I'm trying to configure okta with saml jenkins plugin 
https://wiki.jenkins-ci.org/display/JENKINS/SAML+Plugin
But getting error Cannot find entity 
https://www.okta.com/saml2/service-provider/spibofbfpairxsdsimgc or role 
{urn:oasis:names:tc:SAML:2.0:metadata}

there is my metadata
<?xml version="1.0" encoding="UTF-8"?><md:EntityDescriptor 
xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" 
entityID="https://www.okta.com/saml2/service-provider/spibofbfpairxsdsimgc";><md:SPSSODescriptor
 
AuthnRequestsSigned="true" WantAssertionsSigned="true" 
protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol"><md:KeyDescriptor
 
use="encryption"><ds:KeyInfo 
xmlns:ds="http://www.w3.org/2000/09/xmldsig#";><ds:X509Data><ds:X509Certificate>MIIDpDCCAoygAwIBAgIGAVuJmnDlMA0GCSqGSIb3DQEBCwUAMIGSMQswCQYDVQQGEwJVUzETMBEG
A1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNU2FuIEZyYW5jaXNjbzENMAsGA1UECgwET2t0YTEU
MBIGA1UECwwLU1NPUHJvdmlkZXIxEzARBgNVBAMMCmRldi03ODQxMTkxHDAaBgkqhkiG9w0BCQEW
DWluZm9Ab2t0YS5jb20wHhcNMTcwNDIwMDQyMzExWhcNMjcwNDIwMDQyNDExWjCBkjELMAkGA1UE
BhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNVBAcMDVNhbiBGcmFuY2lzY28xDTALBgNV
BAoMBE9rdGExFDASBgNVBAsMC1NTT1Byb3ZpZGVyMRMwEQYDVQQDDApkZXYtNzg0MTE5MRwwGgYJ
KoZIhvcNAQkBFg1pbmZvQG9rdGEuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA
lfVL/XL9lEftDwzL8oSWGzJq8jAWFdZgRRP0ufz7BcNhIQsUXGKnl5cf29Q7FZ5/nqybu5Pg0M3V
Y3tBgDk8L6wDvsujyCxsZLwmek8jgrAb2Kk3HZY5y0yHkQSKQ2ASUBmvvx10MpYF1hsrPaZ2ZXqk
IbWbI/XmzCsdPnWxRcPZ3AtLl1b0dB5G+vJ3TG2hlcoSHH2+MV3Zv/wRSTskBhsrpDwpHtz5BC7l
gsSvtcd4FC5lCspD1SarZ9jguXCPcUgi7JkKWSYZOHRFFLYraG21CQwlNdb6MgulCTNyfM17i9sq
IXbfIrO8YdGi0YCAoFX04p0tHP0lJbcf6KbNiQIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQAONbGS
R/E99tsSARjOJQC2RO03jeyamRrUnNZVqL4S9zw49s7P0n9HakJ4Vb8H0aiOvVqNPwrkXmMuwjP7
9KCHbMDTGogo8CGxSl3bMJ3DNo+A/ecVaI4IgM6y4bCAst6f8EBopj39a7+r69HPU1fzqaPz2Cti
CdZ07QiCt51B52eCU9TzdAdJLB1cCby3GfyAbszyTVS6ZFPoC814XF0K38u6pVz5Ab6dTQ5L1Jho
iD4JTIJFN317io/0UsPwdLak325HjT7ufNxV+cR/zTedIvj8V6GEorfIYtGGUaq8M1xSqmwiJg0o
YUEZhwOmNNHrRoqSWXGjEDzJKgtP1Fzn</ds:X509Certificate></ds:X509Data></ds:KeyInfo><md:EncryptionMethod
 
Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/><md:EncryptionMethod 
Algorithm="http://www.w3.org/2001/04/xmlenc#aes192-cbc"/><md:EncryptionMethod 
Algorithm="http://www.w3.org/2001/04/xmlenc#aes256-cbc"/><md:EncryptionMethod 
Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc"/></md:KeyDescriptor><md:KeyDescriptor
 
use="signing"><ds:KeyInfo 
xmlns:ds="http://www.w3.org/2000/09/xmldsig#";><ds:X509Data><ds:X509Certificate>MIIDpDCCAoygAwIBAgIGAVuJmnDlMA0GCSqGSIb3DQEBCwUAMIGSMQswCQYDVQQGEwJVUzETMBEG
A1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNU2FuIEZyYW5jaXNjbzENMAsGA1UECgwET2t0YTEU
MBIGA1UECwwLU1NPUHJvdmlkZXIxEzARBgNVBAMMCmRldi03ODQxMTkxHDAaBgkqhkiG9w0BCQEW
DWluZm9Ab2t0YS5jb20wHhcNMTcwNDIwMDQyMzExWhcNMjcwNDIwMDQyNDExWjCBkjELMAkGA1UE
BhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNVBAcMDVNhbiBGcmFuY2lzY28xDTALBgNV
BAoMBE9rdGExFDASBgNVBAsMC1NTT1Byb3ZpZGVyMRMwEQYDVQQDDApkZXYtNzg0MTE5MRwwGgYJ
KoZIhvcNAQkBFg1pbmZvQG9rdGEuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA
lfVL/XL9lEftDwzL8oSWGzJq8jAWFdZgRRP0ufz7BcNhIQsUXGKnl5cf29Q7FZ5/nqybu5Pg0M3V
Y3tBgDk8L6wDvsujyCxsZLwmek8jgrAb2Kk3HZY5y0yHkQSKQ2ASUBmvvx10MpYF1hsrPaZ2ZXqk
IbWbI/XmzCsdPnWxRcPZ3AtLl1b0dB5G+vJ3TG2hlcoSHH2+MV3Zv/wRSTskBhsrpDwpHtz5BC7l
gsSvtcd4FC5lCspD1SarZ9jguXCPcUgi7JkKWSYZOHRFFLYraG21CQwlNdb6MgulCTNyfM17i9sq
IXbfIrO8YdGi0YCAoFX04p0tHP0lJbcf6KbNiQIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQAONbGS
R/E99tsSARjOJQC2RO03jeyamRrUnNZVqL4S9zw49s7P0n9HakJ4Vb8H0aiOvVqNPwrkXmMuwjP7
9KCHbMDTGogo8CGxSl3bMJ3DNo+A/ecVaI4IgM6y4bCAst6f8EBopj39a7+r69HPU1fzqaPz2Cti
CdZ07QiCt51B52eCU9TzdAdJLB1cCby3GfyAbszyTVS6ZFPoC814XF0K38u6pVz5Ab6dTQ5L1Jho
iD4JTIJFN317io/0UsPwdLak325HjT7ufNxV+cR/zTedIvj8V6GEorfIYtGGUaq8M1xSqmwiJg0o
YUEZhwOmNNHrRoqSWXGjEDzJKgtP1Fzn</ds:X509Certificate></ds:X509Data></ds:KeyInfo></md:KeyDescriptor><md:NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified</md:NameIDFormat><md:NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress</md:NameIDFormat><md:NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:persistent</md:NameIDFormat><md:NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</md:NameIDFormat><md:AssertionConsumerService
 
Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" 
Location="https://dev-784119.oktapreview.com/sso/saml2/0oaa7zvi6k6kK4Rm00h7"; 
index="0" isDefault="true"/><md:AttributeConsumingService 
index="0"><md:RequestedAttribute FriendlyName="First Name" Name="firstName" 
NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" 
isRequired="true"/><md:RequestedAttribute FriendlyName="Last Name" 
Name="lastName" 
NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" 
isRequired="true"/><md:RequestedAttribute FriendlyName="Email" Name="email" 
NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" 
isRequired="true"/><md:RequestedAttribute FriendlyName="Mobile Phone" 
Name="mobilePhone" 
NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" 
isRequired="false"/></md:AttributeConsumingService></md:SPSSODescriptor><md:Organization><md:OrganizationName
 
xmlns:xml="http://www.w3.org/XML/1998/namespace"; 
xml:lang="en">dev-784119</md:OrganizationName><md:OrganizationDisplayName 
xmlns:xml="http://www.w3.org/XML/1998/namespace"; 
xml:lang="en">Flugel.it-dev-784119</md:OrganizationDisplayName><md:OrganizationURL
 
xmlns:xml="http://www.w3.org/XML/1998/namespace"; 
xml:lang="en">https://flugel.it</md:OrganizationURL></md:Organization></md:EntityDescriptor>

in Okta:
SAML PROTOCOL SETTINGS

IdP Issuer URI 
https://ip:8080/securityRealm/finishLogin

IdP Single Sign-On URL 
https://ip:8080/securityRealm/finishLogin

IdP Signature Certificate 
Pub cer for SSL

Request Binding 
HTTP POST

Request Signature

Sign SAML Authentication Requests
Request Signature Algorithm 
SHA-256

Response Signature Verification 
Response or Assertion

Response Signature Algorithm 
SHA-256

Destination 
https://ip:8080/securityRealm/finishLogin
Okta Assertion Consumer Service URL

Trust-specific

Organization (shared)
Max Clock Skew 
2
Minutes

Jenkins running from official docker image with options:
--httpPort=-1 --httpsPort=8080 
--httpsCertificate=/var/lib/jenkins/jenkins.crt 
--httpsPrivateKey=/var/lib/jenkins/jenkins.key

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-users/76f577db-634b-4b2b-8c49-6f37cba3bb51%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Reply via email to