-
Notifications
You must be signed in to change notification settings - Fork 35
Infinite Loop when redirect after login #2
Comments
Hi vittoN, this project is now part of the official jenkins community and moved to https://github.com/jenkinsci/keycloak-plugin . It is also part of the official plugin repository / update site jenkins-ci.org where you can get the current release of this plugin (for more information have a look at the official wiki page (https://wiki.jenkins.io/display/JENKINS/keycloak-plugin)). The version hosted on my private update-site as described on the readme.md is quite old and contains an error which can lead to an infinite loop if you use an keycloak server version newer than 3.0.0.Final. This error was fixed in Version 2.0.3 (https://github.com/jenkinsci/keycloak-plugin/blob/master/Changelog.md). The current version of this plugin is 2.2.0. Which plugin version do you use? The other possible reason for your infinite loop could be an error in your docker configuration. For the processing of each authentication request this plugin needs to communicate to your keycloak server for token validation and user information retrieval. Therefore this plugin uses the auth-server-url of your keycloak json configuration. If this URL can not be resolved/accessed from inside your jenkins docker container, this plugin will treat this request as unauthenticated and redirect it to the keycloak server, which checks the login and redirects again to jenkins and so on. So could you please check if your auth-server-url is reachable from inside your jenkins docker container? Kind Regards |
Hello vittoN, I had this issue before as well https://issues.jenkins-ci.org/browse/JENKINS-51549 I closed it, as per configuration, I was able to set it to work, However this doesn't work under SSL with self signed certificates, and I get the same endless loop, and I believe it to be the absence of an option to allow for no-check-certificate for example, thus entering a loop, as keycloak will always accept it, however jenkins will not give you any errors, just redirect you back to keycloak, and so on and so forth. I've close that issue at the moment, but I believe this one should be kept open, or reopened the other in the Jira so this can be attended. |
If deserialization of adapter config is failure, Jenkins becomes unavailable. Needs to be fixed manually by updating config files. This patch validates adapter config before saving.
Hi! I got same issue with Jenkins under kubernetes. I used nginx ingress to terminate ssl in ingress resource. It work perfectly however, if I integrate with keycloak it is throwing below error: I hope it is a cacert issue in the jenkins but not sure how to fix it. Could some one help me here? sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target |
URL encode user names. Handle user not found exceptions better
If you still had the infinite loop when keycloak redirect to jenkins. You should create your realm and client into keycloak before First try to read the log in your jenkins/keycloak pod or container. Configure your jenkins as below:
You can find these informations by
Try to login with jenkins, it should redirect you to keycloak and after login, Keycloak will redirect you into jenkins. |
Had an infinity loop as well. In keycloak, I inserted Using the "OpenID connect authentication" plugin works like a charm. Now I can use a more specific redirect URL again. |
Hi, i am trying to use jenkins plugin for keycloak but facing with the following problem. When i try to login from jenkins it correctly redirect me to the keycloak login page but when i insert credentials i get an endless redirect between jenkins and keycloak.
This is what i get from log:
This is my docker-compose:
Here my configuration of keycloak client:
Screenshoot of http reqests:
Thanks in advance.
The text was updated successfully, but these errors were encountered: