Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

login to jenkins failed if openid provider not return group info #461

Open
caichao1103 opened this issue Nov 12, 2024 · 14 comments
Open

login to jenkins failed if openid provider not return group info #461

caichao1103 opened this issue Nov 12, 2024 · 14 comments

Comments

@caichao1103
Copy link

Jenkins and plugins versions report

Jenkins version : 2.452.4
plugin version: 4.418.vccc7061f5b_6d

What Operating System are you using (both controller, and any agents involved in the problem)?

Ubuntu 22.04.3 LTS

Reproduction steps

Our openid Provider does not provide group info. It caused login to jenkins failed. The error messages were below:

Nov 12 02:23:36 fcai-vm-01 jenkins[161716]: 2024-11-12 02:23:36.226+0000 [id=5809]#011WARNING#011o.j.plugins.oic.OicSecurityRealm#compileJMESPath: groups field config failed io.burt.jmespath.parser.ParseException: Unable to compile expression "": syntax error mismatched input '<EOF>' expecting {'!', '(', '*', '[', '{', '[?', '@', '', RAW_STRING, JSON_CONSTANT, NAME, STRING} at position 0
Nov 12 02:24:08 fcai-vm-01 jenkins[161716]: 2024-11-12 02:24:08.913+0000 [id=5809]#011WARNING#011o.e.j.s.h.ContextHandler$Context#log: Error while serving http://fcai-vm-01:8080/securityRealm/finishLogin
Nov 12 02:24:08 fcai-vm-01 jenkins[161716]: java.lang.IllegalArgumentException: The value must not be null or empty string
Nov 12 02:24:08 fcai-vm-01 jenkins[161716]: #011at com.nimbusds.oauth2.sdk.id.Identifier.(Identifier.java:95)
Nov 12 02:24:08 fcai-vm-01 jenkins[161716]: #011at com.nimbusds.oauth2.sdk.token.Token.(Token.java:52)
Nov 12 02:24:08 fcai-vm-01 jenkins[161716]: #011at com.nimbusds.oauth2.sdk.token.RefreshToken.(RefreshToken.java:79)
Nov 12 02:24:08 fcai-vm-01 jenkins[161716]: #011at com.nimbusds.oauth2.sdk.token.RefreshToken.parse(RefreshToken.java:121)
Nov 12 02:24:08 fcai-vm-01 jenkins[161716]: #011at com.nimbusds.openid.connect.sdk.token.OIDCTokens.parse(OIDCTokens.java:205)
Nov 12 02:24:08 fcai-vm-01 jenkins[161716]: #011at com.nimbusds.openid.connect.sdk.OIDCTokenResponse.parse(OIDCTokenResponse.java:164)
Nov 12 02:24:08 fcai-vm-01 jenkins[161716]: #011at com.nimbusds.openid.connect.sdk.OIDCTokenResponse.parse(OIDCTokenResponse.java:196)
Nov 12 02:24:08 fcai-vm-01 jenkins[161716]: #011at com.nimbusds.openid.connect.sdk.OIDCTokenResponseParser.parse(OIDCTokenResponseParser.java:78)
Nov 12 02:24:08 fcai-vm-01 jenkins[161716]: #011at org.pac4j.oidc.credentials.authenticator.OidcAuthenticator.executeTokenRequest(OidcAuthenticator.java:202)
Nov 12 02:24:08 fcai-vm-01 jenkins[161716]: #011at org.pac4j.oidc.credentials.authenticator.OidcAuthenticator.validate(OidcAuthenticator.java:165)
Nov 12 02:24:08 fcai-vm-01 jenkins[161716]: #011at org.pac4j.core.client.BaseClient.lambda$retrieveCredentials$0(BaseClient.java:75)
Nov 12 02:24:08 fcai-vm-01 jenkins[161716]: #011at java.base/java.util.Optional.ifPresent(Optional.java:183)
Nov 12 02:24:08 fcai-vm-01 jenkins[161716]: #011at org.pac4j.core.client.BaseClient.retrieveCredentials(BaseClient.java:72)
Nov 12 02:24:08 fcai-vm-01 jenkins[161716]: #011at org.pac4j.core.client.IndirectClient.getCredentials(IndirectClient.java:145)
Nov 12 02:24:08 fcai-vm-01 jenkins[161716]: #011at org.jenkinsci.plugins.oic.OicSecurityRealm.doFinishLogin(OicSecurityRealm.java:1272)
Nov 12 02:24:08 fcai-vm-01 jenkins[161716]: #011at java.base/java.lang.invoke.MethodHandle.invokeWithArguments(MethodHandle.java:710)
Nov 12 02:24:08 fcai-vm-01 jenkins[161716]: #011at org.kohsuke.stapler.Function$MethodFunction.invoke(Function.java:397)
Nov 12 02:24:08 fcai-vm-01 jenkins[161716]: Caused: java.lang.reflect.InvocationTargetException
Nov 12 02:24:08 fcai-vm-01 jenkins[161716]: #011at org.kohsuke.stapler.Function$MethodFunction.invoke(Function.java:401)
Nov 12 02:24:08 fcai-vm-01 jenkins[161716]: #011at org.kohsuke.stapler.Function$InstanceFunction.invoke(Function.java:409)
Nov 12 02:24:08 fcai-vm-01 jenkins[161716]: #011at org.kohsuke.stapler.Function.bindAndInvoke(Function.java:207)
Nov 12 02:24:08 fcai-vm-01 jenkins[161716]: #011at org.kohsuke.stapler.Function.bindAndInvokeAndServeResponse(Function.java:140)
Nov 12 02:24:08 fcai-vm-01 jenkins[161716]: #011at org.kohsuke.stapler.MetaClass$11.doDispatch(MetaClass.java:558)
Nov 12 02:24:08 fcai-vm-01 jenkins[161716]: #011at org.kohsuke.stapler.NameBasedDispatcher.dispatch(NameBasedDispatcher.java:59)
Nov 12 02:24:08 fcai-vm-01 jenkins[161716]: #011at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:770)
Nov 12 02:24:08 fcai-vm-01 jenkins[161716]: #011at org.kohsuke.stapler.Stapler.invoke(Stapler.java:900)
Nov 12 02:24:08 fcai-vm-01 jenkins[161716]: #011at org.kohsuke.stapler.MetaClass$2.doDispatch(MetaClass.java:224)
Nov 12 02:24:08 fcai-vm-01 jenkins[161716]: #011at org.kohsuke.stapler.NameBasedDispatcher.dispatch(NameBasedDispatcher.java:59)
Nov 12 02:24:08 fcai-vm-01 jenkins[161716]: #011at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:770)
Nov 12 02:24:08 fcai-vm-01 jenkins[161716]: #011at org.kohsuke.stapler.Stapler.invoke(Stapler.java:900)
Nov 12 02:24:08 fcai-vm-01 jenkins[161716]: #011at org.kohsuke.stapler.Stapler.invoke(Stapler.java:698)
Nov 12 02:24:08 fcai-vm-01 jenkins[161716]: #011at org.kohsuke.stapler.Stapler.service(Stapler.java:248)
Nov 12 02:24:08 fcai-vm-01 jenkins[161716]: #011at javax.servlet.http.HttpServlet.service(HttpServlet.java:590)
