Discrepancies in Project-based Matrix Authorization Strategy display if oic-auth-plugin is set

[Lundkvist-prog]

Jenkins and plugins versions report

Jenkins version : 2.479.2
oic-auth-plugin version: 4.438.v6e62f6782770
matrix-auth version: 3.2.3

What Operating System are you using (both controller, and any agents involved in the problem)?

RHEL8

Reproduction steps

1. Set and configure oic-auth-plugin as security realm.
2. Set Project-based Matrix Authorization Strategy for authorization.
3. Click on "Add user..." button in the Project-based Matrix Authorization Strategy panel.
4. Enter 'User ID' of an existing user in the Jenkins database.
5. Click OK.
6. Click on "Add user..." button in the Project-based Matrix Authorization Strategy panel.
7. Enter 'User ID' of a non-existing user in the Jenkins database.
8. Click OK.

Expected Results

1. If a user, that does not exist in the Jenkins database, is added into the matrix, its row in the 'User/group' column will be displayed in red and with strikethrough e.g. "nonExistingUser" in the screenshot below.
2. If a user, that exists in the Jenkins database, is added into the matrix, its row in the 'User/group' column will be displayed default, in black e.g. "ExistingUser" in the screenshot below.
3. If an user is added into the matrix, its row in the 'User/group' column will also display a dedicated icon.
4. If a user is added into the matrix, its row in the 'User/group' column will display the user's 'Name'.

Actual Results

1. If a user, that does not exist in Jenkins database, is added into the matrix, its row in the 'User/group' column will be displayed in grey and without strikethrough e.g. "nonExistingUser" in the screenshot below.
2. If a user, that exists in the Jenkins database, is added into the matrix, its row in the 'User/group' column will be displayed in grey e.g. "ExistingUser" in the screenshot below.
3. If an user is added into the matrix, its row in the 'User/group' column will not display any icons.
4. If a user is added into the matrix, its row in the 'User/group' column will display the user's 'User ID', instead of 'Name'.

Anything else?

I was no sure whether to make this a feature request or a bug. I've ultimately landed in a bug, because the change of behaviour regarding the matrix only occurs when using oic-auth-plugin as security realm. The reproduction steps shows an example with adding a user i.e. using "Add user..." button but the same behavior can be reproduced with adding a group i.e. using "Add group...".

Are you interested in contributing a fix?

No response

[eva-mueller-coremedia]

I can reproduce this on a Jenkins 2.462.1 server which does not have the oic-auth-plugin installed => This is not oic-auth-plugin related.

This seem to be a bug(?) in the https://plugins.jenkins.io/matrix-auth/ plugin (I use version 3.2.3) - Maybe related to jenkinsci/matrix-auth-plugin#147?

There, they switched the usage from return FormValidation.okWithMarkup to FormValidation.respond which seem to behave differently: https://github.com/jenkinsci/jenkins/blob/master/core/src/main/java/hudson/util/FormValidation.java#L267

I suggest to report the bug there...

[jtnord]

I am not sure this is even a bug.

A security realm in Jenkins has a "lookup user" method that can be called
The return from this has 3 options
1, a user object for the user id it is known to exist in the realm
2. A NoSuchUser exception if the user is known to not exist
3. A UserMayorMayNotExist exception

As we can not lookup users we will always do 3.

As the matrix plugin doesn't know either way it about the user it does what it does.