I have deployed OCP 4.3 on AWS. I replaced the certs for the router with wildcards from letsencrypt. TLS from my browser and from apps in openshift to the router are all working fine. I deployed Jenkins using oc- new-app jenkins-persistent. When I try to login I'm presented with the "Login With OpenShift" screen, I login and authorize Jenkins to access OpenShift on behalf of me but then I'm stuck in a loop of the "Login With OpenShift" screen. Looking in the logs I see:
2020-02-04 18:48:29.870+0000 [id=18] INFO o.o.j.p.o.OpenShiftOAuth2SecurityRealm#populateDefaults: OpenShift OAuth: provider: OpenShiftProviderInfo: issuer: https://oauth-openshift.apps.devopsdev.tremolo.dev auth ep: https://oauth-openshift.apps.devopsdev.tremolo.dev/oauth/authorize token ep: https://oauth-openshift.apps.devopsdev.tremolo.dev/oauth/token 2020-02-04 18:48:29.873+0000 [id=18] INFO o.o.j.p.o.OpenShiftOAuth2SecurityRealm#useProviderOAuthEndpoint: OpenShift OAuth server is 4.x, specifically OpenShiftVersionInfo: major: 1 minor: 16+ gitVersion: v1.16.2 2020-02-04 18:48:29.873+0000 [id=18] INFO o.o.j.p.o.OpenShiftOAuth2SecurityRealm#initializeHttpsProxyAuthenticator: Checking if HTTPS proxy initialization is required ... 2020-02-04 18:48:29.887+0000 [id=18] INFO o.o.j.p.o.OpenShiftOAuth2SecurityRealm#transportToUse: OpenShift OAuth got an SSL error when accessing the issuer's token endpoint when using the SA certificate 2020-02-04 18:48:29.893+0000 [id=18] INFO o.o.j.p.o.OpenShiftOAuth2SecurityRealm#transportToUse: OpenShift OAuth was able to complete the SSL handshake when accessing the issuer's token endpoint using the JVMs default keystore 2020-02-04 18:48:29.894+0000 [id=18] INFO o.o.j.p.o.OpenShiftOAuth2SecurityRealm#populateDefaults: OpenShift OAuth returning true with namespace jenkins SA dir null default /run/secrets/ kubernetes.io/serviceaccount SA name null default jenkins client ID null default system:serviceaccount:jenkins:jenkins secret null default eyJhb....... redirect null default https://oauth-openshift.apps.devopsdev.tremolo.dev server null default https://kubernetes.default:443 2020-02-04 18:48:29.915+0000 [id=18] INFO o.o.j.p.o.OpenShiftOAuth2SecurityRealm#getRoleToPermissionMap: OpenShift Jenkins Login Plugin could not find the openshift-jenkins-login-plugin-config config map in namespace jenkins so the default permission mapping will be used 2020-02-04 18:48:30.051+0000 [id=16] INFO o.o.j.p.o.OpenShiftOAuth2SecurityRealm#populateDefaults: OpenShift OAuth: provider: OpenShiftProviderInfo: issuer: https://oauth-openshift.apps.devopsdev.tremolo.dev auth ep: https://oauth-openshift.apps.devopsdev.tremolo.dev/oauth/authorize token ep: https://oauth-openshift.apps.devopsdev.tremolo.dev/oauth/token 2020-02-04 18:48:30.064+0000 [id=16] INFO o.o.j.p.o.OpenShiftOAuth2SecurityRealm#useProviderOAuthEndpoint: OpenShift OAuth server is 4.x, specifically OpenShiftVersionInfo: major: 1 minor: 16+ gitVersion: v1.16.2 2020-02-04 18:48:30.064+0000 [id=16] INFO o.o.j.p.o.OpenShiftOAuth2SecurityRealm#initializeHttpsProxyAuthenticator: Checking if HTTPS proxy initialization is required ... 2020-02-04 18:48:30.075+0000 [id=16] INFO o.o.j.p.o.OpenShiftOAuth2SecurityRealm#transportToUse: OpenShift OAuth got an SSL error when accessing the issuer's token endpoint when using the SA certificate 2020-02-04 18:48:30.079+0000 [id=16] INFO o.o.j.p.o.OpenShiftOAuth2SecurityRealm#transportToUse: OpenShift OAuth was able to complete the SSL handshake when accessing the issuer's token endpoint using the JVMs default keystore 2020-02-04 18:48:30.079+0000 [id=16] INFO o.o.j.p.o.OpenShiftOAuth2SecurityRealm#populateDefaults: OpenShift OAuth returning true with namespace jenkins SA dir null default /run/secrets/ kubernetes.io/serviceaccount SA name null default jenkins client ID null default system:serviceaccount:jenkins:jenkins secret null default eyJhb....... redirect null default https://oauth-openshift.apps.devopsdev.tremolo.dev server null default https://kubernetes.default:443 2020-02-04 18:48:30.084+0000 [id=16] INFO o.o.j.p.o.OpenShiftOAuth2SecurityRealm#useProviderOAuthEndpoint: OpenShift OAuth server is 4.x, specifically OpenShiftVersionInfo: major: 1 minor: 16+ gitVersion: v1.16.2 2020-02-04 18:48:30.084+0000 [id=16] INFO o.o.j.p.o.OpenShiftOAuth2SecurityRealm#newOAuthSession: OpenShift OAuth using OAuth Provider specified endpoints for this login flow 2020-02-04 18:48:30.084+0000 [id=16] INFO o.o.j.p.o.OpenShiftOAuth2SecurityRealm#initializeHttpsProxyAuthenticator: Checking if HTTPS proxy initialization is required ... 2020-02-04 18:48:30.095+0000 [id=16] INFO o.o.j.p.o.OpenShiftOAuth2SecurityRealm#transportToUse: OpenShift OAuth got an SSL error when accessing the issuer's token endpoint when using the SA certificate Any thoughts? Thanks Marc
_______________________________________________ users mailing list users@lists.openshift.redhat.com http://lists.openshift.redhat.com/openshiftmm/listinfo/users
