[JIRA] (JENKINS-50016) Contents of saml-sp-metadata.xml changes whenever jenkins service is restarted locking users out
Title: Message Title Ivan Fernandez Calvo resolved as Won't Do as design in the SAML Plugin 1.0.5 Jenkins / JENKINS-50016 Contents of saml-sp-metadata.xml changes whenever jenkins service is restarted locking users out Change By: Ivan Fernandez Calvo Status: Open Resolved Resolution: Won't Do Add Comment This message was sent by Atlassian JIRA (v7.3.0#73011-sha1:3c73d0e) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. For
[JIRA] (JENKINS-50016) Contents of saml-sp-metadata.xml changes whenever jenkins service is restarted locking users out
Title: Message Title Ivan Fernandez Calvo commented on JENKINS-50016 Re: Contents of saml-sp-metadata.xml changes whenever jenkins service is restarted locking users out https://github.com/jenkinsci/saml-plugin/blob/master/doc/CONFIGURE.md https://github.com/jenkinsci/saml-plugin/blob/master/doc/TROUBLESHOOTING.md https://github.com/jenkinsci/saml-plugin/blob/master/doc/CONFIGURE_AZURE.md Add Comment This message was sent by Atlassian JIRA (v7.3.0#73011-sha1:3c73d0e) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[JIRA] (JENKINS-50016) Contents of saml-sp-metadata.xml changes whenever jenkins service is restarted locking users out
Title: Message Title atul patel edited a comment on JENKINS-50016 Re: Contents of saml-sp-metadata.xml changes whenever jenkins service is restarted locking users out Do you have a link to any docs/examples how your proposed workaround could be achieved ? Sorry, I think Right now i need to check the linked ticket first 'm avoiding plugin upgrades, some plugins can be installed without a restart . Add Comment This message was sent by Atlassian JIRA (v7.3.0#73011-sha1:3c73d0e) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[JIRA] (JENKINS-50016) Contents of saml-sp-metadata.xml changes whenever jenkins service is restarted locking users out
Title: Message Title atul patel edited a comment on JENKINS-50016 Re: Contents of saml-sp-metadata.xml changes whenever jenkins service is restarted locking users out Do you have a link to any docs/examples how your proposed workaround could be achieved ?Sorry, I think its in i need to check the linked ticket - thanks first . Add Comment This message was sent by Atlassian JIRA (v7.3.0#73011-sha1:3c73d0e) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[JIRA] (JENKINS-50016) Contents of saml-sp-metadata.xml changes whenever jenkins service is restarted locking users out
Title: Message Title atul patel edited a comment on JENKINS-50016 Re: Contents of saml-sp-metadata.xml changes whenever jenkins service is restarted locking users out Do you have a link to any docs/examples how your proposed workaround could be achieved ? Sorry, I think its in the linked ticket - thanks. Add Comment This message was sent by Atlassian JIRA (v7.3.0#73011-sha1:3c73d0e) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[JIRA] (JENKINS-50016) Contents of saml-sp-metadata.xml changes whenever jenkins service is restarted locking users out
Title: Message Title atul patel commented on JENKINS-50016 Re: Contents of saml-sp-metadata.xml changes whenever jenkins service is restarted locking users out Do you have a link to any docs/examples how your proposed workaround could be achieved ? Add Comment This message was sent by Atlassian JIRA (v7.3.0#73011-sha1:3c73d0e) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[JIRA] (JENKINS-50016) Contents of saml-sp-metadata.xml changes whenever jenkins service is restarted locking users out
Title: Message Title Ivan Fernandez Calvo commented on JENKINS-50016 Re: Contents of saml-sp-metadata.xml changes whenever jenkins service is restarted locking users out The autogenerated key store is created in each restart, so the key change, there is a development in progress to change this behavior, you can configure the encryption settings with a custom keystore that you have to create this one will not change on every reboot. Add Comment This message was sent by Atlassian JIRA (v7.3.0#73011-sha1:3c73d0e) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[JIRA] (JENKINS-50016) Contents of saml-sp-metadata.xml changes whenever jenkins service is restarted locking users out