Nov 12 02:24:08 fcai-vm-01 jenkins[161716]: #011at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:764)
Nov 12 02:24:08 fcai-vm-01 jenkins[161716]: #011at org.eclipse.jetty.servlet.ServletHandler$ChainEnd.doFilter(ServletHandler.java:1665)
Nov 12 02:24:08 fcai-vm-01 jenkins[161716]: #011at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:163)
Nov 12 02:24:08 fcai-vm-01 jenkins[161716]: #011at io.jenkins.blueocean.ResourceCacheControl.doFilter(ResourceCacheControl.java:134)
Nov 12 02:24:08 fcai-vm-01 jenkins[161716]: #011at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:160)
Nov 12 02:24:08 fcai-vm-01 jenkins[161716]: #011at io.jenkins.blueocean.auth.jwt.impl.JwtAuthenticationFilter.doFilter(JwtAuthenticationFilter.java:60)
Nov 12 02:24:08 fcai-vm-01 jenkins[161716]: #011at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:160)
Nov 12 02:24:08 fcai-vm-01 jenkins[161716]: #011at jenkins.metrics.impl.MetricsFilter.doFilter(MetricsFilter.java:125)
Nov 12 02:24:08 fcai-vm-01 jenkins[161716]: #011at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:160)
Nov 12 02:24:08 fcai-vm-01 jenkins[161716]: #011at jenkins.util.HttpServletFilter$1.doFilter(HttpServletFilter.java:76)
Nov 12 02:24:08 fcai-vm-01 jenkins[161716]: #011at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:160)
Nov 12 02:24:08 fcai-vm-01 jenkins[161716]: #011at hudson.util.PluginServletFilter.doFilter(PluginServletFilter.java:166)
Nov 12 02:24:08 fcai-vm-01 jenkins[161716]: #011at org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:202)
Nov 12 02:24:08 fcai-vm-01 jenkins[161716]: #011at org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1635)
Nov 12 02:24:08 fcai-vm-01 jenkins[161716]: #011at jenkins.ErrorAttributeFilter.doFilter(ErrorAttributeFilter.java:29)
Nov 12 02:24:08 fcai-vm-01 jenkins[161716]: #011at org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:202)
Nov 12 02:24:08 fcai-vm-01 jenkins[161716]: #011at org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1635)
Nov 12 02:24:08 fcai-vm-01 jenkins[161716]: #011at hudson.security.csrf.CrumbFilter.doFilter(CrumbFilter.java:160)
Nov 12 02:24:08 fcai-vm-01 jenkins[161716]: #011at org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:202)
Nov 12 02:24:08 fcai-vm-01 jenkins[161716]: #011at org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1635)
Nov 12 02:24:08 fcai-vm-01 jenkins[161716]: #011at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:94)
Nov 12 02:24:08 fcai-vm-01 jenkins[161716]: #011at org.jenkinsci.plugins.oic.OicSecurityRealm$1.doFilter(OicSecurityRealm.java:863)
Nov 12 02:24:08 fcai-vm-01 jenkins[161716]: #011at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:99)
Nov 12 02:24:08 fcai-vm-01 jenkins[161716]: #011at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:94)
Nov 12 02:24:08 fcai-vm-01 jenkins[161716]: #011at jenkins.security.AcegiSecurityExceptionFilter.doFilter(AcegiSecurityExceptionFilter.java:52)
Nov 12 02:24:08 fcai-vm-01 jenkins[161716]: #011at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:99)
Nov 12 02:24:08 fcai-vm-01 jenkins[161716]: #011at hudson.security.UnwrapSecurityExceptionFilter.doFilter(UnwrapSecurityExceptionFilter.java:54)
Nov 12 02:24:08 fcai-vm-01 jenkins[161716]: #011at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:99)
Nov 12 02:24:08 fcai-vm-01 jenkins[161716]: #011at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:126)
Nov 12 02:24:08 fcai-vm-01 jenkins[161716]: #011at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:120)
Nov 12 02:24:08 fcai-vm-01 jenkins[161716]: #011at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:99)
Nov 12 02:24:08 fcai-vm-01 jenkins[161716]: #011at org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:100)
Nov 12 02:24:08 fcai-vm-01 jenkins[161716]: #011at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:99)
Nov 12 02:24:08 fcai-vm-01 jenkins[161716]: #011at org.springframework.security.web.authentication.rememberme.RememberMeAuthenticationFilter.doFilter(RememberMeAuthenticationFilter.java:145)
Nov 12 02:24:08 fcai-vm-01 jenkins[161716]: #011at org.springframework.security.web.authentication.rememberme.RememberMeAuthenticationFilter.doFilter(RememberMeAuthenticationFilter.java:101)
Nov 12 02:24:08 fcai-vm-01 jenkins[161716]: #011at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:99)
Nov 12 02:24:08 fcai-vm-01 jenkins[161716]: #011at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:227)
Nov 12 02:24:08 fcai-vm-01 jenkins[161716]: #011at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:221)
Nov 12 02:24:08 fcai-vm-01 jenkins[161716]: #011at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:99)
Nov 12 02:24:08 fcai-vm-01 jenkins[161716]: #011at jenkins.security.BasicHeaderProcessor.doFilter(BasicHeaderProcessor.java:97)
Nov 12 02:24:08 fcai-vm-01 jenkins[161716]: #011at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:99)
Nov 12 02:24:08 fcai-vm-01 jenkins[161716]: #011at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:117)
Nov 12 02:24:08 fcai-vm-01 jenkins[161716]: #011at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:87)
Nov 12 02:24:08 fcai-vm-01 jenkins[161716]: #011at hudson.security.HttpSessionContextIntegrationFilter2.doFilter(HttpSessionContextIntegrationFilter2.java:63)
Nov 12 02:24:08 fcai-vm-01 jenkins[161716]: #011at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:99)
