Uploaded image for project: 'Artifactory Binary Repository'
  1. Artifactory Binary Repository
  2. RTFACT-15324

Crowd login fails after upgrade from 5.4.6 to 5.6

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Done
    • Resolution: Done
    • Affects Version/s: None
    • Fix Version/s: 5.10.0
    • Component/s: Crowd
    • Environment:

      CentOS 7

    • Severity:
      High

      Description

      After upgrading Artifactory from 5.4.6 to 5.6 our Crowd users weren't able to login. Local users still work.

      The log states:

      2017-11-22 07:45:44,711 [http-nio-8080-exec-6] [DEBUG] (o.a.s.SecurityServiceImpl:1047) - Ensuring that user XXX should not be blocked
      2017-11-22 07:45:44,711 [http-nio-8080-exec-6] [DEBUG] (o.a.s.SecurityServiceImpl:1716) - Updating access details for user XXX, time=1511333144711, ip=xxx.xx.xx.xx
      2017-11-22 07:45:44,787 [http-nio-8080-exec-6] [DEBUG] (o.a.a.s.CrowdHttpAuthenticator:240) - Crowd token key: 'crowd.token_key', domain: '.mydomain.com', isSecure: 'false'
      2017-11-22 07:45:44,787 [http-nio-8080-exec-6] [ERROR] (o.a.a.s.SsoAddonImpl:245) - Unable to authenticate with Atlassian crowd: An invalid domain [.mydomain.com] was specified for this cookie
      2017-11-22 07:45:44,793 [http-nio-8080-exec-6] [DEBUG] (o.a.a.s.SsoAddonImpl:249) - Unable to authenticate user XXX with Atlassian crowd
      java.lang.IllegalArgumentException: An invalid domain [.mydomain.com] was specified for this cookie

      Our network setup is the following:

      • our internal domain is called .internaldomain.com, so the host is artifactory.internaldomain.com
      • Our firewall rewrites from external to internal so, artifactory.mydomain.com is rewritten to artifactory.internaldomain.com
      • Same goes for Crowd

      In crowd we added the host for the interal domain as well as the external domain to be sure.

      We suspect this is an Artifactory bug because everything worked fine on 5.4.6.

      To reproduce

      1. Setup a crowd instance where the cookie will contain a '.', for example '.myexample.com'
      2. Try logging in
      3. Notice this reproduces in 5.6 but not in previous versions

      NOTE: Certain Crowd servers require the '.'

        Attachments

          Activity

              People

              Assignee:
              yoazm Yoaz Menda (Inactive)
              Reporter:
              s.wartenberg Sander Wartenberg
              Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved:

                  Sync Status

                  Connection: RTFACT Sync
                  RTMID-15324 -
                  SYNCHRONIZED
                  • Last Sync Date: