Hi Ben
I am also having the same issue trying to configure the SAML plugin for use
with Okta for Jenkins.
I have the xml data in the plugin configuration and I have the URL set
under Jenkins / Configure System but when we try to login via okta we get
the message displayed:
"
HTTP ERROR 404
Problem accessing /jenkins/securityRealm/finishLogin. Reason:
Not Found
"
And in /var/log/jenkins/jenkins.log I see the message:
"May 05, 2015 5:30:04 PM org.pac4j.saml.sso.Saml2WebSSOProfileHandler
sendMessage
WARNING: IdP wants authn requests signed, it will perhaps reject your authn
requests unless you provide a keystore
"
I'm not sure what else to try and the Okta support we have is also unsure
as to why Jenkins is giving us this message.
Can you help with this?
thanks
Gregor
On Wednesday, February 18, 2015 at 2:38:19 PM UTC-8, Ben McCann wrote:
>
> Hi John,
>
> Someone else recently reported a problem with a URL that they tracked down
> to a misconfiguration. Are you having the problem described here?
> https://github.com/connectifier/jenkins-saml-plugin/issues/4
>
> -Ben
>
>
>
> On Wed, Feb 18, 2015 at 8:09 AM, John Burrows <[email protected]
> <javascript:>> wrote:
>
>> Hi Ben,
>>
>> Thank you for your help, I have been trying to get the SAML plugin
>> working with our Ping federated server and have been unsuccessful.
>>
>> Here is what is happening:
>>
>>
>> Jenkins v 1.597 SAML plugin v 0.3
>>
>> We are using an internal PingFederated server and I have entered the xml
>> metedata contents into the Security configuration of Jenkins.
>>
>> I have tried on two servers, one set up HTTPS (SSL) and one just HTTP.
>>
>> We get errors when trying to login using SSO that pertain to the
>> *https://servername/securityRealm/finishLogin*
>> <https://servername/securityRealm/finishLogin> redirect and the same for
>> non-SSL server.
>>
>> We are stumped on what to check here, the PingFederated administrator has
>> it set for the postback to the securityRealm/finishLogin URL, which is what
>> is in the code for the plugin, we just are not sure how to proceed.
>>
>> The contents of the xml metadata:
>>
>> <md:EntityDescriptor ID="MNkL_uYrUsdEca2oWqH6gdgG4t3" cacheDuration=
>> "PT1440M" entityID="ENTITYIDHERE:Saml2:POC" xmlns:md=
>> "urn:oasis:names:tc:SAML:2.0:metadata"><md:IDPSSODescriptor
>> protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol"
>> WantAuthnRequestsSigned="false"><md:KeyDescriptor use="signing"
>> ><ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#";><ds:X509Data>
>> <ds:X509Certificate>CERTIFICATECODE HERE
>> </ds:X509Certificate></ds:X509Data>
>> </ds:KeyInfo></md:KeyDescriptor><md:NameIDFormat>
>> urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified
>> </md:NameIDFormat><md:SingleSignOnService Binding=
>> "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="
>> https://SSOSERVERNAME/idp/SSO.saml2"/><md:SingleSignOnService Binding=
>> "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="
>> https://SSOSERVERNAME/idp/SSO.saml2"/><md:SingleSignOnService Binding=
>> "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact" Location="
>> https://SSOSERVERNAME/idp/SSO.saml2"/><md:SingleSignOnService Binding=
>> "urn:oasis:names:tc:SAML:2.0:bindings:SOAP" Location="
>> https://SSOSERVERNAME/idp/SSO.saml2";
>> /></md:IDPSSODescriptor><md:ContactPerson contactType="administrative"
>> ><md:Company>COMPANYNAME
>> </md:Company></md:ContactPerson></md:EntityDescriptor>
>>
>> Any suggestions or hlep would be greatly appreciated.
>>
>> Thanks,
>>
>> John
>>
>>
>> On Friday, January 23, 2015 at 11:51:07 AM UTC-5, Ben McCann wrote:
>>
>>> Yes, all the contents of the xml file
>>>
>>> On Fri, Jan 23, 2015 at 8:29 AM, John Burrows <
>>> [email protected]> wrote:
>>>
>>>> Or is it just all the contents of the xml file?
>>>>
>>>> Thanks,
>>>> John
>>>>
>>>> ---------------
>>>>
>>>> John Burrows
>>>>
>>>> Supervisor Software Engineering, USA
>>>>
>>>> SCM: AD Common Services
>>>> <https://sites.google.com/a/aciworldwide.com/scm/>
>>>>
>>>> T + 1 704 423 2531 / M + 1 864 490 1091
>>>>
>>>> *Vacation Alert :*
>>>>
>>>> *Feb 27 / **Mar 30-Apr 2 / Jun 29-Jul 2*
>>>>
>>>>
>>>> ACI Worldwide
>>>> www.aciworldwide.com
>>>> <http://www.google.com/url?q=http%3A%2F%2Fwww.aciworldwide.com%2F&sa=D&sntz=1&usg=AFrqEzfhJz2nwfsTXrBW8qgAxUBxy4eJuw>
>>>> -----------------------
>>>>
>>>> For *AD Common Services: Infrastructure Services* support contact:
>>>> Jeni Jones <[email protected]>
>>>> For *AD Common Services:* *ARLM *support email:
>>>> [email protected]
>>>> For *AD Common Services: **SCM *support refer to the Google Site:
>>>> * SCM Contact/Request Information
>>>> <https://sites.google.com/a/aciworldwide.com/scm/contact>*
>>>> For *AD Common Services: **Security* or *AD Tools* support contact:
>>>> Andie Srivastava <[email protected]>
>>>>
>>>>
>>>> On Fri, Jan 23, 2015 at 11:27 AM, John Burrows <
>>>> [email protected]> wrote:
>>>>
>>>>> Ben,
>>>>>
>>>>> Thanks for the quick response, maybe I wasnt clear, but what I am
>>>>> asking, is what info goes into that field and in what format?
>>>>>
>>>>> Can you send me an example?
>>>>>
>>>>> Thanks,
>>>>> John
>>>>>
>>>>> ---------------
>>>>>
>>>>> John Burrows
>>>>>
>>>>> Supervisor Software Engineering, USA
>>>>>
>>>>> SCM: AD Common Services
>>>>> <https://sites.google.com/a/aciworldwide.com/scm/>
>>>>>
>>>>> T + 1 704 423 2531 / M + 1 864 490 1091
>>>>>
>>>>> *Vacation Alert :*
>>>>>
>>>>> *Feb 27 / **Mar 30-Apr 2 / Jun 29-Jul 2*
>>>>>
>>>>>
>>>>> ACI Worldwide
>>>>> www.aciworldwide.com
>>>>> <http://www.google.com/url?q=http%3A%2F%2Fwww.aciworldwide.com%2F&sa=D&sntz=1&usg=AFrqEzfhJz2nwfsTXrBW8qgAxUBxy4eJuw>
>>>>> -----------------------
>>>>>
>>>>> For *AD Common Services: Infrastructure Services* support contact:
>>>>> Jeni Jones <[email protected]>
>>>>> For *AD Common Services:* *ARLM *support email:
>>>>> [email protected]
>>>>> For *AD Common Services: **SCM *support refer to the Google Site:
>>>>> * SCM Contact/Request Information
>>>>> <https://sites.google.com/a/aciworldwide.com/scm/contact>*
>>>>> For *AD Common Services: **Security* or *AD Tools* support contact:
>>>>> Andie Srivastava <[email protected]>
>>>>>
>>>>>
>>>>> On Fri, Jan 23, 2015 at 11:10 AM, Ben McCann <[email protected]>
>>>>> wrote:
>>>>>
>>>>>> Hey John,
>>>>>>
>>>>>> Ping should be able to give you a metadata file which contains all
>>>>>> the configuration information you need. We set it up this way, so that
>>>>>> you
>>>>>> only have enter a single field instead of a few different fields.