Nov 12 02:24:08 fcai-vm-01 jenkins[161716]: #011at hudson.security.ChainedServletFilter.doFilter(ChainedServletFilter.java:111)
Nov 12 02:24:08 fcai-vm-01 jenkins[161716]: #011at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:99)
Nov 12 02:24:08 fcai-vm-01 jenkins[161716]: #011at hudson.security.ChainedServletFilter.doFilter(ChainedServletFilter.java:111)
Nov 12 02:24:08 fcai-vm-01 jenkins[161716]: #011at hudson.security.HudsonFilter.doFilter(HudsonFilter.java:172)
Nov 12 02:24:08 fcai-vm-01 jenkins[161716]: #011at org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:202)
Nov 12 02:24:08 fcai-vm-01 jenkins[161716]: #011at org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1635)
Nov 12 02:24:08 fcai-vm-01 jenkins[161716]: #011at org.kohsuke.stapler.compression.CompressionFilter.doFilter(CompressionFilter.java:53)
Nov 12 02:24:08 fcai-vm-01 jenkins[161716]: #011at org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:202)
Nov 12 02:24:08 fcai-vm-01 jenkins[161716]: #011at org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1635)
Nov 12 02:24:08 fcai-vm-01 jenkins[161716]: #011at hudson.util.CharacterEncodingFilter.doFilter(CharacterEncodingFilter.java:86)
Nov 12 02:24:08 fcai-vm-01 jenkins[161716]: #011at org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:202)
Nov 12 02:24:08 fcai-vm-01 jenkins[161716]: #011at org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1635)
Nov 12 02:24:08 fcai-vm-01 jenkins[161716]: #011at org.kohsuke.stapler.DiagnosticThreadNameFilter.doFilter(DiagnosticThreadNameFilter.java:30)
Nov 12 02:24:08 fcai-vm-01 jenkins[161716]: #011at org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:202)
Nov 12 02:24:08 fcai-vm-01 jenkins[161716]: #011at org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1635)
Nov 12 02:24:08 fcai-vm-01 jenkins[161716]: #011at jenkins.security.SuspiciousRequestFilter.doFilter(SuspiciousRequestFilter.java:38)
Nov 12 02:24:08 fcai-vm-01 jenkins[161716]: #011at org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:202)
Nov 12 02:24:08 fcai-vm-01 jenkins[161716]: #011at org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1635)
Nov 12 02:24:08 fcai-vm-01 jenkins[161716]: #011at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:527)
Nov 12 02:24:08 fcai-vm-01 jenkins[161716]: #011at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:131)
Nov 12 02:24:08 fcai-vm-01 jenkins[161716]: #011at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:569)
Nov 12 02:24:08 fcai-vm-01 jenkins[161716]: #011at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:122)
Nov 12 02:24:08 fcai-vm-01 jenkins[161716]: #011at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:223)
Nov 12 02:24:08 fcai-vm-01 jenkins[161716]: #011at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:1580)
Nov 12 02:24:08 fcai-vm-01 jenkins[161716]: #011at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:221)
Nov 12 02:24:08 fcai-vm-01 jenkins[161716]: #011at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1384)
Nov 12 02:24:08 fcai-vm-01 jenkins[161716]: #011at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:176)
Nov 12 02:24:08 fcai-vm-01 jenkins[161716]: #011at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:484)
Nov 12 02:24:08 fcai-vm-01 jenkins[161716]: #011at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:1553)
Nov 12 02:24:08 fcai-vm-01 jenkins[161716]: #011at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:174)
Nov 12 02:24:08 fcai-vm-01 jenkins[161716]: #011at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1306)
Nov 12 02:24:08 fcai-vm-01 jenkins[161716]: #011at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:129)
Nov 12 02:24:08 fcai-vm-01 jenkins[161716]: #011at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:122)
Nov 12 02:24:08 fcai-vm-01 jenkins[161716]: #011at org.eclipse.jetty.server.Server.handle(Server.java:563)
Nov 12 02:24:08 fcai-vm-01 jenkins[161716]: #011at org.eclipse.jetty.server.HttpChannel$RequestDispatchable.dispatch(HttpChannel.java:1598)
Nov 12 02:24:08 fcai-vm-01 jenkins[161716]: #011at org.eclipse.jetty.server.HttpChannel.dispatch(HttpChannel.java:753)
Nov 12 02:24:08 fcai-vm-01 jenkins[161716]: #011at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:501)
Nov 12 02:24:08 fcai-vm-01 jenkins[161716]: #011at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:287)
Nov 12 02:24:08 fcai-vm-01 jenkins[161716]: #011at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:314)
Nov 12 02:24:08 fcai-vm-01 jenkins[161716]: #011at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:100)
Nov 12 02:24:08 fcai-vm-01 jenkins[161716]: #011at org.eclipse.jetty.io.SelectableChannelEndPoint$1.run(SelectableChannelEndPoint.java:53)
Nov 12 02:24:08 fcai-vm-01 jenkins[161716]: #011at org.eclipse.jetty.util.thread.strategy.AdaptiveExecutionStrategy.runTask(AdaptiveExecutionStrategy.java:421)
Nov 12 02:24:08 fcai-vm-01 jenkins[161716]: #011at org.eclipse.jetty.util.thread.strategy.AdaptiveExecutionStrategy.consumeTask(AdaptiveExecutionStrategy.java:390)
Nov 12 02:24:08 fcai-vm-01 jenkins[161716]: #011at org.eclipse.jetty.util.thread.strategy.AdaptiveExecutionStrategy.tryProduce(AdaptiveExecutionStrategy.java:277)
Nov 12 02:24:08 fcai-vm-01 jenkins[161716]: #011at org.eclipse.jetty.util.thread.strategy.AdaptiveExecutionStrategy.run(AdaptiveExecutionStrategy.java:199)
Nov 12 02:24:08 fcai-vm-01 jenkins[161716]: #011at org.eclipse.jetty.util.thread.ReservedThreadExecutor$ReservedThread.run(ReservedThreadExecutor.java:411)
