Hi, It is a regression introduced in the last release, happening on upgrades (not on new installations). Please, file the issue in JIRA, I'm working to reproduce and fix it.
To unblock your instance copy the IdP metadata content into a file located at JENKINS_HOME/saml-idp.metadata.xml and restart Jenkins. On Mon, Aug 7, 2017 at 9:30 PM, Arnaud Héritier <aherit...@gmail.com> wrote: > Hi > > Please create a jira ticket with all details you can share and especially > how you configured the plugin, the version you are using and if it was > working in the past > > Cheers > > Le lun. 7 août 2017 à 21:06, Curtis Kline <curtiskl...@gmail.com> a > écrit : > >> I updated plugins today and got locked out of Jenkins. SAML >> authentication is completely broken. I am on Jenkins 2.73 with all the >> latest plugin versions. A stack trace is below. >> >> I do not have a file called saml-idp.metadata.xml and I don't think I've >> ever had that file. My idp metadata is in config.xml. >> >> Any thoughts on this? I know I can edit config.xml, turn off security, >> and attempt to re-configure SAML. But it would be nice to know how this >> happened. >> >> Thanks in advance. >> >> Curtis >> >> java.io.FileNotFoundException: File '/var/lib/jenkins/saml-idp.metadata.xml' >> does not exist >> at org.apache.commons.io.FileUtils.openInputStream(FileUtils.java:299) >> at >> org.jenkinsci.plugins.saml.SamlFileResource.getInputStream(SamlFileResource.java:71) >> at >> org.pac4j.saml.metadata.SAML2IdentityProviderMetadataResolver.resolve(SAML2IdentityProviderMetadataResolver.java:80) >> Caused: org.pac4j.core.exception.TechnicalException: Error loading idp >> Metadata. The path must be a valid https url, begin with 'resource:', >> 'classpath:', 'http:', 'https:' or it must be a physical readable non-empty >> local file at the path specified. >> at >> org.pac4j.saml.metadata.SAML2IdentityProviderMetadataResolver.resolve(SAML2IdentityProviderMetadataResolver.java:90) >> at >> org.pac4j.saml.client.SAML2Client.initIdentityProviderMetadataResolver(SAML2Client.java:170) >> at org.pac4j.saml.client.SAML2Client.internalInit(SAML2Client.java:115) >> at >> org.pac4j.core.util.InitializableWebObject.init(InitializableWebObject.java:24) >> at >> org.jenkinsci.plugins.saml.OpenSAMLWrapper.createSAML2Client(OpenSAMLWrapper.java:147) >> at >> org.jenkinsci.plugins.saml.SamlRedirectActionWrapper.process(SamlRedirectActionWrapper.java:45) >> at >> org.jenkinsci.plugins.saml.SamlRedirectActionWrapper.process(SamlRedirectActionWrapper.java:30) >> at >> org.jenkinsci.plugins.saml.OpenSAMLWrapper.get(OpenSAMLWrapper.java:65) >> at >> org.jenkinsci.plugins.saml.SamlSecurityRealm.doCommenceLogin(SamlSecurityRealm.java:221) >> at >> java.lang.invoke.MethodHandle.invokeWithArguments(MethodHandle.java:627) >> at org.kohsuke.stapler.Function$MethodFunction.invoke(Function.java:343) >> at org.kohsuke.stapler.Function.bindAndInvoke(Function.java:184) >> at >> org.kohsuke.stapler.Function.bindAndInvokeAndServeResponse(Function.java:117) >> at org.kohsuke.stapler.MetaClass$1.doDispatch(MetaClass.java:129) >> at >> org.kohsuke.stapler.NameBasedDispatcher.dispatch(NameBasedDispatcher.java:58) >> at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:715) >> Caused: javax.servlet.ServletException >> at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:765) >> at org.kohsuke.stapler.Stapler.invoke(Stapler.java:845) >> at org.kohsuke.stapler.MetaClass$3.doDispatch(MetaClass.java:209) >> at >> org.kohsuke.stapler.NameBasedDispatcher.dispatch(NameBasedDispatcher.java:58) >> at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:715) >> at org.kohsuke.stapler.Stapler.invoke(Stapler.java:845) >> at org.kohsuke.stapler.Stapler.invoke(Stapler.java:649) >> at org.kohsuke.stapler.Stapler.service(Stapler.java:238) >> at javax.servlet.http.HttpServlet.service(HttpServlet.java:790) >> at >> org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:841) >> at >> org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1650) >> at >> hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:135) >> at >> org.jenkinsci.plugins.ssegateway.Endpoint$SSEListenChannelFilter.doFilter(Endpoint.java:225) >> at >> hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:132) >> at >> io.jenkins.blueocean.ResourceCacheControl.doFilter(ResourceCacheControl.java:134) >> at >> hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:132) >> at >> io.jenkins.blueocean.auth.jwt.impl.JwtAuthenticationFilter.doFilter(JwtAuthenticationFilter.java:50) >> at >> hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:132) >> at >> com.smartcodeltd.jenkinsci.plugin.assetbundler.filters.LessCSS.doFilter(LessCSS.java:47) >> at >> hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:132) >> at >> net.bull.javamelody.MonitoringFilter.doFilter(MonitoringFilter.java:237) >> at >> net.bull.javamelody.MonitoringFilter.doFilter(MonitoringFilter.java:209) >> at >> net.bull.javamelody.PluginMonitoringFilter.doFilter(PluginMonitoringFilter.java:88) >> at >> org.jvnet.hudson.plugins.monitoring.HudsonMonitoringFilter.doFilter(HudsonMonitoringFilter.java:113) >> at >> hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:132) >> at jenkins.metrics.impl.MetricsFilter.doFilter(MetricsFilter.java:125) >> at >> hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:132) >> at >> hudson.util.PluginServletFilter.doFilter(PluginServletFilter.java:138) >> at >> org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1637) >> at hudson.security.csrf.CrumbFilter.doFilter(CrumbFilter.java:86) >> at >> org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1637) >> at >> hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:84) >> at >> hudson.security.UnwrapSecurityExceptionFilter.doFilter(UnwrapSecurityExceptionFilter.java:51) >> at >> hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) >> at >> jenkins.security.