Hi John, Someone else recently reported a problem with a URL that they tracked down to a misconfiguration. Are you having the problem described here? https://github.com/connectifier/jenkins-saml-plugin/issues/4
-Ben On Wed, Feb 18, 2015 at 8:09 AM, John Burrows <[email protected] > wrote: > Hi Ben, > > Thank you for your help, I have been trying to get the SAML plugin working > with our Ping federated server and have been unsuccessful. > > Here is what is happening: > > > Jenkins v 1.597 SAML plugin v 0.3 > > We are using an internal PingFederated server and I have entered the xml > metedata contents into the Security configuration of Jenkins. > > I have tried on two servers, one set up HTTPS (SSL) and one just HTTP. > > We get errors when trying to login using SSO that pertain to the > *https://servername/securityRealm/finishLogin* > <https://servername/securityRealm/finishLogin> redirect and the same for > non-SSL server. > > We are stumped on what to check here, the PingFederated administrator has > it set for the postback to the securityRealm/finishLogin URL, which is what > is in the code for the plugin, we just are not sure how to proceed. > > The contents of the xml metadata: > > <md:EntityDescriptor ID="MNkL_uYrUsdEca2oWqH6gdgG4t3" cacheDuration= > "PT1440M" entityID="ENTITYIDHERE:Saml2:POC" xmlns:md= > "urn:oasis:names:tc:SAML:2.0:metadata"><md:IDPSSODescriptor > protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol" > WantAuthnRequestsSigned="false"><md:KeyDescriptor use="signing" > ><ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#";><ds:X509Data> > <ds:X509Certificate>CERTIFICATECODE HERE > </ds:X509Certificate></ds:X509Data> > </ds:KeyInfo></md:KeyDescriptor><md:NameIDFormat> > urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified > </md:NameIDFormat><md:SingleSignOnService Binding= > "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location=" > https://SSOSERVERNAME/idp/SSO.saml2"/><md:SingleSignOnService Binding= > "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location=" > https://SSOSERVERNAME/idp/SSO.saml2"/><md:SingleSignOnService Binding= > "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact" Location=" > https://SSOSERVERNAME/idp/SSO.saml2"/><md:SingleSignOnService Binding= > "urn:oasis:names:tc:SAML:2.0:bindings:SOAP" Location=" > https://SSOSERVERNAME/idp/SSO.saml2"; > /></md:IDPSSODescriptor><md:ContactPerson contactType="administrative" > ><md:Company>COMPANYNAME > </md:Company></md:ContactPerson></md:EntityDescriptor> > > Any suggestions or hlep would be greatly appreciated. > > Thanks, > > John > > > On Friday, January 23, 2015 at 11:51:07 AM UTC-5, Ben McCann wrote: > >> Yes, all the contents of the xml file >> >> On Fri, Jan 23, 2015 at 8:29 AM, John Burrows <[email protected] >> > wrote: >> >>> Or is it just all the contents of the xml file? >>> >>> Thanks, >>> John >>> >>> --------------- >>> >>> John Burrows >>> >>> Supervisor Software Engineering, USA >>> >>> SCM: AD Common Services >>> <https://sites.google.com/a/aciworldwide.com/scm/> >>> >>> T + 1 704 423 2531 / M + 1 864 490 1091 >>> >>> *Vacation Alert :* >>> >>> *Feb 27 / **Mar 30-Apr 2 / Jun 29-Jul 2* >>> >>> >>> ACI Worldwide >>> www.aciworldwide.com >>> <http://www.google.com/url?q=http%3A%2F%2Fwww.aciworldwide.com%2F&sa=D&sntz=1&usg=AFrqEzfhJz2nwfsTXrBW8qgAxUBxy4eJuw> >>> ----------------------- >>> >>> For *AD Common Services: Infrastructure Services* support contact: >>> Jeni Jones <[email protected]> >>> For *AD Common Services:* *ARLM *support email: >>> [email protected] >>> For *AD Common Services: **SCM *support refer to the Google Site: >>> * SCM Contact/Request Information >>> <https://sites.google.com/a/aciworldwide.com/scm/contact>* >>> For *AD Common Services: **Security* or *AD Tools* support contact: >>> Andie Srivastava <[email protected]> >>> >>> >>> On Fri, Jan 23, 2015 at 11:27 AM, John Burrows < >>> [email protected]> wrote: >>> >>>> Ben, >>>> >>>> Thanks for the quick response, maybe I wasnt clear, but what I am >>>> asking, is what info goes into that field and in what format? >>>> >>>> Can you