connecting to Jenkins with own openid provider (simpleid)

Question

Does anybody know how to connect to Jenkins with own openid provider?

We have an openid provider on our website - simpleid (http://simpleid.koinic.net/) I try to connect with it to Jenkins. I've checked that I can connect to Jenkins with google account, myopenid, .... But when I try to add my openidprovider URL to OpenID SSO and save these changes on MYJENKINS/configure, I get a Java exception:

Exception: java.lang.RuntimeException: Failed to instantiate class hudson.plugins.openid.OpenIdSsoSecurityRealm from {"endpoint":"MY_OPENID_URL","stapler-class":"hudson.plugins.openid.OpenIdSsoSecurityRealm","value":"4

When I try to enter any other website (every site I know) I can save it.

What's wrong with our openid server configuration?

Thanks!

Answer 1

We've encountered the same issue. Here's what we found:

If you'd examine the exception closely you'll notice that the root cause for raising the exception is described in the stack trace

Caused by: org.openid4java.discovery.DiscoveryException: 0x70d: Error parsing XML document
.
.
.   
Caused by: org.xml.sax.SAXParseException; lineNumber: 4; columnNumber: 15; cvc-complex-type.2.4.a: Invalid content was found starting with element 'Type'. One of '{"xri://$xrd*($v*2.0)":Query, "xri://$xrd*($v*2.0)":Status, "xri://$xrd*($v*2.0)":ServerStatus, "xri://$xrd*($v*2.0)":Expires, "xri://$xrd*($v*2.0)":ProviderID, "xri://$xrd*($v*2.0)":Redirect, "xri://$xrd*($v*2.0)":Ref, "xri://$xrd*($v*2.0)":LocalID, "xri://$xrd*($v*2.0)":EquivID, "xri://$xrd*($v*2.0)":CanonicalID, "xri://$xrd*($v*2.0)":CanonicalEquivID, "xri://$xrd*($v*2.0)":Service, WC[##other:"xri://$xrd*($v*2.0)"], WC[""]}' is expected. at com.sun.org.apache.xerces.internal.util.ErrorHandlerWrapper.createSAXParseException

Seems like simple id uses XRDS simple, a format that has been canceled in late 2008. I'm not sure if it's still a valid OpenID 2.0 response, but I know that Jenkins cannot parse it.

If you will manually edit the XRDS document (just remove <Type>xri://$xrds*simple</Type> from the document) and point Jenkins to the location of the file you've edited (and made available on an http server), you will be able to save the configuration with no error.

But, unfortunately this will still fail to work. When trying to login the following error will be displayed:

javax.servlet.ServletException: org.openid4java.consumer.ConsumerException: 0xa00: Authentication cannot continue: no discovery information provided.

Seems like SimpleID supports a per-user endpoint but does not provide a single endpoint for multiple users - which is what Jeknins needs in SSO mode.

Bottom line - you'll have to use another OpenID provider than SimpleID