Michal, We were able to get it working with help from Ping Federate tech support, had to do with settings on the Ping Federated server administration panel. There were some settings in configuration that were not correct, so even though generated meta-data was correct, settings on Ping Federated server were incorrect.
Thanks, John --------------- John Burrows Manager Software Engineering, USA SCM: AD Common Services<https://sites.google.com/a/aciworldwide.com/scm/> T + 1 704 423 2531 / M + 1 864 490 1091 ACI Worldwide www.aciworldwide.com<http://www.google.com/url?q=http%3A%2F%2Fwww.aciworldwide.com%2F&sa=D&sntz=1&usg=AFrqEzfhJz2nwfsTXrBW8qgAxUBxy4eJuw> From: [email protected] [mailto:[email protected]] On Behalf Of Michal Gubik Sent: Tuesday, September 15, 2015 7:57 AM To: Jenkins Users <[email protected]> Cc: [email protected] Subject: Re: Jenkins with Saml 2.0 SSO Authentication Hi, I just got plugin working with pingfederate I will write up guide and post it here ;) Michal On Wednesday, February 18, 2015 at 4:09:23 PM UTC, John Burrows wrote: Hi Ben, Thank you for your help, I have been trying to get the SAML plugin working with our Ping federated server and have been unsuccessful. Here is what is happening: Jenkins v 1.597 SAML plugin v 0.3 We are using an internal PingFederated server and I have entered the xml metedata contents into the Security configuration of Jenkins. I have tried on two servers, one set up HTTPS (SSL) and one just HTTP. We get errors when trying to login using SSO that pertain to the https://servername/securityRealm/finishLogin redirect and the same for non-SSL server. We are stumped on what to check here, the PingFederated administrator has it set for the postback to the securityRealm/finishLogin URL, which is what is in the code for the plugin, we just are not sure how to proceed. The contents of the xml metadata: <md:EntityDescriptor ID="MNkL_uYrUsdEca2oWqH6gdgG4t3" cacheDuration="PT1440M" entityID="ENTITYIDHERE:Saml2:POC" xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata"><md:IDPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol" WantAuthnRequestsSigned="false"><md:KeyDescriptor use="signing"><ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#<http://www.w3.org/2000/09/xmldsig>"><ds:X509Data> <ds:X509Certificate>CERTIFICATECODE HERE</ds:X509Certificate></ds:X509Data> </ds:KeyInfo></md:KeyDescriptor><md:NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified</md:NameIDFormat><md:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://SSOSERVERNAME/idp/SSO.saml2"/><md:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://SSOSERVERNAME/idp/SSO.saml2"/><md:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact" Location="https://SSOSERVERNAME/idp/SSO.saml2"/><md:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" Location="https://SSOSERVERNAME/idp/SSO.saml2"/></md:IDPSSODescriptor><md:ContactPerson contactType="administrative"><md:Company>COMPANYNAME</md:Company></md:ContactPerson></md:EntityDescriptor> Any suggestions or hlep would be greatly appreciated. Thanks, John On Friday, January 23, 2015 at 11:51:07 AM UTC-5, Ben McCann wrote: Yes, all the contents of the xml file On Fri, Jan 23, 2015 at 8:29 AM, John Burrows <[email protected]<mailto:[email protected]>> wrote: Or is it just all the contents of the xml file? Thanks, John --------------- John Burrows Supervisor Software Engineering, USA SCM: AD Common Services<https://sites.google.com/a/aciworldwide.com/scm/> T + 1 704 423 2531 / M + 1 864 490 1091 Vacation Alert : Feb 27 / Mar 30-Apr 2 / Jun 29-Jul 2 ACI Worldwide www.aciworldwide.com<http://www.google.com/url?q=http%3A%2F%2Fwww.aciworldwide.com%2F&sa=D&sntz=1&usg=AFrqEzfhJz2nwfsTXrBW8qgAxUBxy4eJuw> ----------------------- For AD Common Services: Infrastructure Services support contact: Jeni Jones <[email protected]<mailto:[email protected]>> For AD Common Services: ARLM support email: [email protected]<mailto:[email protected]> For AD Common Services: SCM support refer to the Google Site: SCM Contact/Request Information<https://sites.google.com/a/aciworldwide.com/scm/contact> For AD Common Services: Security or AD Tools support contact: Andie Srivastava <[email protected]<mailto:[email protected]>> On Fri, Jan 23, 2015 at 11:27 AM, John Burrows <[email protected]<mailto:[email protected]>> wrote: Ben, Thanks for the quick response, maybe I wasnt clear, but what I am asking, is what info goes into that field and in what format? Can you send me an example? Thanks, John --------------- John Burrows Supervisor Software Engineering, USA SCM: AD Common Services<https://sites.google.com/a/aciworldwide.com/scm/> T + 1 704 423 2531 / M + 1 864 490 1091 Vacation Alert : Feb 27 / Mar 30-Apr 2 / Jun 29-Jul 2 ACI Worldwide www.aciworldwide.com<http://www.google.com/url?q=http%3A%2F%2Fwww.aciworldwide.com%2F&sa=D&sntz=1&usg=AFrqEzfhJz2nwfsTXrBW8qgAxUBxy4eJuw> ----------------------- For AD Common Services: Infrastructure Services support contact: Jeni Jones <[email protected]<mailto:[email protected]>> For AD Common Services: ARLM support email: [email protected]<mailto:[email protected]> For AD Common Services: SCM support refer to the Google Site: SCM Contact/Request Information<https://sites.google.com/a/aciworldwide.com/scm/contact> For AD Common Services: Security or AD Tools support contact: Andie Srivastava <[email protected]<mailto:[email protected]>> On Fri, Jan 23, 2015 at 11:10 AM, Ben McCann <[email protected]<mailto:[email protected]>> wrote: Hey John, Ping should be able to give you a metadata file which contains all the configuration information you need. We set it up this way, so that you only have enter a single field instead of a few different fields. I haven't used Ping specifically before, but found these docs, which may help you if this is the right Ping product: http://documentation.pingidentity.com/display/PF66/Exporting+Metadata -Ben On Fri, Jan 23, 2015 at 2:30 AM, John Burrows <[email protected]<mailto:[email protected]>> wrote: Ben, I am trying to get the SAML plugin to work, but the configuration in Security is confusing. All I see when clicking SAML in the security configuration is: <https://lh4.googleusercontent.com/-TX1s_WUN4zg/VMIihJA5fpI/AAAAAAAACC8/DTB_uw1_HP0/s1600/SAML.jpg> Any ideas or help on how to properly configure it?<https://lh4.googleusercontent.com/-TX1s_WUN4zg/VMIihJA5fpI/AAAAAAAACC8/DTB_uw1_HP0/s1600/SAML.jpg> We use an internal Ping Federated server for SSO authentication.<https://lh4.googleusercontent.com/-TX1s_WUN4zg/VMIihJA5fpI/AAAAAAAACC8/DTB_uw1_HP0/s1600/SAML.jpg> Thanks<https://lh4.googleusercontent.com/-TX1s_WUN4zg/VMIihJA5fpI/AAAAAAAACC8/DTB_uw1_HP0/s1600/SAML.jpg> John<https://lh4.googleusercontent.com/-TX1s_WUN4zg/VMIihJA5fpI/AAAAAAAACC8/DTB_uw1_HP0/s1600/SAML.jpg> On Sunday, August 17, 2014 at 12:18:55 AM UTC-4, Ben McCann wrote:<https://lh4.googleusercontent.com/-TX1s_WUN4zg/VMIihJA5fpI/AAAAAAAACC8/DTB_uw1_HP0/s1600/SAML.jpg> I've created a SAML 2.0 plugin for Jenkins<https://lh4.googleusercontent.com/-TX1s_WUN4zg/VMIihJA5fpI/AAAAAAAACC8/DTB_uw1_HP0/s1600/SAML.jpg> https://wiki.jenkins-ci.org/display/JENKINS/SAML+Plugin<https://lh4.googleusercontent.com/-TX1s_WUN4zg/VMIihJA5fpI/AAAAAAAACC8/DTB_uw1_HP0/s1600/SAML.jpg> On Tuesday, January 21, 2014 5:39:21 AM UTC-8, St. Georgiou wrote:<https://lh4.googleusercontent.com/-TX1s_WUN4zg/VMIihJA5fpI/AAAAAAAACC8/DTB_uw1_HP0/s1600/SAML.jpg> Hey there, I'm looking for a jenkins plugin to enable sso authetication using shibboleth2. Is there such a thing? I can only find the CAS Plugin <https://wiki.jenkins-ci.org/display/JENKINS/CAS+Plugin> that