send me an example? >>>> >>>> Thanks, >>>> John >>>> >>>> --------------- >>>> >>>> John Burrows >>>> >>>> Supervisor Software Engineering, USA >>>> >>>> SCM: AD Common Services >>>> <https://sites.google.com/a/aciworldwide.com/scm/> >>>> >>>> T + 1 704 423 2531 / M + 1 864 490 1091 >>>> >>>> *Vacation Alert :* >>>> >>>> *Feb 27 / **Mar 30-Apr 2 / Jun 29-Jul 2* >>>> >>>> >>>> ACI Worldwide >>>> www.aciworldwide.com >>>> <http://www.google.com/url?q=http%3A%2F%2Fwww.aciworldwide.com%2F&sa=D&sntz=1&usg=AFrqEzfhJz2nwfsTXrBW8qgAxUBxy4eJuw> >>>> ----------------------- >>>> >>>> For *AD Common Services: Infrastructure Services* support contact: >>>> Jeni Jones <[email protected]> >>>> For *AD Common Services:* *ARLM *support email: >>>> [email protected] >>>> For *AD Common Services: **SCM *support refer to the Google Site: >>>> * SCM Contact/Request Information >>>> <https://sites.google.com/a/aciworldwide.com/scm/contact>* >>>> For *AD Common Services: **Security* or *AD Tools* support contact: >>>> Andie Srivastava <[email protected]> >>>> >>>> >>>> On Fri, Jan 23, 2015 at 11:10 AM, Ben McCann <[email protected]> >>>> wrote: >>>> >>>>> Hey John, >>>>> >>>>> Ping should be able to give you a metadata file which contains all the >>>>> configuration information you need. We set it up this way, so that you >>>>> only >>>>> have enter a single field instead of a few different fields. >>>>> >>>>> I haven't used Ping specifically before, but found these docs, which >>>>> may help you if this is the right Ping product: >>>>> http://documentation.pingidentity.com/display/PF66/Exporting+Metadata >>>>> >>>>> -Ben >>>>> >>>>> >>>>> On Fri, Jan 23, 2015 at 2:30 AM, John Burrows < >>>>> [email protected]> wrote: >>>>> >>>>>> Ben, >>>>>> >>>>>> I am trying to get the SAML plugin to work, but the configuration in >>>>>> Security is confusing. >>>>>> >>>>>> All I see when clicking SAML in the security configuration is: >>>>>> >>>>>> >>>>>> <https://lh4.googleusercontent.com/-TX1s_WUN4zg/VMIihJA5fpI/AAAAAAAACC8/DTB_uw1_HP0/s1600/SAML.jpg> >>>>>> >>>>>> Any ideas or help on how to properly configure it? >>>>>> >>>>>> We use an internal Ping Federated server for SSO authentication. >>>>>> >>>>>> Thanks >>>>>> >>>>>> John >>>>>> >>>>>> >>>>>> On Sunday, August 17, 2014 at 12:18:55 AM UTC-4, Ben McCann wrote: >>>>>>> >>>>>>> I've created a SAML 2.0 plugin for Jenkins >>>>>>> https://wiki.jenkins-ci.org/display/JENKINS/SAML+Plugin >>>>>>> >>>>>>> >>>>>>> On Tuesday, January 21, 2014 5:39:21 AM UTC-8, St. Georgiou wrote: >>>>>>>> >>>>>>>> Hey there, >>>>>>>> >>>>>>>> I'm looking for a jenkins plugin to enable sso authetication using >>>>>>>> shibboleth2. >>>>>>>> Is there such a thing? I can only find the CAS Plugin >>>>>>>> <https://wiki.jenkins-ci.org/display/JENKINS/CAS+Plugin> that >>>>>>>> only goes up >>>>>>>> to saml 1.1. >>>>>>>> >>>>>>>> Cheers >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> -- >>>>>>>> View this message in context: http://jenkins-ci.361315.n4.na >>>>>>>> bble.com/Jenkins-with-Saml-2-0-SSO-Authentication-tp4687801.html >>>>>>>> Sent from the Jenkins users mailing list archive at Nabble.com. >>>>>>>> >>>>>>> >>>>>> <http://www.aciworldwide.com> >>>>>> >>>>>> This email message and any attachments may contain confidential, >>>>>> proprietary or non-public information. The information is intended solely >>>>>> for the designated recipient(s). If an addressing or transmission error >>>>>> has >>>>>> misdirected this email, please notify the sender immediately and destroy >>>>>> this email. Any review, dissemination, use or reliance upon this >>>>>> information by unintended recipients is prohibited. Any opinions >>>>>> expressed >>>>>> in this email are those of the author personally. >>>>>> >>>>>> -- >>>>>> You received this message because you are subscribed to a topic in >>>>>> the Google Groups "Jenkins Users" group. >>>>>> To unsubscribe from this topic, visit https://groups.google.com/d/ >>>>>> topic/jenkinsci-users/L_5ACUwtJpM/unsubscribe. >>>>>> To unsubscribe from this group and all its topics, send an email to >>>>>> [email