Title: Message Title atul patel updated an issue Jenkins / JENKINS-50016 Contents of saml-sp-metadata.xml changes whenever jenkins service is restarted locking users out Change By: atul patel Jenkins setup was configured to talk to AD via SAML, Users could login via SAML and Jenkins could show AD groups associated with users. All working as expected.A plugin update was available which required Jenkins to be restarted. Upon initiating the plugin update and requesting Jekins to restart resulted in users being locked out with an OOPS message.Restarting Jenkins service either via the WebUI or manually from the backend (systemctl restart) appears to re-generate the contents (x509Certificate data) in JENKINS_HOME/saml-sp-metadata.xml . Thus user is locked out with the following OOPs being reported;{code:java}org.pac4j.saml.exceptions.SAMLException: Authentication response is not success ; actual urn:oasis:names:tc:SAML:2.0:status:Responder{code}Not sure if regenerating the contents of saml-sp-metadata.xml is expected behaviour by design for perhaps security reasons? Not sure if its because the contents of JENKINS_HOME/saml-sp-metadata.xml is causing the lockout.Possible Workarounds; # Send new JENKINS_HOME/saml-sp-metadata.xml file to IT team to import into AD server - - need to confirm this works without further hacking - . This worked and got me working again - but not an ideal workaround where IT team is subcontracted out in a different time zone. # Attempt to restore a backup copy of $JENKINS_HOME/saml-sp-metadata.xml - attempted but this didn't work , this would be least disruptive and quicker turn around . # Hack $JENKINS_HOME/config.xml to disable SAML plugin to gain access - this worked, but a bit of a pain! Add Comment
[JIRA] (JENKINS-50016) Contents of saml-sp-metadata.xml changes whenever jenkins service is restarted locking users out
Title: Message Title atul patel updated an issue Jenkins / JENKINS-50016 Contents of saml-sp-metadata.xml changes whenever jenkins service is restarted locking users out Change By: atul patel Jenkins setup was configured to talk to AD via SAML, Users could login via SAML and Jenkins could show AD groups associated with users. All working as expected.A plugin update was available which required Jenkins to be restarted. Upon initiating the plugin update and requesting Jekins to restart resulted in users being locked out with an OOPS message.Restarting Jenkins service either via the WebUI or manually from the backend (systemctl restart) appears to re-generate the contents (x509Certificate data) in JENKINS_HOME/saml-sp-metadata.xml . Thus user is locked out with the following OOPs being reported;{code:java}org.pac4j.saml.exceptions.SAMLException: Authentication response is not success ; actual urn:oasis:names:tc:SAML:2.0:status:Responder{code}Not sure if regenerating the contents of saml-sp-metadata.xml is expected behaviour by design for perhaps security reasons? Not sure if its because the contents of JENKINS_HOME/saml-sp-metadata.xml is causing the root cause for the lockout.Possible Workarounds; # Send new JENKINS_HOME/saml-sp-metadata.xml file to IT team to import into AD server - -need to confirm this works without further hacking-. This worked and got me working again - but not an ideal workaround where IT team is subcontracted out in a different time zone. # Attempt to restore a backup copy of $JENKINS_HOME/saml-sp-metadata.xml - attempted but this didn't work, this would be least disruptive and quicker turn around. # Hack $JENKINS_HOME/config.xml to disable SAML plugin to gain access - this worked, but a bit of a pain! Add Comment
[JIRA] (JENKINS-50016) Contents of saml-sp-metadata.xml changes whenever jenkins service is restarted locking users out