only goes up to saml 1.1. Cheers -- View this message in context: http://jenkins-ci.361315.n4.nabble.com/Jenkins-with-Saml-2-0-SSO-Authentication-tp4687801.html Sent from the Jenkins users mailing list archive at Nabble.com. <https://lh4.googleusercontent.com/-TX1s_WUN4zg/VMIihJA5fpI/AAAAAAAACC8/DTB_uw1_HP0/s1600/SAML.jpg> <https://lh4.googleusercontent.com/-TX1s_WUN4zg/VMIihJA5fpI/AAAAAAAACC8/DTB_uw1_HP0/s1600/SAML.jpg> <https://lh4.googleusercontent.com/-TX1s_WUN4zg/VMIihJA5fpI/AAAAAAAACC8/DTB_uw1_HP0/s1600/SAML.jpg> <https://lh4.googleusercontent.com/-TX1s_WUN4zg/VMIihJA5fpI/AAAAAAAACC8/DTB_uw1_HP0/s1600/SAML.jpg> This email message and any attachments may contain confidential, proprietary or non-public information. The information is intended solely for the designated recipient(s). If an addressing or transmission error has misdirected this email, please notify the sender immediately and destroy this email. Any review, dissemination, use or reliance upon this information by unintended recipients is prohibited. Any opinions expressed in this email are those of the author personally.<https://lh4.googleusercontent.com/-TX1s_WUN4zg/VMIihJA5fpI/AAAAAAAACC8/DTB_uw1_HP0/s1600/SAML.jpg> -- You received this message because you are subscribed to a topic in the Google Groups "Jenkins Users" group. To unsubscribe from this topic, visit https://groups.google.com/d/topic/jenkinsci-users/L_5ACUwtJpM/unsubscribe. To unsubscribe from this group and all its topics, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/5a68a1a6-220c-4b6c-8035-7172d87ae000%40googlegroups.com.<https://lh4.googleusercontent.com/-TX1s_WUN4zg/VMIihJA5fpI/AAAAAAAACC8/DTB_uw1_HP0/s1600/SAML.jpg> For more options, visit https://groups.google.com/d/optout.<https://lh4.googleusercontent.com/-TX1s_WUN4zg/VMIihJA5fpI/AAAAAAAACC8/DTB_uw1_HP0/s1600/SAML.jpg> <https://lh4.googleusercontent.com/-TX1s_WUN4zg/VMIihJA5fpI/AAAAAAAACC8/DTB_uw1_HP0/s1600/SAML.jpg> <https://lh4.googleusercontent.com/-TX1s_WUN4zg/VMIihJA5fpI/AAAAAAAACC8/DTB_uw1_HP0/s1600/SAML.jpg> -- <https://lh4.googleusercontent.com/-TX1s_WUN4zg/VMIihJA5fpI/AAAAAAAACC8/DTB_uw1_HP0/s1600/SAML.jpg> about.me/benmccann <https://lh4.googleusercontent.com/-TX1s_WUN4zg/VMIihJA5fpI/AAAAAAAACC8/DTB_uw1_HP0/s1600/SAML.jpg> ...<https://lh4.googleusercontent.com/-TX1s_WUN4zg/VMIihJA5fpI/AAAAAAAACC8/DTB_uw1_HP0/s1600/SAML.jpg> -- You received this message because you are subscribed to a topic in the Google Groups "Jenkins Users" group. To unsubscribe from this topic, visit https://groups.google.com/d/topic/jenkinsci-users/L_5ACUwtJpM/unsubscribe. To unsubscribe from this group and all its topics, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/c4b3d52e-84ee-4a2c-bfc8-7ba1abd1a152%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.<https://lh4.googleusercontent.com/-TX1s_WUN4zg/VMIihJA5fpI/AAAAAAAACC8/DTB_uw1_HP0/s1600/SAML.jpg> ________________________________ [https://www.aciworldwide.com/photolibrary/ACI_logotag_footer.gif]<http://www.aciworldwide.com> This email message and any attachments may contain confidential, proprietary or non-public information. The information is intended solely for the designated recipient(s). If an addressing or transmission error has misdirected this email, please notify the sender immediately and destroy this email. Any review, dissemination, use or reliance upon this information by unintended recipients is prohibited. Any opinions expressed in this email are those of the author personally. -- You received this message because you are subscribed to the Google Groups "Jenkins Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/DM2PR0801MB585273C499CFCBF27967396F25C0%40DM2PR0801MB585.namprd08.prod.outlook.com. For more options, visit https://groups.google.com/d/optout.