Nov 12 02:24:08 fcai-vm-01 jenkins[161716]: #011at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:969)
Nov 12 02:24:08 fcai-vm-01 jenkins[161716]: #011at org.eclipse.jetty.util.thread.QueuedThreadPool$Runner.doRunJob(QueuedThreadPool.java:1194)
Nov 12 02:24:08 fcai-vm-01 jenkins[161716]: #011at org.eclipse.jetty.util.thread.QueuedThreadPool$Runner.run(QueuedThreadPool.java:1149)
Nov 12 02:24:08 fcai-vm-01 jenkins[161716]: #011at java.base/java.lang.Thread.run(Thread.java:829)
Nov 12 02:24:08 fcai-vm-01 jenkins[161716]: 2024-11-12 02:24:08.919+0000 [id=5809]#011WARNING#011h.i.i.InstallUncaughtExceptionHandler#handleException: Caught unhandled exception with ID 43575e6e-eaca-40d4-95ac-545fed58f74f
Nov 12 02:24:08 fcai-vm-01 jenkins[161716]: java.lang.IllegalArgumentException: The value must not be null or empty string
Nov 12 02:24:08 fcai-vm-01 jenkins[161716]: #011at com.nimbusds.oauth2.sdk.id.Identifier.(Identifier.java:95)
Nov 12 02:24:08 fcai-vm-01 jenkins[161716]: #011at com.nimbusds.oauth2.sdk.token.Token.(Token.java:52)
Nov 12 02:24:08 fcai-vm-01 jenkins[161716]: #011at com.nimbusds.oauth2.sdk.token.RefreshToken.(RefreshToken.java:79)
Nov 12 02:24:08 fcai-vm-01 jenkins[161716]: #011at com.nimbusds.oauth2.sdk.token.RefreshToken.parse(RefreshToken.java:121)
Nov 12 02:24:08 fcai-vm-01 jenkins[161716]: #011at com.nimbusds.openid.connect.sdk.token.OIDCTokens.parse(OIDCTokens.java:205)
Nov 12 02:24:08 fcai-vm-01 jenkins[161716]: #011at com.nimbusds.openid.connect.sdk.OIDCTokenResponse.parse(OIDCTokenResponse.java:164)
Nov 12 02:24:08 fcai-vm-01 jenkins[161716]: #011at com.nimbusds.openid.connect.sdk.OIDCTokenResponse.parse(OIDCTokenResponse.java:196)
Nov 12 02:24:08 fcai-vm-01 jenkins[161716]: #011at com.nimbusds.openid.connect.sdk.OIDCTokenResponseParser.parse(OIDCTokenResponseParser.java:78)
Nov 12 02:24:08 fcai-vm-01 jenkins[161716]: #011at org.pac4j.oidc.credentials.authenticator.OidcAuthenticator.executeTokenRequest(OidcAuthenticator.java:202)
Nov 12 02:24:08 fcai-vm-01 jenkins[161716]: #011at org.pac4j.oidc.credentials.authenticator.OidcAuthenticator.validate(OidcAuthenticator.java:165)
Nov 12 02:24:08 fcai-vm-01 jenkins[161716]: #011at org.pac4j.core.client.BaseClient.lambda$retrieveCredentials$0(BaseClient.java:75)
Nov 12 02:24:08 fcai-vm-01 jenkins[161716]: #011at java.base/java.util.Optional.ifPresent(Optional.java:183)
Nov 12 02:24:08 fcai-vm-01 jenkins[161716]: #011at org.pac4j.core.client.BaseClient.retrieveCredentials(BaseClient.java:72)
Nov 12 02:24:08 fcai-vm-01 jenkins[161716]: #011at org.pac4j.core.client.IndirectClient.getCredentials(IndirectClient.java:145)
Nov 12 02:24:08 fcai-vm-01 jenkins[161716]: #011at org.jenkinsci.plugins.oic.OicSecurityRealm.doFinishLogin(OicSecurityRealm.java:1272)
Nov 12 02:24:08 fcai-vm-01 jenkins[161716]: #011at java.base/java.lang.invoke.MethodHandle.invokeWithArguments(MethodHandle.java:710)
Nov 12 02:24:08 fcai-vm-01 jenkins[161716]: #011at org.kohsuke.stapler.Function$MethodFunction.invoke(Function.java:397)
Nov 12 02:24:08 fcai-vm-01 jenkins[161716]: #011at org.kohsuke.stapler.Function$InstanceFunction.invoke(Function.java:409)
Nov 12 02:24:08 fcai-vm-01 jenkins[161716]: #011at org.kohsuke.stapler.Function.bindAndInvoke(Function.java:207)
Nov 12 02:24:08 fcai-vm-01 jenkins[161716]: #011at org.kohsuke.stapler.Function.bindAndInvokeAndServeResponse(Function.java:140)
Nov 12 02:24:08 fcai-vm-01 jenkins[161716]: #011at org.kohsuke.stapler.MetaClass$11.doDispatch(MetaClass.java:558)
Nov 12 02:24:08 fcai-vm-01 jenkins[161716]: #011at org.kohsuke.stapler.NameBasedDispatcher.dispatch(NameBasedDispatcher.java:59)
Nov 12 02:24:08 fcai-vm-01 jenkins[161716]: #011at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:770)
Nov 12 02:24:08 fcai-vm-01 jenkins[161716]: Caused: javax.servlet.ServletException
Nov 12 02:24:08 fcai-vm-01 jenkins[161716]: #011at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:818)
Nov 12 02:24:08 fcai-vm-01 jenkins[161716]: #011at org.kohsuke.stapler.Stapler.invoke(Stapler.java:900)
Nov 12 02:24:08 fcai-vm-01 jenkins[161716]: #011at org.kohsuke.stapler.MetaClass$2.doDispatch(MetaClass.java:224)
Nov 12 02:24:08 fcai-vm-01 jenkins[161716]: #011at org.kohsuke.stapler.NameBasedDispatcher.dispatch(NameBasedDispatcher.java:59)
Nov 12 02:24:08 fcai-vm-01 jenkins[161716]: #011at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:770)
Nov 12 02:24:08 fcai-vm-01 jenkins[161716]: #011at org.kohsuke.stapler.Stapler.invoke(Stapler.java:900)
Nov 12 02:24:08 fcai-vm-01 jenkins[161716]: #011at org.kohsuke.stapler.Stapler.invoke(Stapler.java:698)
Nov 12 02:24:08 fcai-vm-01 jenkins[161716]: #011at org.kohsuke.stapler.Stapler.service(Stapler.java:248)
Nov 12 02:24:08 fcai-vm-01 jenkins[161716]: #011at javax.servlet.http.HttpServlet.service(HttpServlet.java:590)
Nov 12 02:24:08 fcai-vm-01 jenkins[161716]: #011at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:764)
Nov 12 02:24:08 fcai-vm-01 jenkins[161716]: #011at org.eclipse.jetty.servlet.ServletHandler$ChainEnd.doFilter(ServletHandler.java:1665)
Nov 12 02:24:08 fcai-vm-01 jenkins[161716]: #011at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:163)
Nov 12 02:24:08 fcai-vm-01 jenkins[161716]: #011at io.jenkins.blueocean.ResourceCacheControl.doFilter(ResourceCacheControl.java:134)
Nov 12 02:24:08 fcai-vm-01 jenkins[161716]: #011at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:160)
