[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

SSO with Jenkins not working



I have deployed OCP 4.3 on AWS.  I replaced the certs for the router with wildcards from letsencrypt.  TLS from my browser and from apps in openshift to the router are all working fine.  I deployed Jenkins using oc- new-app jenkins-persistent.  When I try to login I'm presented with the "Login With OpenShift" screen, I login and authorize Jenkins to access OpenShift on behalf of me but then I'm stuck in a loop of the "Login With OpenShift" screen.  Looking in the logs I see:

2020-02-04 18:48:29.870+0000 [id=18] INFO o.o.j.p.o.OpenShiftOAuth2SecurityRealm#populateDefaults: OpenShift OAuth: provider: OpenShiftProviderInfo: issuer: https://oauth-openshift.apps.devopsdev.tremolo.dev auth ep: https://oauth-openshift.apps.devopsdev.tremolo.dev/oauth/authorize token ep: https://oauth-openshift.apps.devopsdev.tremolo.dev/oauth/token
2020-02-04 18:48:29.873+0000 [id=18] INFO o.o.j.p.o.OpenShiftOAuth2SecurityRealm#useProviderOAuthEndpoint: OpenShift OAuth server is 4.x, specifically OpenShiftVersionInfo: major: 1 minor: 16+ gitVersion: v1.16.2
2020-02-04 18:48:29.873+0000 [id=18] INFO o.o.j.p.o.OpenShiftOAuth2SecurityRealm#initializeHttpsProxyAuthenticator: Checking if HTTPS proxy initialization is required ...
2020-02-04 18:48:29.887+0000 [id=18] INFO o.o.j.p.o.OpenShiftOAuth2SecurityRealm#transportToUse: OpenShift OAuth got an SSL error when accessing the issuer's token endpoint when using the SA certificate
2020-02-04 18:48:29.893+0000 [id=18] INFO o.o.j.p.o.OpenShiftOAuth2SecurityRealm#transportToUse: OpenShift OAuth was able to complete the SSL handshake when accessing the issuer's token endpoint using the JVMs default keystore
2020-02-04 18:48:29.894+0000 [id=18] INFO o.o.j.p.o.OpenShiftOAuth2SecurityRealm#populateDefaults: OpenShift OAuth returning true with namespace jenkins SA dir null default /run/secrets/kubernetes.io/serviceaccount SA name null default jenkins client ID null default system:serviceaccount:jenkins:jenkins secret null default eyJhb....... redirect null default https://oauth-openshift.apps.devopsdev.tremolo.dev server null default https://kubernetes.default:443
2020-02-04 18:48:29.915+0000 [id=18] INFO o.o.j.p.o.OpenShiftOAuth2SecurityRealm#getRoleToPermissionMap: OpenShift Jenkins Login Plugin could not find the openshift-jenkins-login-plugin-config config map in namespace jenkins so the default permission mapping will be used
2020-02-04 18:48:30.051+0000 [id=16] INFO o.o.j.p.o.OpenShiftOAuth2SecurityRealm#populateDefaults: OpenShift OAuth: provider: OpenShiftProviderInfo: issuer: https://oauth-openshift.apps.devopsdev.tremolo.dev auth ep: https://oauth-openshift.apps.devopsdev.tremolo.dev/oauth/authorize token ep: https://oauth-openshift.apps.devopsdev.tremolo.dev/oauth/token
2020-02-04 18:48:30.064+0000 [id=16] INFO o.o.j.p.o.OpenShiftOAuth2SecurityRealm#useProviderOAuthEndpoint: OpenShift OAuth server is 4.x, specifically OpenShiftVersionInfo: major: 1 minor: 16+ gitVersion: v1.16.2
2020-02-04 18:48:30.064+0000 [id=16] INFO o.o.j.p.o.OpenShiftOAuth2SecurityRealm#initializeHttpsProxyAuthenticator: Checking if HTTPS proxy initialization is required ...
2020-02-04 18:48:30.075+0000 [id=16] INFO o.o.j.p.o.OpenShiftOAuth2SecurityRealm#transportToUse: OpenShift OAuth got an SSL error when accessing the issuer's token endpoint when using the SA certificate
2020-02-04 18:48:30.079+0000 [id=16] INFO o.o.j.p.o.OpenShiftOAuth2SecurityRealm#transportToUse: OpenShift OAuth was able to complete the SSL handshake when accessing the issuer's token endpoint using the JVMs default keystore
2020-02-04 18:48:30.079+0000 [id=16] INFO o.o.j.p.o.OpenShiftOAuth2SecurityRealm#populateDefaults: OpenShift OAuth returning true with namespace jenkins SA dir null default /run/secrets/kubernetes.io/serviceaccount SA name null default jenkins client ID null default system:serviceaccount:jenkins:jenkins secret null default eyJhb....... redirect null default https://oauth-openshift.apps.devopsdev.tremolo.dev server null default https://kubernetes.default:443
2020-02-04 18:48:30.084+0000 [id=16] INFO o.o.j.p.o.OpenShiftOAuth2SecurityRealm#useProviderOAuthEndpoint: OpenShift OAuth server is 4.x, specifically OpenShiftVersionInfo: major: 1 minor: 16+ gitVersion: v1.16.2
2020-02-04 18:48:30.084+0000 [id=16] INFO o.o.j.p.o.OpenShiftOAuth2SecurityRealm#newOAuthSession: OpenShift OAuth using OAuth Provider specified endpoints for this login flow
2020-02-04 18:48:30.084+0000 [id=16] INFO o.o.j.p.o.OpenShiftOAuth2SecurityRealm#initializeHttpsProxyAuthenticator: Checking if HTTPS proxy initialization is required ...
2020-02-04 18:48:30.095+0000 [id=16] INFO o.o.j.p.o.OpenShiftOAuth2SecurityRealm#transportToUse: OpenShift OAuth got an SSL error when accessing the issuer's token endpoint when using the SA certificate

Any thoughts?

Thanks
Marc

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]