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:117) >> at >> hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) >> at >> org.acegisecurity.providers.anonymous.AnonymousProcessingFilter.doFilter(AnonymousProcessingFilter.java:125) >> at >> hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) >> at >> org.acegisecurity.ui.rememberme.RememberMeProcessingFilter.doFilter(RememberMeProcessingFilter.java:135) >> at >> hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) >> at >> org.acegisecurity.ui.AbstractProcessingFilter.doFilter(AbstractProcessingFilter.java:271) >> at >> hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) >> at >> jenkins.security.BasicHeaderProcessor.doFilter(BasicHeaderProcessor.java:92) >> at >> hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) >> at >> org.acegisecurity.context.HttpSessionContextIntegrationFilter.doFilter(HttpSessionContextIntegrationFilter.java:249) >> at >> hudson.security.HttpSessionContextIntegrationFilter2.doFilter(HttpSessionContextIntegrationFilter2.java:67) >> at >> hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) >> at >> hudson.security.ChainedServletFilter.doFilter(ChainedServletFilter.java:90) >> at hudson.security.HudsonFilter.doFilter(HudsonFilter.java:171) >> at >> org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1637) >> at >> org.kohsuke.stapler.compression.CompressionFilter.doFilter(CompressionFilter.java:49) >> at >> org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1637) >> at >> hudson.util.CharacterEncodingFilter.doFilter(CharacterEncodingFilter.java:82) >> at >> org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1637) >> at >> org.kohsuke.stapler.DiagnosticThreadNameFilter.doFilter(DiagnosticThreadNameFilter.java:30) >> at >> org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1637) >> at >> org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:533) >> at >> org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:143) >> at >> org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:524) >> at >> org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:132) >> at >> org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:190) >> at >> org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:1595) >> at >> org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:188) >> at >> org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1253) >> at >> org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:168) >> at >> org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:473) >> at >> org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:1564) >> at >> org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:166) >> at >> org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1155) >> at >> org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141) >> at >> org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:132) >> at org.eclipse.jetty.server.Server.handle(Server.java:564) >> at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:317) >> at >> org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:251) >> at >> org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:279) >> at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:110) >> at org.eclipse.jetty.io.ChannelEndPoint$2.run(ChannelEndPoint.java:124) >> at >> org.eclipse.jetty.util.thread.Invocable.invokePreferred(Invocable.java:128) >> at >> org.eclipse.jetty.util.thread.Invocable$InvocableExecutor.invoke(Invocable.java:222) >> at >> org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.doProduce(EatWhatYouKill.java:294) >> at >> org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.run(EatWhatYouKill.java:199) >> at winstone.BoundedExecutorService$1.run(BoundedExecutorService.java:77) >> at >> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) >> at >> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) >> at java.lang.Thread.run(Thread.java:748) >> >> -- >> You received this message because you are subscribed to the Google Groups >> "Jenkins Users" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to jenkinsci-users+unsubscr...@googlegroups.com. >> To view this discussion on the web visit https://groups.google.com/d/ms >> gid/jenkinsci-users/CAGkg-ek_B5hvYCC4FYesK-6O86Dk%2BrMaQ8cN >> T-NDWcujs0EQ9Q%40mail.gmail.com >> <https://groups.google.com/d/msgid/jenkinsci-users/CAGkg-ek_B5hvYCC4FYesK-6O86Dk%2BrMaQ8cNT-NDWcujs0EQ9Q%40mail.gmail.com?utm_medium=email&utm_source=footer> >> . >> For more options, visit https://groups.google.com/d/optout. >> > -- > ----- > Arnaud Héritier > http://aheritier.net > Mail/GTalk: aheritier AT gmail DOT com > Twitter/Skype : aheritier > > -- > You received this message because you are subscribed to the Google Groups > "Jenkins Users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to jenkinsci-users+unsubscr...@googlegroups.com. > To view this discussion on the web visit https://groups.google.com/d/ms > gid/jenkinsci-users/CAFNCU--iadET9Ro-J4zJ1subOCiQ6Q5mi-gSkTx > HEzn-tAPibQ%40mail.gmail.com > <https://groups.google.com/d/msgid/jenkinsci-users/CAFNCU--iadET9Ro-J4zJ1subOCiQ6Q5mi-gSkTxHEzn-tAPibQ%40mail.gmail.com?utm_medium=email&utm_source=footer> > . > > For more options, visit https://groups.google.com/d/optout. > -- Antonio Muñiz Software Engineer CloudBees, Inc. -- You received this message because you are subscribed to the Google Groups "Jenkins Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/CAJc7kzR-hsiL4YGpWB9mg%2BTrb-%2BVEnjp3o007ZxSuZ5b0ZxY%3DA%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