Nov 12 02:24:08 fcai-vm-01 jenkins[161716]: #011at io.jenkins.blueocean.auth.jwt.impl.JwtAuthenticationFilter.doFilter(JwtAuthenticationFilter.java:60)
Nov 12 02:24:08 fcai-vm-01 jenkins[161716]: #011at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:160)
Nov 12 02:24:08 fcai-vm-01 jenkins[161716]: #011at jenkins.metrics.impl.MetricsFilter.doFilter(MetricsFilter.java:125)
Nov 12 02:24:08 fcai-vm-01 jenkins[161716]: #011at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:160)
Nov 12 02:24:08 fcai-vm-01 jenkins[161716]: #011at jenkins.util.HttpServletFilter$1.doFilter(HttpServletFilter.java:76)
Nov 12 02:24:08 fcai-vm-01 jenkins[161716]: #011at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:160)
Nov 12 02:24:08 fcai-vm-01 jenkins[161716]: #011at hudson.util.PluginServletFilter.doFilter(PluginServletFilter.java:166)
Nov 12 02:24:08 fcai-vm-01 jenkins[161716]: #011at org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:202)
Nov 12 02:24:08 fcai-vm-01 jenkins[161716]: #011at org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1635)
Nov 12 02:24:08 fcai-vm-01 jenkins[161716]: #011at jenkins.ErrorAttributeFilter.doFilter(ErrorAttributeFilter.java:29)
Nov 12 02:24:08 fcai-vm-01 jenkins[161716]: #011at org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:202)
Nov 12 02:24:08 fcai-vm-01 jenkins[161716]: #011at org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1635)
Nov 12 02:24:08 fcai-vm-01 jenkins[161716]: #011at hudson.security.csrf.CrumbFilter.doFilter(CrumbFilter.java:160)
Nov 12 02:24:08 fcai-vm-01 jenkins[161716]: #011at org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:202)
Nov 12 02:24:08 fcai-vm-01 jenkins[161716]: #011at org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1635)
Nov 12 02:24:08 fcai-vm-01 jenkins[161716]: #011at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:94)
Nov 12 02:24:08 fcai-vm-01 jenkins[161716]: #011at org.jenkinsci.plugins.oic.OicSecurityRealm$1.doFilter(OicSecurityRealm.java:863)
Nov 12 02:24:08 fcai-vm-01 jenkins[161716]: #011at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:99)
Nov 12 02:24:08 fcai-vm-01 jenkins[161716]: #011at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:94)
Nov 12 02:24:08 fcai-vm-01 jenkins[161716]: #011at jenkins.security.AcegiSecurityExceptionFilter.doFilter(AcegiSecurityExceptionFilter.java:52)
Nov 12 02:24:08 fcai-vm-01 jenkins[161716]: #011at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:99)
Nov 12 02:24:08 fcai-vm-01 jenkins[161716]: #011at hudson.security.UnwrapSecurityExceptionFilter.doFilter(UnwrapSecurityExceptionFilter.java:54)
Nov 12 02:24:08 fcai-vm-01 jenkins[161716]: #011at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:99)
Nov 12 02:24:08 fcai-vm-01 jenkins[161716]: #011at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:126)
Nov 12 02:24:08 fcai-vm-01 jenkins[161716]: #011at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:120)
Nov 12 02:24:08 fcai-vm-01 jenkins[161716]: #011at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:99)
Nov 12 02:24:08 fcai-vm-01 jenkins[161716]: #011at org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:100)
Nov 12 02:24:08 fcai-vm-01 jenkins[161716]: #011at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:99)
Nov 12 02:24:08 fcai-vm-01 jenkins[161716]: #011at org.springframework.security.web.authentication.rememberme.RememberMeAuthenticationFilter.doFilter(RememberMeAuthenticationFilter.java:145)
Nov 12 02:24:08 fcai-vm-01 jenkins[161716]: #011at org.springframework.security.web.authentication.rememberme.RememberMeAuthenticationFilter.doFilter(RememberMeAuthenticationFilter.java:101)
Nov 12 02:24:08 fcai-vm-01 jenkins[161716]: #011at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:99)
Nov 12 02:24:08 fcai-vm-01 jenkins[161716]: #011at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:227)
Nov 12 02:24:08 fcai-vm-01 jenkins[161716]: #011at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:221)
Nov 12 02:24:08 fcai-vm-01 jenkins[161716]: #011at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:99)
Nov 12 02:24:08 fcai-vm-01 jenkins[161716]: #011at jenkins.security.BasicHeaderProcessor.doFilter(BasicHeaderProcessor.java:97)
Nov 12 02:24:08 fcai-vm-01 jenkins[161716]: #011at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:99)
Nov 12 02:24:08 fcai-vm-01 jenkins[161716]: #011at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:117)
Nov 12 02:24:08 fcai-vm-01 jenkins[161716]: #011at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:87)
Nov 12 02:24:08 fcai-vm-01 jenkins[161716]: #011at hudson.security.HttpSessionContextIntegrationFilter2.doFilter(HttpSessionContextIntegrationFilter2.java:63)
Nov 12 02:24:08 fcai-vm-01 jenkins[161716]: #011at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:99)
Nov 12 02:24:08 fcai-vm-01 jenkins[161716]: #011at hudson.security.ChainedServletFilter.doFilter(ChainedServletFilter.java:111)
Nov 12 02:24:08 fcai-vm-01 jenkins[161716]: #011at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:99)
Nov 12 02:24:08 fcai-vm-01 jenkins[161716]: #011at hudson.security.ChainedServletFilter.doFilter(ChainedServletFilter.java:111)
Nov 12 02:24:08 fcai-vm-01 jenkins[161716]: #011at hudson.security.HudsonFilter.doFilter(HudsonFilter.java:172)
Nov 12 02:24:08 fcai-vm-01 jenkins[161716]: #011at org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:202)
