Article ID:4403678455451
1 minute readKnowledge base

The saml plugin is impacted by a thread leak for versions 2.0.2 and 2.0.3. This issue might end up with:

  1. A java.lang.OutOfMemoryError: unable to create new native thread. This specifically has a very high impact in OpenShift platforms as OpenShift enforces a default container PID limit of 1024.

  2. Performance issues in the Controller while accessing to the GUI for example.

To confirm you are impacted by this issue, take a thread dump through $JENKINS_URL/threadDump, or How to generate a thread dump?. Where we will see dozens, or hundreds of threads like the one below. A new thread is created after each login.

"Timer for org.opensaml.saml.metadata.resolver.impl.FilesystemMetadataResolver@f6fe197" id=384439 (0x5ddb7) state=TIMED_WAITING cpu=0%
    - waiting on <0x52d088af> (a java.util.TaskQueue)
    - locked <0x52d088af> (a java.util.TaskQueue)
    at java.lang.Object.wait(Native Method)
    at java.util.TimerThread.mainLoop(


The issue was tracked as JENKINS-65513.

The solution for this issue is to upgrade the saml plugin to a version equal, or higher than 2.0.5.