[JIRA] (JENKINS-61609) Jenkins Openid connect plugin fails to parse groups from AD
Title: Message Title Leo L started work on JENKINS-61609 Change By: Leo L Status: Open In Progress Add Comment This message was sent by Atlassian Jira (v7.13.12#713012-sha1:6e07c38) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-issues/JIRA.205311.1584794668000.13131.1585161540576%40Atlassian.JIRA.
[JIRA] (JENKINS-61609) Jenkins Openid connect plugin fails to parse groups from AD
Title: Message Title Leo L assigned an issue to Leo L Jenkins / JENKINS-61609 Jenkins Openid connect plugin fails to parse groups from AD Change By: Leo L Assignee: Leo L Add Comment This message was sent by Atlassian Jira (v7.13.12#713012-sha1:6e07c38) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-issues/JIRA.205311.1584794668000.13130.1585161540546%40Atlassian.JIRA.
[JIRA] (JENKINS-61609) Jenkins Openid connect plugin fails to parse groups from AD
Title: Message Title Leo L commented on JENKINS-61609 Re: Jenkins Openid connect plugin fails to parse groups from AD Added a pull request with suggestion how to address the problem. https://github.com/jenkinsci/oic-auth-plugin/pull/90 Add Comment This message was sent by Atlassian Jira (v7.13.12#713012-sha1:6e07c38) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-issues/JIRA.205311.1584794668000.13126.1585161540486%40Atlassian.JIRA.
[JIRA] (JENKINS-61609) Jenkins Openid connect plugin fails to parse groups from AD
Title: Message Title Leo L updated an issue Jenkins / JENKINS-61609 Jenkins Openid connect plugin fails to parse groups from AD Change By: Leo L Priority: Minor Major Add Comment This message was sent by Atlassian Jira (v7.13.12#713012-sha1:6e07c38) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-issues/JIRA.205311.1584794668000.13127.1585161540499%40Atlassian.JIRA.
[JIRA] (JENKINS-61609) Jenkins Openid connect plugin fails to parse groups from AD
Title: Message Title
Leo L created an issue
Jenkins / JENKINS-61609
Jenkins Openid connect plugin fails to parse groups from AD
Issue Type:
Bug
Assignee:
Unassigned
Components:
oic-auth-plugin
Created:
2020-03-21 12:44
Priority:
Minor
Reporter:
Leo L
Currently, the parsing of "groups" information in the openid connect flow, when the payload is in MS ADFS format, instead of json array format. To illustrate, this works as expected:
{
"sub": "someUUID",
"groups": [
"group1",
"group2"
],
"username": "myusername"
}
However, following ADFS based format parsing doesnt work as its seen as a string instead of list:
{
"sub": "someUUID",
"groups": "[group1, group2]",
"username": "myusername"
}
We cannot change this latter format of groups, because we are using managed services in between, that do not allow conversion (ADFS thru SAML to AWS Cognito which acts as OIC server). As a result, we experience following stacktrace:
java.lang.ClassCastException: java.lang.String cannot be cast to java.util.List
at org.jenkinsci.plugins.oic.OicSecurityRealm.determineAuthorities(OicSecurityRealm.java:562)
at
