Hello James, Did you get this working? I am too facing all sorts of issues trying to do so.
Regards, Vikas On Monday, 16 January 2017 14:09:07 UTC+11, James Regis wrote: > > Hello, > > I am trying to make jenkins + saml plugin + keycloak working together and > I am facing a issue. > > I have gnerate the IDP metadata and once I am trying to login : > http://jenkins.example.com/securityRealm/finishLogin, I am redirected to > the keycloak login page. > > When I am trying to login with my googel credentials, I have this error : > > *javax.servlet.ServletException: org.pac4j.saml.exceptions.SamlException: > Error decoding saml message > at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:796) > at org.kohsuke.stapler.Stapler.invoke(Stapler.java:876) > at org.kohsuke.stapler.MetaClass$3.doDispatch(MetaClass.java:197) > at > org.kohsuke.stapler.NameBasedDispatcher.dispatch(NameBasedDispatcher.java:58)* > > *.......* > > *Caused by: org.opensaml.ws.security.SecurityPolicyException: Validation of > protocol message signature failed > at > org.opensaml.common.binding.security.SAMLProtocolMessageXMLSignatureSecurityPolicyRule.doEvaluate(SAMLProtocolMessageXMLSignatureSecurityPolicyRule.java:138) > at > org.opensaml.common.binding.security.SAMLProtocolMessageXMLSignatureSecurityPolicyRule.evaluate(SAMLProtocolMessageXMLSignatureSecurityPolicyRule.java:107) > at > org.opensaml.ws.security.provider.BasicSecurityPolicy.evaluate(BasicSecurityPolicy.java:50) > at > org.opensaml.ws.message.decoder.BaseMessageDecoder.processSecurityPolicy(BaseMessageDecoder.java:131) > at > org.opensaml.ws.message.decoder.BaseMessageDecoder.decode(BaseMessageDecoder.java:82) > at > org.opensaml.saml2.binding.decoding.BaseSAML2MessageDecoder.decode(BaseSAML2MessageDecoder.java:70)* > > After some googling, I found this website : > > http://samaratips.blogspot.ca/2016/10/sso-using-saml.html > > which said : > > Add IDP public key for signing messages to java key store. It can be found in > incoming saml message from IDP. > > > My questions are : > > - Is there somebody who have succeed to make jenkins/saml plugin + keycloak > work together ? > > - How can I add the IDP public key to my keystore and how to configure > jenkins to decode saml message with the key in the keystore ? > > Any help/hints will be appriacated. > > Regards. > > James > > > -- You received this message because you are subscribed to the Google Groups "Jenkins Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/413f3a73-71b6-46d4-bad8-8a3899729549%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