Nov 12 02:24:08 fcai-vm-01 jenkins[161716]: #011at org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1635)
Nov 12 02:24:08 fcai-vm-01 jenkins[161716]: #011at org.kohsuke.stapler.compression.CompressionFilter.doFilter(CompressionFilter.java:53)
Nov 12 02:24:08 fcai-vm-01 jenkins[161716]: #011at org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:202)
Nov 12 02:24:08 fcai-vm-01 jenkins[161716]: #011at org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1635)
Nov 12 02:24:08 fcai-vm-01 jenkins[161716]: #011at hudson.util.CharacterEncodingFilter.doFilter(CharacterEncodingFilter.java:86)
Nov 12 02:24:08 fcai-vm-01 jenkins[161716]: #011at org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:202)
Nov 12 02:24:08 fcai-vm-01 jenkins[161716]: #011at org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1635)
Nov 12 02:24:08 fcai-vm-01 jenkins[161716]: #011at org.kohsuke.stapler.DiagnosticThreadNameFilter.doFilter(DiagnosticThreadNameFilter.java:30)
Nov 12 02:24:08 fcai-vm-01 jenkins[161716]: #011at org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:202)
Nov 12 02:24:08 fcai-vm-01 jenkins[161716]: #011at org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1635)
Nov 12 02:24:08 fcai-vm-01 jenkins[161716]: #011at jenkins.security.SuspiciousRequestFilter.doFilter(SuspiciousRequestFilter.java:38)
Nov 12 02:24:08 fcai-vm-01 jenkins[161716]: #011at org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:202)
Nov 12 02:24:08 fcai-vm-01 jenkins[161716]: #011at org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1635)
Nov 12 02:24:08 fcai-vm-01 jenkins[161716]: #011at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:527)
Nov 12 02:24:08 fcai-vm-01 jenkins[161716]: #011at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:131)
Nov 12 02:24:08 fcai-vm-01 jenkins[161716]: #011at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:569)
Nov 12 02:24:08 fcai-vm-01 jenkins[161716]: #011at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:122)
Nov 12 02:24:08 fcai-vm-01 jenkins[161716]: #011at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:223)
Nov 12 02:24:08 fcai-vm-01 jenkins[161716]: #011at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:1580)
Nov 12 02:24:08 fcai-vm-01 jenkins[161716]: #011at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:221)
Nov 12 02:24:08 fcai-vm-01 jenkins[161716]: #011at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1384)
Nov 12 02:24:08 fcai-vm-01 jenkins[161716]: #011at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:176)
Nov 12 02:24:08 fcai-vm-01 jenkins[161716]: #011at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:484)
Nov 12 02:24:08 fcai-vm-01 jenkins[161716]: #011at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:1553)
Nov 12 02:24:08 fcai-vm-01 jenkins[161716]: #011at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:174)
Nov 12 02:24:08 fcai-vm-01 jenkins[161716]: #011at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1306)
Nov 12 02:24:08 fcai-vm-01 jenkins[161716]: #011at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:129)
Nov 12 02:24:08 fcai-vm-01 jenkins[161716]: #011at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:122)
Nov 12 02:24:08 fcai-vm-01 jenkins[161716]: #011at org.eclipse.jetty.server.Server.handle(Server.java:563)
Nov 12 02:24:08 fcai-vm-01 jenkins[161716]: #011at org.eclipse.jetty.server.HttpChannel$RequestDispatchable.dispatch(HttpChannel.java:1598)
Nov 12 02:24:08 fcai-vm-01 jenkins[161716]: #011at org.eclipse.jetty.server.HttpChannel.dispatch(HttpChannel.java:753)
Nov 12 02:24:08 fcai-vm-01 jenkins[161716]: #011at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:501)
Nov 12 02:24:08 fcai-vm-01 jenkins[161716]: #011at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:287)
Nov 12 02:24:08 fcai-vm-01 jenkins[161716]: #011at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:314)
Nov 12 02:24:08 fcai-vm-01 jenkins[161716]: #011at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:100)
Nov 12 02:24:08 fcai-vm-01 jenkins[161716]: #011at org.eclipse.jetty.io.SelectableChannelEndPoint$1.run(SelectableChannelEndPoint.java:53)
Nov 12 02:24:08 fcai-vm-01 jenkins[161716]: #011at org.eclipse.jetty.util.thread.strategy.AdaptiveExecutionStrategy.runTask(AdaptiveExecutionStrategy.java:421)
Nov 12 02:24:08 fcai-vm-01 jenkins[161716]: #011at org.eclipse.jetty.util.thread.strategy.AdaptiveExecutionStrategy.consumeTask(AdaptiveExecutionStrategy.java:390)
Nov 12 02:24:08 fcai-vm-01 jenkins[161716]: #011at org.eclipse.jetty.util.thread.strategy.AdaptiveExecutionStrategy.tryProduce(AdaptiveExecutionStrategy.java:277)
Nov 12 02:24:08 fcai-vm-01 jenkins[161716]: #011at org.eclipse.jetty.util.thread.strategy.AdaptiveExecutionStrategy.run(AdaptiveExecutionStrategy.java:199)
Nov 12 02:24:08 fcai-vm-01 jenkins[161716]: #011at org.eclipse.jetty.util.thread.ReservedThreadExecutor$ReservedThread.run(ReservedThreadExecutor.java:411)
Nov 12 02:24:08 fcai-vm-01 jenkins[161716]: #011at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:969)
Nov 12 02:24:08 fcai-vm-01 jenkins[161716]: #011at org.eclipse.jetty.util.thread.QueuedThreadPool$Runner.doRunJob(QueuedThreadPool.java:1194)
Nov 12 02:24:08 fcai-vm-01 jenkins[161716]: #011at org.eclipse.jetty.util.thread.QueuedThreadPool$Runner.run(QueuedThreadPool.java:1149)
Nov 12 02:24:08 fcai-vm-01 jenkins[161716]: #011at java.base/java.lang.Thread.run(Thread.java:829)
`

