:1.5
scm-api:631.v9143df5b_e4a_a
script-security:1228.vd93135a_2fb_25
snakeyaml-api:1.33-90.v80dcb_3814d35
sonar:2.14
sonar-quality-gates:1.3.1
sse-gateway:1.25
ssh-agent:295.v9ca_a_1c7cc3a_a_
ssh-credentials:305.v8f4381501156
ssh-slaves:1.834.v622da_57f702c
sshd:3.242.va_db_9da_b_26a_c3
structs:324.va_f5d6774f3a_d
subversion:2.16.0
timestamper:1.20
token-macro:321.vd7cc1f2a_52c8
trilead-api:1.67.vc3938a_35172f
variant:59.vf075fe829ccb
windows-slaves:1.8.1
workflow-aggregator:590.v6a_d052e5a_a_b_5
workflow-api:1200.v8005c684b_a_c6
workflow-basic-steps:994.vd57e3ca_46d24
workflow-cps:3536.vb_8a_6628079d5
workflow-cps-global-lib:609.vd95673f149b_b
workflow-durable-task-step:1217.v38306d8fa_b_5c
workflow-job:1207.ve6191ff089f8
workflow-multibranch:716.vc692a_e52371b_
workflow-remote-loader:1.5
workflow-scm-step:400.v6b_89a_1317c9a_
workflow-step-api:639.v6eca_cd8c04a_a_
workflow-support:839.v35e2736cfd5c
ws-cleanup:0.43

What Operating System are you using (both controller, and any agents involved in the problem)?

linux

Reproduction steps

  • Attempt to generate a token through the Jenkins API by providing the Escapehatch user credentials (user:password).

  • Observe that the token generation fails with an error message.

  • Log in with Escapehatch user credentials manually.

  • Attempt to generate a token through the Jenkins API by providing the same Escapehatch user credentials (user:password).

  • Observe that the token generation is successful without any errors.

  • Repeat above steps using the Jenkins CLI instead of the Jenkins API.

Expected Results

Generate API token

Actual Results

[2023-04-07 11:58:43.707]: + java -jar /tmp/jenkins-cli.jar -s HOST -auth **** -webSocket groovy = [2023-04-07 11:58:47.873]:
[2023-04-07 11:58:47.873]: ERROR: Unexpected exception occurred while performing groovy command. [2023-04-07 11:58:47.873]: java.lang.NullPointerException: Cannot invoke method getProperty() on null object [2023-04-07 11:58:47.873]: at org.codehaus.groovy.runtime.NullObject.invokeMethod(NullObject.java:91) [2023-04-07 11:58:47.873]: at org.codehaus.groovy.runtime.callsite.PogoMetaClassSite.call(PogoMetaClassSite.java:47) [2023-04-07 11:58:47.873]: at org.codehaus.groovy.runtime.callsite.CallSiteArray.defaultCall(CallSiteArray.java:47) [2023-04-07 11:58:47.873]: at org.codehaus.groovy.runtime.callsite.NullCallSite.call(NullCallSite.java:34) [2023-04-07 11:58:47.873]: at org.codehaus.groovy.runtime.callsite.CallSiteArray.defaultCall(CallSiteArray.java:47) [2023-04-07 11:58:47.873]: at org.codehaus.groovy.runtime.callsite.AbstractCallSite.call(AbstractCallSite.java:116) [2023-04-07 11:58:47.873]: at org.codehaus.groovy.runtime.callsite.AbstractCallSite.call(AbstractCallSite.java:128) [2023-04-07 11:58:47.873]: at RemoteClass.run(RemoteClass:12) [2023-04-07 11:58:47.873]: at groovy.lang.GroovyShell.runScriptOrMainOrTestOrRunnable(GroovyShell.java:263) [2023-04-07 11:58:47.873]: at groovy.lang.GroovyShell.run(GroovyShell.java:507) [2023-04-07 11:58:47.873]: at groovy.lang.GroovyShell.run(GroovyShell.java:486) [2023-04-07 11:58:47.873]: at hudson.cli.GroovyCommand.run(GroovyCommand.java:73) [2023-04-07 11:58:47.874]: at hudson.cli.CLICommand.main(CLICommand.java:252) [2023-04-07 11:58:47.874]: at hudson.cli.CLIAction$ServerSideImpl.run(CLIAction.java:299) [2023-04-07 11:58:47.874]: at hudson.cli.CLIAction$1.lambda$opened$0(CLIAction.java:154) [2023-04-07 11:58:47.874]: at java.base/java.lang.Thread.run(Thread.java:829)

Anything else?

I am writing to report an issue with the Escapehatch configuration and logging in to Jenkins. Specifically, I am having trouble generating a token when attempting to log in through the Escapehatch user, but I am able to log in using the same credentials manually. This problem occurs when trying to generate tokens through both the Jenkins API and the Jenkins CLI (both by providing user:password).

Could you please investigate this issue and provide guidance on how to resolve it? Any assistance would be greatly appreciated.

pkpatrykpk avatar Apr 07 '23 11:04 pkpatrykpk

Escape Hatch doesn't have a user associated, it is only a way to login with admin rights.

What are you trying to achieve ?

michael-doubez avatar Apr 10 '24 11:04 michael-doubez