protected]. >>>>>> To view this discussion on the web visit https://groups.google.com/d/ >>>>>> msgid/jenkinsci-users/5a68a1a6-220c-4b6c-8035- >>>>>> 7172d87ae000%40googlegroups.com >>>>>> <https://groups.google.com/d/msgid/jenkinsci-users/5a68a1a6-220c-4b6c-8035-7172d87ae000%40googlegroups.com?utm_medium=email&utm_source=footer> >>>>>> . >>>>>> >>>>>> For more options, visit https://groups.google.com/d/optout. >>>>>> >>>>> >>>>> >>>>> >>>>> -- >>>>> about.me/benmccann >>>>> >>>>> -- >>>>> You received this message because you are subscribed to a topic in the >>>>> Google Groups "Jenkins Users" group. >>>>> To unsubscribe from this topic, visit https://groups.google.com/d/ >>>>> topic/jenkinsci-users/L_5ACUwtJpM/unsubscribe. >>>>> To unsubscribe from this group and all its topics, send an email to >>>>> [email protected]. >>>>> To view this discussion on the web visit https://groups.google.com/d/ >>>>> msgid/jenkinsci-users/CAH3cagNzcaax5BNUpVNnoTOn3FbaP >>>>> URmkyFdw3h9Mqmj5ngiOw%40mail.gmail.com >>>>> <https://groups.google.com/d/msgid/jenkinsci-users/CAH3cagNzcaax5BNUpVNnoTOn3FbaPURmkyFdw3h9Mqmj5ngiOw%40mail.gmail.com?utm_medium=email&utm_source=footer> >>>>> . >>>>> >>>>> For more options, visit https://groups.google.com/d/optout. >>>>> >>>> >>>> >>> >>> <http://www.aciworldwide.com> >>> >>> This email message and any attachments may contain confidential, >>> proprietary or non-public information. The information is intended solely >>> for the designated recipient(s). If an addressing or transmission error has >>> misdirected this email, please notify the sender immediately and destroy >>> this email. Any review, dissemination, use or reliance upon this >>> information by unintended recipients is prohibited. Any opinions expressed >>> in this email are those of the author personally. >>> >>> -- >>> You received this message because you are subscribed to a topic in the >>> Google Groups "Jenkins Users" group. >>> To unsubscribe from this topic, visit https://groups.google.com/d/ >>> topic/jenkinsci-users/L_5ACUwtJpM/unsubscribe. >>> To unsubscribe from this group and all its topics, send an email to >>> [email protected]. >>> To view this discussion on the web visit https://groups.google.com/d/ >>> msgid/jenkinsci-users/CAJrD%3D%2BZptr49OxCwS%3DsJPnaGobN- >>> F7ffK0%3DTvnO6u-SqukXvyQ%40mail.gmail.com >>> <https://groups.google.com/d/msgid/jenkinsci-users/CAJrD%3D%2BZptr49OxCwS%3DsJPnaGobN-F7ffK0%3DTvnO6u-SqukXvyQ%40mail.gmail.com?utm_medium=email&utm_source=footer> >>> . >>> >>> For more options, visit https://groups.google.com/d/optout. >>> >> >> >> >> -- >> about.me/benmccann >> > > <http://www.aciworldwide.com> > > This email message and any attachments may contain confidential, > proprietary or non-public information. The information is intended solely > for the designated recipient(s). If an addressing or transmission error has > misdirected this email, please notify the sender immediately and destroy > this email. Any review, dissemination, use or reliance upon this > information by unintended recipients is prohibited. Any opinions expressed > in this email are those of the author personally. > > -- > You received this message because you are subscribed to a topic in the > Google Groups "Jenkins Users" group. > To unsubscribe from this topic, visit > https://groups.google.com/d/topic/jenkinsci-users/L_5ACUwtJpM/unsubscribe. > To unsubscribe from this group and all its topics, send an email to > [email protected]. > To view this discussion on the web visit > https://groups.google.com/d/msgid/jenkinsci-users/d93be1b3-49c8-4c4f-a1a2-75305999f904%40googlegroups.com > <https://groups.google.com/d/msgid/jenkinsci-users/d93be1b3-49c8-4c4f-a1a2-75305999f904%40googlegroups.com?utm_medium=email&utm_source=footer> > . > > For more options, visit https://groups.google.com/d/optout. > -- about.me/benmccann -- You received this message because you are subscribed to the Google Groups "Jenkins Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/CAH3cagOr_7RBJosYtyxVaunHfYsBXNtYCn%3DHa62DWD-Rjb2tUg%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