Expected Results

login jenkins successfully

Actual Results

failed to login jenkins

Anything else?

No response

Are you interested in contributing a fix?

No response
@biru-codeastromer
Copy link

@caichao1103 hey sir can i work on this issue?

@eva-mueller-coremedia
Copy link
Contributor

@caichao1103 What did you specify as Groups field name in the configuration backend? Did you specify "" or did you leave the field empty?

@caichao1103
Copy link
Author

@caichao1103 What did you specify as Groups field name in the configuration backend? Did you specify "" or did you leave the field empty?

I left it empty @eva-mueller-coremedia

@eva-mueller-coremedia
Copy link
Contributor

@caichao1103

  • Which provider do you use?
  • What is the field/config name, in which your provider stores the groups of a user?

@caichao1103
Copy link
Author

@caichao1103

* Which provider do you use?

* What is the field/config name, in which your provider stores the groups of a user?

@eva-mueller-coremedia
The provider is developed by our own team and used internally only.
The config detail is as below.

Image

@eva-mueller-coremedia
Copy link
Contributor

For me, it seems that the warning

Nov 12 02:23:36 fcai-vm-01 jenkins[161716]: 2024-11-12 02:23:36.226+0000 [id=5809]#011WARNING#011o.j.plugins.oic.OicSecurityRealm#compileJMESPath: groups field config failed io.burt.jmespath.parser.ParseException: Unable to compile expression "": syntax error mismatched input '<EOF>' expecting {'!', '(', '*', '[', '{', '[?', '@', '', RAW_STRING, JSON_CONSTANT, NAME, STRING} at position 0

is not the root cause of your problem. See https://github.com/jenkinsci/oic-auth-plugin/blob/4.418.vccc7061f5b_6d/src/main/java/org/jenkinsci/plugins/oic/OicSecurityRealm.java#L722

The main problem seems to be the Refresh Token:

