Hi, I just got plugin working with pingfederate I will write up guide and post it here ;)
Michal On Wednesday, February 18, 2015 at 4:09:23 PM UTC, John Burrows wrote: > > Hi Ben, > > Thank you for your help, I have been trying to get the SAML plugin working > with our Ping federated server and have been unsuccessful. > > Here is what is happening: > > > Jenkins v 1.597 SAML plugin v 0.3 > > We are using an internal PingFederated server and I have entered the xml > metedata contents into the Security configuration of Jenkins. > > I have tried on two servers, one set up HTTPS (SSL) and one just HTTP. > > We get errors when trying to login using SSO that pertain to the > *https://servername/securityRealm/finishLogin* > <https://servername/securityRealm/finishLogin> redirect and the same for > non-SSL server. > > We are stumped on what to check here, the PingFederated administrator has > it set for the postback to the securityRealm/finishLogin URL, which is what > is in the code for the plugin, we just are not sure how to proceed. > > The contents of the xml metadata: > > <md:EntityDescriptor ID="MNkL_uYrUsdEca2oWqH6gdgG4t3" cacheDuration= > "PT1440M" entityID="ENTITYIDHERE:Saml2:POC" xmlns:md= > "urn:oasis:names:tc:SAML:2.0:metadata"><md:IDPSSODescriptor > protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol" > WantAuthnRequestsSigned="false"><md:KeyDescriptor use="signing" > ><ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#";><ds:X509Data> > <ds:X509Certificate>CERTIFICATECODE HERE > </ds:X509Certificate></ds:X509Data> > </ds:KeyInfo></md:KeyDescriptor><md:NameIDFormat> > urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified > </md:NameIDFormat><md:SingleSignOnService Binding= > "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location=" > https://SSOSERVERNAME/idp/SSO.saml2"/><md:SingleSignOnService Binding= > "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location=" > https://SSOSERVERNAME/idp/SSO.saml2"/><md:SingleSignOnService Binding= > "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact" Location=" > https://SSOSERVERNAME/idp/SSO.saml2"/><md:SingleSignOnService Binding= > "urn:oasis:names:tc:SAML:2.0:bindings:SOAP" Location=" > https://SSOSERVERNAME/idp/SSO.saml2"; > /></md:IDPSSODescriptor><md:ContactPerson contactType="administrative" > ><md:Company>COMPANYNAME > </md:Company></md:ContactPerson></md:EntityDescriptor> > > Any suggestions or hlep would be greatly appreciated. > > Thanks, > > John > > > On Friday, January 23, 2015 at 11:51:07 AM UTC-5, Ben McCann wrote: > > Yes, all the contents of the xml file > > On Fri, Jan 23, 2015 at 8:29 AM, John Burrows <[email protected]> > wrote: > > Or is it just all the contents of the xml file? > > Thanks, > John > > --------------- > > John Burrows > > Supervisor Software Engineering, USA > > SCM: AD Common Services <https://sites.google.com/a/aciworldwide.com/scm/> > > T + 1 704 423 2531 / M + 1 864 490 1091 > > *Vacation Alert :* > > *Feb 27 / **Mar 30-Apr 2 / Jun 29-Jul 2* > > > ACI Worldwide > www.aciworldwide.com > <http://www.google.com/url?q=http%3A%2F%2Fwww.aciworldwide.com%2F&sa=D&sntz=1&usg=AFrqEzfhJz2nwfsTXrBW8qgAxUBxy4eJuw> > ----------------------- > > For *AD Common Services: Infrastructure Services* support contact: > Jeni Jones <[email protected]> > For *AD Common Services:* *ARLM *support email: > [email protected] > For *AD Common Services: **SCM *support refer to the Google Site: > * SCM Contact/Request Information > <https://sites.google.com/a/aciworldwide.com/scm/contact>* > For *AD Common Services: **Security* or *AD Tools* support contact: > Andie Srivastava <[email protected]> > > > On Fri, Jan 23, 2015 at 11:27 AM, John Burrows <[email protected] > > wrote: > > Ben, > > Thanks for the quick response, maybe I wasnt clear, but what I am asking, > is what info goes into that field and in what format? > > Can you send me an example? > > Thanks, > John > > --------------- > > John Burrows > > Supervisor Software Engineering, USA > > SCM: AD Common Services <https://sites.google.com/a/aciworldwide.com/scm/> > > T + 1 704 423 2531 / M + 1 864 490 1091 > > *Vacation Alert :* > > *Feb 27 / **Mar 30-Apr 2 / Jun 29-Jul 2* > > > ACI Worldwide > www.aciworldwide.com > <http://www.google.com/url?q=http%3A%2F%2Fwww.aciworldwide.com%2F&sa=D&sntz=1&usg=AFrqEzfhJz2nwfsTXrBW8qgAxUBxy4eJuw> > ----------------------- > > For *AD Common Services: Infrastructure Services* support contact: > Jeni Jones <[email protected]> > For *AD Common Services:* *ARLM *support email: > [email protected] > For *AD Common Services: **SCM *support refer to the Google Site: > * SCM Contact/Request Information > <https://sites.google.com/a/aciworldwide.com/scm/contact>* > For *AD Common Services: **Security* or *AD Tools* support contact: > Andie Srivastava <[email protected]> > > > On Fri, Jan 23, 2015 at 11:10 AM, Ben McCann <[email protected]> wrote: > > Hey John, > > Ping should be able to give you a metadata file which contains all the > configuration information you need. We set it up this way, so that you only > have enter a single field instead of a few different fields. > > I haven't used Ping specifically before, but found these docs, which may > help you if this is the right Ping product: > http://documentation.pingidentity.com/display/PF66/Exporting+Metadata > > -Ben > > > On Fri, Jan 23, 2015 at 2:30 AM, John Burrows <[email protected]> > wrote: > > Ben, > > I am trying to get the SAML plugin to work, but the configuration in > Security is confusing. > > All I see when clicking SAML in the security configuration is: > > > <https://lh4.googleusercontent.com/-TX1s_WUN4zg/VMIihJA5fpI/AAAAAAAACC8/DTB_uw1_HP0/s1600/SAML.jpg> > > Any ideas or help on how to properly configure it? > > We use an internal Ping Federated server for SSO authentication. > > Thanks > > John > > > On Sunday, August 17, 2014 at 12:18:55 AM UTC-4, Ben McCann wrote: > > I've created a SAML 2.0 plugin for Jenkins > https://wiki.jenkins-ci.org/display/JENKINS/SAML+Plugin > > > On Tuesday, January 21, 2014 5:39:21 AM UTC-8, St. Georgiou wrote: > > Hey there, > > I'm looking for a jenkins plugin to enable sso authetication using > shibboleth2. > Is there such a thing? I can only find the CAS Plugin > <https://wiki.jenkins-ci.org/display/JENKINS/CAS+Plugin> that only goes > up > to saml 1.1. > > Cheers > > > > -- > View this message in context: http://jenkins-ci.361315.n4. > nabble.com/Jenkins-with-Saml-2-0-SSO-Authentication-tp4687801.html > Sent from the Jenkins users mailing list archive at Nabble.com. > > > <http://www.aciworldwide.com> > > This email message and any attachments may contain confidential, > proprietary or non-public information. The information is intended solely > for the designated recipient(s). If an addressing or transmission error has > misdirected this email, please notify the sender immediately and destroy > this email. Any review, dissemination, use or reliance upon this > information by unintended recipients is prohibited. Any opinions expressed > in this email are those of the author personally. > > -- > You received this message because you are subscribed to a topic in the > Google Groups "Jenkins Users" group. > To unsubscribe from this topic, visit > https://groups.google.com/d/topic/jenkinsci-users/L_5ACUwtJpM/unsubscribe. > To unsubscribe from this group and all its topics, send an email to > [email protected]. > To view this discussion on the web visit > https://groups.google.com/d/msgid/jenkinsci-users/5a68a1a6-220c-4b6c-8035-7172d87ae000%40googlegroups.com > > <https://groups.google.com/d/msgid/jenkinsci-users/5a68a1a6-220c-4b6c-8035-7172d87ae000%40googlegroups.com?utm_medium=email&utm_source=footer> > . > > For more options, visit https://groups.google.com/d/optout. > > > > > -- > about.me/benmccann > > ... -- You received this message because you are subscribed to the Google Groups "Jenkins Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/c4b3d52e-84ee-4a2c-bfc8-7ba1abd1a152%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