>>>>>>
>>>>>> I haven't used Ping specifically before, but found these docs, which
>>>>>> may help you if this is the right Ping product:
>>>>>> http://documentation.pingidentity.com/display/PF66/Exporting+Metadata
>>>>>>
>>>>>> -Ben
>>>>>>
>>>>>>
>>>>>> On Fri, Jan 23, 2015 at 2:30 AM, John Burrows <
>>>>>> [email protected]> wrote:
>>>>>>
>>>>>>> Ben,
>>>>>>>
>>>>>>> I am trying to get the SAML plugin to work, but the configuration in
>>>>>>> Security is confusing.
>>>>>>>
>>>>>>> All I see when clicking SAML in the security configuration is:
>>>>>>>
>>>>>>>
>>>>>>> <https://lh4.googleusercontent.com/-TX1s_WUN4zg/VMIihJA5fpI/AAAAAAAACC8/DTB_uw1_HP0/s1600/SAML.jpg>
>>>>>>>
>>>>>>> Any ideas or help on how to properly configure it?
>>>>>>>
>>>>>>> We use an internal Ping Federated server for SSO authentication.
>>>>>>>
>>>>>>> Thanks
>>>>>>>
>>>>>>> John
>>>>>>>
>>>>>>>
>>>>>>> On Sunday, August 17, 2014 at 12:18:55 AM UTC-4, Ben McCann wrote:
>>>>>>>>
>>>>>>>> I've created a SAML 2.0 plugin for Jenkins
>>>>>>>> https://wiki.jenkins-ci.org/display/JENKINS/SAML+Plugin
>>>>>>>>
>>>>>>>>
>>>>>>>> On Tuesday, January 21, 2014 5:39:21 AM UTC-8, St. Georgiou wrote:
>>>>>>>>>
>>>>>>>>> Hey there,
>>>>>>>>>
>>>>>>>>> I'm looking for a jenkins plugin to enable sso authetication using
>>>>>>>>> shibboleth2.
>>>>>>>>> Is there such a thing? I can only find the CAS Plugin
>>>>>>>>> <https://wiki.jenkins-ci.org/display/JENKINS/CAS+Plugin> that
>>>>>>>>> only goes up
>>>>>>>>> to saml 1.1.
>>>>>>>>>
>>>>>>>>> Cheers
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> --
>>>>>>>>> View this message in context: http://jenkins-ci.361315.n4.na
>>>>>>>>> bble.com/Jenkins-with-Saml-2-0-SSO-Authentication-tp4687801.html
>>>>>>>>> Sent from the Jenkins users mailing list archive at Nabble.com.
>>>>>>>>>
>>>>>>>>
>>>>>>> <http://www.aciworldwide.com>
>>>>>>>
>>>>>>> This email message and any attachments may contain confidential,
>>>>>>> proprietary or non-public information. The information is intended
>>>>>>> solely
>>>>>>> for the designated recipient(s). If an addressing or transmission error
>>>>>>> has
>>>>>>> misdirected this email, please notify the sender immediately and
>>>>>>> destroy
>>>>>>> this email. Any review, dissemination, use or reliance upon this
>>>>>>> information by unintended recipients is prohibited. Any opinions
>>>>>>> expressed
>>>>>>> in this email are those of the author personally.
>>>>>>>
>>>>>>> --
>>>>>>> You received this message because you are subscribed to a topic in
>>>>>>> the Google Groups "Jenkins Users" group.
>>>>>>> To unsubscribe from this topic, visit https://groups.google.com/d/
>>>>>>> topic/jenkinsci-users/L_5ACUwtJpM/unsubscribe.
>>>>>>> To unsubscribe from this group and all its topics, send an email to
>>>>>>> [email protected].
>>>>>>> To view this discussion on the web visit
>>>>>>> https://groups.google.com/d/msgid/jenkinsci-users/
>>>>>>> 5a68a1a6-220c-4b6c-8035-7172d87ae000%40googlegroups.com
>>>>>>> <https://groups.google.com/d/msgid/jenkinsci-users/5a68a1a6-220c-4b6c-8035-7172d87ae000%40googlegroups.com?utm_medium=email&utm_source=footer>
>>>>>>> .
>>>>>>>
>>>>>>> For more options, visit https://groups.google.com/d/optout.
>>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> --
>>>>>> about.me/benmccann
>>>>>>
>>>>>> --
>>>>>> You received this message because you are subscribed to a topic in
>>>>>> the Google Groups "Jenkins Users" group.
