ReverseProxyAuth not working anymore

[Laurent Martelli]

Hi,

I've upgrade from 2.14 to 2.105, and all of a sudden, ReverseProxyAuth does jot work anymore.

Users appear anonymous to Jenkins unless they go to a URL not allowed to anonymous, where they are asked to login, and then they are appear as logged in.

I have configurer the logs to see what's going on I see this :

2018-02-07 17:54:18 FINE - org.jenkinsci.plugins.reverse_proxy_auth.ReverseProxySecurityRealm: USER LOGGED IN: laurent.martelli

Suggesting that the X-Forwarded-User is correctly sent by the Apache front.

Any idea of what's going wrong ? Or how to investigate the problem ?

Regards,
Laurent

[Ivan Fernandez Calvo]

If you use Apache httpd in front of Jenkins check that your config looks like this one

<VirtualHost *:80>
ProxyPreserveHost On
ProxyRequests Off
AllowEncodedSlashes NoDecode
Timeout 5400
ProxyTimeout 5400

<Proxy "*">
Order deny,allow
Allow from all
Authtype Basic
Authname "Password Required"
AuthUserFile /usr/local/apache2/conf/passwd
Require valid-user
RequestHeader unset "X-Forwarded-User"
RequestHeader unset "X-Forwarded-Groups"
RequestHeader unset "Authorization"
RewriteEngine On

RequestHeader set "X-Forwarded-User" "%{RU}e"
RequestHeader set "X-Forwarded-Groups" "%{RU}e|users"

RewriteCond %{LA-U:REMOTE_USER} (.+)
RewriteRule .* - [E=RU:%1,NS]
</Proxy>

ProxyPass "/jenkins" "http://jenkins.example.com:8282/jenkins" nocanon
ProxyPassReverse "/jenkins" "http://jenkins.example.com:8282/jenkins"
</virtualhost>

[Laurent Martelli]

I was missing the "ProxyPreserveHost On". I've added it and it seems to work again now :-) Thanks.