Several authentication related plugins do not work on Jenkins releases with the SECURITY-901 fix.
The fix requires that security realms call
SecurityListener#loggedIn after successful authentication. If a security realm does not do either, sessions will be invalidated immediately, and users logged out again.
To disable this security fix when using a security realm that does not call
SecurityListener as described above, set the Java system property
Setting this system property will undo the additional protection provided by the security fix.
The table below provides a list of plugin which were affected by the SECURITY-901 fix in Jenkins 2.150.2 and 2.160. "Status" column reflects the current state. Note that this list is not exhaustive.
If you encounter a plugin that no longer works as expected due to the fix, please add it to the list. More importantly, please file a bug report, if one doesn’t exist, to help ensure that the appropriate plugin maintainer is informed.
|Azure AD||https://github.com/jenkinsci/azure-ad-plugin/pull/35||Fixed in 0.3.2 (2019-01-18)|
JENKINS-55668 - Unable to login with Bitbucket Oauth plugin after Jenkins update (2.150.2) Resolved
Fixed in 0.9 (2019-01-19)
|CAS||https://github.com/jenkinsci/cas-plugin/pull/2||Fixed in 1.4.3 (2019-01-21)|
JENKINS-55892 - CollabNet-Plugin is not compatible with SECURITY-901 fix (Upgrading to 2.160) In Review
|https://github.com/jenkinsci/collabnet-plugin/pull/27||PR proposed (untested), in review|
|Google Login||n/a||n/a||Compatible since 1.4 (2018-05-30)|
JENKINS-55698 - SSO + CRSF causes 403 errors Resolved
|https://github.com/jenkinsci/kerberos-sso-plugin/pull/13||Fixed in 1.5 (2019-02-14)|
JENKINS-55669 - Auth plugin doesn't work after upgrade to Jenkins 2.150.2 Resolved
Fixed in 2.3.0 (2019-01-20)
JENKINS-55683 - Endless loop on login when using OpenID plugin after upgrading to 2.160 / 2.150.2, preventing user authentication Resolved
Fixed in 2.3 (2018-01-25)
|OpenID Connect Authentication|
JENKINS-55654 - infinite redirect loop when auth provider is oidc (after update to 2.160) Resolved
Fixed in 1.5 (2019-01-20)
|Windows Negotiate SSO|
JENKINS-55697 - NegotiateSSO Plugin is not compatible with SECURITY-901 FIX (Upgrading to 2.160/2.150.2) Resolved
|https://github.com/jenkinsci/negotiatesso-plugin/pull/2||Fixed in 1.2 (2019-03-06)|