[jbosstools-issues] [JBoss JIRA] (JBIDE-15830) openshift-java-client: incompatibility with OpenShift Enterprise and Origin when using the remote-user authentication plugin

Andre Dietisheim (JIRA) jira-events at lists.jboss.org
Tue Nov 5 05:38:02 EST 2013 

    [ https://issues.jboss.org/browse/JBIDE-15830?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12829628#comment-12829628 ] 

Andre Dietisheim edited comment on JBIDE-15830 at 11/5/13 5:36 AM:
-------------------------------------------------------------------

sure I had a quick look at the docs, I read what should be used in theory.. But looking at the code it looks like there's no other explanation that there's no authKey being passed to the HttpClient (if there's a non-empty autKey, it's either using "OpenShift" or prepending it to the existing user-agent). Thus I was wondering if you had looked into the authKey being passed in while debugging the jenkins-plugin. Did you?
                
      was (Author: adietish):
    sure I had a quick look at the docs, I read what should be used in theory.. But looking at the code it looks like there's no other explanation that there's not authKey being passed to the HttpClient (if there's a non-empty autKey, it's either using "OpenShift" or prepending it to the existing user-agent). Thus I was wondering if you had looked into the authKey being passed in while debugging the jenkins-plugin. Did you?
                  
> openshift-java-client: incompatibility with OpenShift Enterprise and Origin when using the remote-user authentication plugin
> ----------------------------------------------------------------------------------------------------------------------------
>
>                 Key: JBIDE-15830
>                 URL: https://issues.jboss.org/browse/JBIDE-15830
>             Project: Tools (JBoss Tools)
>          Issue Type: Bug
>          Components: openshift
>            Reporter: Brenton Leanhardt
>            Assignee: Andre Dietisheim
>              Labels: openshift-java-client
>             Fix For: 4.1.1.CR1, 4.2.0.Alpha1
>
>
> OpenShift Enterprise and Origin both ship an authentication plugin that allows parts of authentication to be handled by Apache and other parts to be delegated to the openshift-origin-controller codebase.  I've found that all versions of openshift-java-client after 2.3.0.Final change a (poorly documented) requirement for the OpenShift remote-user plugin.
> In order for a request to bypass the Apache authentication and passthrough to the OpenShift Broker the user-agent header is inspected.  If the user-agent is 'OpenShift' then the Broker will require an encrypted authentication token.  Today this is used by the jenkins cartridge but I believe it's also still used for scaling.
> You can see this for details:
> https://github.com/openshift/origin-server/blob/master/documentation/archive/how_nodes_act_on_behalf_of_users.md#how-the-encrypted-token-is-used
> In 2.3.0.Final of the openshift-java-client the user-agent was 'OpenShift' however all versions after this set the user-agent to the java version (eg, User-Agent: Java/1.7.0_45).

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

More information about the jbosstools-issues mailing list