>>>>>> To unsubscribe from this topic, visit https://groups.google.com/d/
>>>>>> topic/jenkinsci-users/L_5ACUwtJpM/unsubscribe.
>>>>>> To unsubscribe from this group and all its topics, send an email to
>>>>>> [email protected].
>>>>>> To view this discussion on the web visit https://groups.google.com/d/
>>>>>> msgid/jenkinsci-users/CAH3cagNzcaax5BNUpVNnoTOn3FbaP
>>>>>> URmkyFdw3h9Mqmj5ngiOw%40mail.gmail.com
>>>>>> <https://groups.google.com/d/msgid/jenkinsci-users/CAH3cagNzcaax5BNUpVNnoTOn3FbaPURmkyFdw3h9Mqmj5ngiOw%40mail.gmail.com?utm_medium=email&utm_source=footer>
>>>>>> .
>>>>>>
>>>>>> For more options, visit https://groups.google.com/d/optout.
>>>>>>
>>>>>
>>>>>
>>>>
>>>> <http://www.aciworldwide.com>
>>>>
>>>> This email message and any attachments may contain confidential,
>>>> proprietary or non-public information. The information is intended solely
>>>> for the designated recipient(s). If an addressing or transmission error
>>>> has
>>>> misdirected this email, please notify the sender immediately and destroy
>>>> this email. Any review, dissemination, use or reliance upon this
>>>> information by unintended recipients is prohibited. Any opinions expressed
>>>> in this email are those of the author personally.
>>>>
>>>> --
>>>> You received this message because you are subscribed to a topic in the
>>>> Google Groups "Jenkins Users" group.
>>>> To unsubscribe from this topic, visit https://groups.google.com/d/
>>>> topic/jenkinsci-users/L_5ACUwtJpM/unsubscribe.
>>>> To unsubscribe from this group and all its topics, send an email to
>>>> [email protected].
>>>> To view this discussion on the web visit https://groups.google.com/d/
>>>> msgid/jenkinsci-users/CAJrD%3D%2BZptr49OxCwS%3DsJPnaGobN-
>>>> F7ffK0%3DTvnO6u-SqukXvyQ%40mail.gmail.com
>>>> <https://groups.google.com/d/msgid/jenkinsci-users/CAJrD%3D%2BZptr49OxCwS%3DsJPnaGobN-F7ffK0%3DTvnO6u-SqukXvyQ%40mail.gmail.com?utm_medium=email&utm_source=footer>
>>>> .
>>>>
>>>> For more options, visit https://groups.google.com/d/optout.
>>>>
>>>
>>>
>>>
>>> --
>>> about.me/benmccann
>>>
>>
>> <http://www.aciworldwide.com>
>>
>> This email message and any attachments may contain confidential,
>> proprietary or non-public information. The information is intended solely
>> for the designated recipient(s). If an addressing or transmission error has
>> misdirected this email, please notify the sender immediately and destroy
>> this email. Any review, dissemination, use or reliance upon this
>> information by unintended recipients is prohibited. Any opinions expressed
>> in this email are those of the author personally.
>>
>> --
>> You received this message because you are subscribed to a topic in the
>> Google Groups "Jenkins Users" group.
>> To unsubscribe from this topic, visit
>> https://groups.google.com/d/topic/jenkinsci-users/L_5ACUwtJpM/unsubscribe
>> .
>> To unsubscribe from this group and all its topics, send an email to
>> [email protected] <javascript:>.
>> To view this discussion on the web visit
>> https://groups.google.com/d/msgid/jenkinsci-users/d93be1b3-49c8-4c4f-a1a2-75305999f904%40googlegroups.com
>>
>> <https://groups.google.com/d/msgid/jenkinsci-users/d93be1b3-49c8-4c4f-a1a2-75305999f904%40googlegroups.com?utm_medium=email&utm_source=footer>
>> .
>>
>> For more options, visit https://groups.google.com/d/optout.
>>
>
>
>
> --
> about.me/benmccann
>
--
You received this message because you are subscribed to the Google Groups
"Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/jenkinsci-users/500be749-b293-4ae6-93d4-42a5a1471948%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