Nov 12 02:24:08 fcai-vm-01 jenkins[161716]: 2024-11-12 02:24:08.913+0000 [id=5809]#011WARNING#011o.e.j.s.h.ContextHandler$Context#log: Error while serving http://fcai-vm-01:8080/securityRealm/finishLogin
Nov 12 02:24:08 fcai-vm-01 jenkins[161716]: java.lang.IllegalArgumentException: The value must not be null or empty string
Nov 12 02:24:08 fcai-vm-01 jenkins[161716]: #011at com.nimbusds.oauth2.sdk.id.Identifier.(Identifier.java:95)
Nov 12 02:24:08 fcai-vm-01 jenkins[161716]: #011at com.nimbusds.oauth2.sdk.token.Token.(Token.java:52)
Nov 12 02:24:08 fcai-vm-01 jenkins[161716]: #011at com.nimbusds.oauth2.sdk.token.RefreshToken.(RefreshToken.java:79)
[...]
Nov 12 02:24:08 fcai-vm-01 jenkins[161716]: #011at org.jenkinsci.plugins.oic.OicSecurityRealm.doFinishLogin(OicSecurityRealm.java:1272)

@caichao1103

  • Can you ensure that your internally developed provider is a conformant OIDC provider?
  • When you login via your provider, does it return an ID token, access token, and refresh token?
    • If your provider does not support refresh token, did you disable the config "Enable Token Refresh using Refresh Tokens?"
  • Did you try to update to the latest version of the oic-auth plugin?

@caichao1103
Copy link
Author

For me, it seems that the warning

Nov 12 02:23:36 fcai-vm-01 jenkins[161716]: 2024-11-12 02:23:36.226+0000 [id=5809]#011WARNING#011o.j.plugins.oic.OicSecurityRealm#compileJMESPath: groups field config failed io.burt.jmespath.parser.ParseException: Unable to compile expression "": syntax error mismatched input '<EOF>' expecting {'!', '(', '*', '[', '{', '[?', '@', '', RAW_STRING, JSON_CONSTANT, NAME, STRING} at position 0

is not the root cause of your problem. See https://github.com/jenkinsci/oic-auth-plugin/blob/4.418.vccc7061f5b_6d/src/main/java/org/jenkinsci/plugins/oic/OicSecurityRealm.java#L722

The main problem seems to be the Refresh Token:

Nov 12 02:24:08 fcai-vm-01 jenkins[161716]: 2024-11-12 02:24:08.913+0000 [id=5809]#011WARNING#011o.e.j.s.h.ContextHandler$Context#log: Error while serving http://fcai-vm-01:8080/securityRealm/finishLogin
Nov 12 02:24:08 fcai-vm-01 jenkins[161716]: java.lang.IllegalArgumentException: The value must not be null or empty string
Nov 12 02:24:08 fcai-vm-01 jenkins[161716]: #011at com.nimbusds.oauth2.sdk.id.Identifier.(Identifier.java:95)
Nov 12 02:24:08 fcai-vm-01 jenkins[161716]: #011at com.nimbusds.oauth2.sdk.token.Token.(Token.java:52)
Nov 12 02:24:08 fcai-vm-01 jenkins[161716]: #011at com.nimbusds.oauth2.sdk.token.RefreshToken.(RefreshToken.java:79)
[...]
Nov 12 02:24:08 fcai-vm-01 jenkins[161716]: #011at org.jenkinsci.plugins.oic.OicSecurityRealm.doFinishLogin(OicSecurityRealm.java:1272)

@caichao1103

* Can you ensure that your internally developed provider is a conformant OIDC provider?

* When you login via your provider, does it return an ID token, access token, and refresh token?
  
  * If your provider does not support refresh token, did you disable the config "Enable Token Refresh using Refresh Tokens?"

* Did you try to update to the latest version of the oic-auth plugin?

@eva-mueller-coremedia
Our production jenkins is using oic-auth 4.303.v84089a_708ea_7, everything is OK. When we tried to update oic-auth to 4.418.vccc7061f5b_6d on our dev jenkins, we ran into the issue.
How to disable the config - "Enable Token Refresh using Refresh Tokens" please?

@eva-mueller-coremedia
Copy link
Contributor

How to disable the config - "Enable Token Refresh using Refresh Tokens" please?

I get this option when using the manual configuration mode. Does not seem to be present when using the well-known endpoint.

@caichao1103
Copy link
Author

How to disable the config - "Enable Token Refresh using Refresh Tokens" please?

I get this option when using the manual configuration mode. Does not seem to be present when using the well-known endpoint.

@eva-mueller-coremedia
I just updated oic plugin version to the latest version 4.438.v6e62f6782770 on jenkins dev environment, and did not enable "Enable Token Refresh using Refresh Tokens" option, but I still get the same error.

@eva-mueller-coremedia
Copy link
Contributor

When you login via your provider, does it return an ID token, access token, and refresh token?

@caichao1103
Copy link
Author

When you login via your provider, does it return an ID token, access token, and refresh token?

it returns ID token.

@eva-mueller-coremedia
Copy link
Contributor

Did you check for breaking changes in https://github.com/jenkinsci/oic-auth-plugin/releases since 4.303.v84089a_708ea_7?

Like

If you consider all changes necessary due to the breaking changes and it still does not work, this is likely something for @jtnord

@caichao1103
Copy link
Author

Did you check for breaking changes in https://github.com/jenkinsci/oic-auth-plugin/releases since 4.303.v84089a_708ea_7?

Like

* https://github.com/jenkinsci/oic-auth-plugin/releases/tag/4.388.v4f73328eb_d2c

* https://github.com/jenkinsci/oic-auth-plugin/releases/tag/4.350.v347c3b_8b_9d95

If you consider all changes necessary due to the breaking changes and it still does not work, this is likely something for @jtnord

Yes, I DID check for these breaking changes.

@eva-mueller-coremedia
Copy link
Contributor

It seems, when OicSecurityRealm#doFinishLogin requests the credentials

Credentials credentials = client.getCredentials(webContext, sessionStore)
                    .orElseThrow(() -> new Failure("Could not extract credentials from request"));

in the end OIDCTokens wants to parse the Access Token as well the Refresh Token (at least in version oauth2-oidc-sdk-10.1.jar)

Maybe @jtnord can dig deeper here?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@eva-mueller-coremedia @caichao1103 @biru-codeastromer