0

There is lot of help available. Not able to fix it. After I enter my user name and password. Jenkins with Azure AD login is successful and it return the token also. After that it fails with "A problem occurred while processing the request". Login is successful when I see the Azure side and jenkins ui prints token also.

When I see the error logs, I see 
javax.net.ssl|DEBUG|13|Handling POST /securityRealm/finishLogin from x.x.x.x : Jetty (winstone)-19|2021-07-15 19:36:53.374 EDT|Utilities.java:73|the previous server name in SNI (type=host_name (0), value=login.microsoftonline.com) was replaced with (type=host_name (0), value=login.microsoftonline.com)
2021-07-15 23:36:55.398+0000 [id=326]   INFO    c.m.a.a.AuthenticationAuthority#doInstanceDiscovery: [Correlation ID: e11160be-50c3-43d7-96a8-dc02c3cc2b2c] Instance discovery was successful
javax.net.ssl|ERROR|13|Handling POST /securityRealm/finishLogin from x.x.x.x : Jetty (winstone)-19|2021-07-15 19:36:55.769 EDT|TransportContext.java:344|Fatal **** (CERTIFICATE_UNKNOWN): PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target (
"throwable" : {

Also

javax.net.ssl|DEBUG|13|Handling POST /securityRealm/finishLogin from x.x.x.x : Jetty (winstone)-19|2021-07-15 19:36:55.773 EDT|SSLSocketImpl.java:1569|close the underlying socket
javax.net.ssl|DEBUG|13|Handling POST /securityRealm/finishLogin from x.x.x.x : Jetty (winstone)-19|2021-07-15 19:36:55.773 EDT|SSLSocketImpl.java:1588|close the SSL connection (initiative)
2021-07-15 23:36:55.787+0000 [id=19]    SEVERE  c.m.j.azuread.AzureSecurityRealm#doFinishLogin: error
sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

I have imported certs for login.microsoftonline.com and portal.azure.com, my jenkins.xml has

-Djavax.net.ssl.trustStore="C:\Program Files (x86)\Jenkins\.cacerts\jssecacerts"  -Djavax.net.ssl.trustStorePassword=changeit

Not sure what website it says "unable to find valid certification path to requested target"

Naveen Chandra Sekhara
  • 73
  • 1
  • 2
  • 8

1 Answers1

0

As posted in another entry in stack overflow I'd try to debug what is happening with your trustStore with something like:

java -Djavax.net.debug=all -Djavax.net.ssl.trustStore="C:\Program Files (x86)\Jenkins\.cacerts\jssecacerts" -Djavax.net.ssl.trustStorePassword=changeit

You may want to have a look at this post

Colin Moreno Burgess
  • 1,432
  • 1
  • 12
  • 17
  • Thanks a lot. I saw lot of debugs with this. I see this ``` javax.net.ssl|DEBUG|02 76|Handling POST /securityRealm/finishLogin from x.x.x.x : Jetty (winstone)-630|2021-07-19 13:36:35.524 EDT|SSLSocketOutputRecord.java:73|WRITE: TLS12 alert(certificate_unknown), length = 2. ``` Does this mean Azure is not able to POST to my jenkins on prem due to certs? my jenkins on prem has digi certs. – Naveen Chandra Sekhara Jul 21 '21 at 14:42
  • ** Can someone confirm if Jenkins is onprem, does Azure AD plugin works? ** – Naveen Chandra Sekhara Jul 29 '21 at 22:01
  • 1
    As everyone's case is different. I had to import symmantec certs our company uses. Java was not trusting this. Now its working. Moral This is a good link everyone knows already stackoverflow.com/questions/24563694/… Also enable SSL login with -Djavax.net.debug=all in jenkins.xml for further debugging. – Naveen Chandra Sekhara Aug 02 '21 at 21:57