Title: Message Title atul patel updated an issue Jenkins / JENKINS-50016 Contents of saml-sp-metadata.xml changes whenever jenkins service is restarted locking users out Change By: atul patel Jenkins setup was configured to talk to AD via SAML, Users could login via SAML and Jenkins could show AD groups associated with users. All working as expected.A plugin update was available which required Jenkins to be restarted. Upon initiating the plugin update and requesting Jekins to restart resulted in users being locked out with an OOPS message.Restarting Jenkins service either via the WebUI or manually from the backend (systemctl restart) appears to re-generate the contents (x509Certificate data) in JENKINS_HOME/saml-sp-metadata.xml . Thus user is locked out with the following OOPs being reported;{code:java}org.pac4j.saml.exceptions.SAMLException: Authentication response is not success ; actual urn:oasis:names:tc:SAML:2.0:status:Responder{code}Not sure if regenerating the contents of saml-sp-metadata.xml is expected behaviour by design for perhaps security reasons? Not sure if its because the contents of JENKINS_HOME/saml-sp-metadata.xml is causing the lockout. Possible Workarounds; # Send new JENKINS_HOME/saml-sp-metadata.xml file to IT team to import into AD server - need to confirm this works without further hacking. # Attempt to restore a backup copy of $JENKINS_HOME/saml-sp-metadata.xml - attempted but this didn't work. # Hack $JENKINS_HOME/config.xml to disable SAML plugin to gain access - this worked, but a bit of a pain! Add Comment
[JIRA] (JENKINS-50016) Contents of saml-sp-metadata.xml changes whenever jenkins service is restarted locking users out
Title: Message Title atul patel updated an issue Jenkins / JENKINS-50016 Contents of saml-sp-metadata.xml changes whenever jenkins service is restarted locking users out Change By: atul patel Attachment: jenkins_saml_stack_trace.txt Add Comment This message was sent by Atlassian JIRA (v7.3.0#73011-sha1:3c73d0e) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[JIRA] (JENKINS-50016) Contents of saml-sp-metadata.xml changes whenever jenkins service is restarted locking users out
Title: Message Title atul patel updated an issue Jenkins / JENKINS-50016 Contents of saml-sp-metadata.xml changes whenever jenkins service is restarted locking users out Change By: atul patel Jenkins setup was configured to talk to AD via SAML, Users could login via SAML and Jenkins could show AD groups associated with users. All working as expected.A plugin update was available which required Jenkins to be restarted. Upon initiating the plugin update and requesting Jekins to restart resulted in users being locked out with an OOPS message.Restarting Jenkins service either via the WebUI or manually from the backend (systemctl restart) appears to re-generate the contents (x509Certificate data) in JENKINS_HOME/saml-sp-metadata.xml . Thus user is locked out with the following OOPs being reported;{code:java}org.pac4j.saml.exceptions.SAMLException: Authentication response is not success ; actual urn:oasis:names:tc:SAML:2.0:status:Responder{code}Not sure if regenerating the contents of saml-sp-metadata.xml is expected behaviour by design for perhaps security reasons? Possible Workarounds; # Send new JENKINS_HOME/saml-sp-metadata.xml file to IT team to import into AD server - need to confirm this works without further hacking. # Attempt to restore a backup copy of $ JENKINS_HOME/saml-sp-metadata.xml - attempted but this didn't work. # Hack $JENKINS_HOME/config.xml to disable SAML plugin to gain access - this worked, but a bit of a pain! Add Comment This message was sent by Atlassian JIRA
[JIRA] (JENKINS-50016) Contents of saml-sp-metadata.xml changes whenever jenkins service is restarted locking users out
Title: Message Title atul patel updated an issue Jenkins / JENKINS-50016 Contents of saml-sp-metadata.xml changes whenever jenkins service is restarted locking users out Change By: atul patel Jenkins setup was configured to talk to AD via SAML, Users could login via SAML and Jenkins could show AD groups associated with users. All working as expected.A plugin update was available which required Jenkins to be restarted. Upon initiating the plugin update and requesting Jekins to restart resulted in users being locked out with an OOPS message.Restarting Jenkins service either via the WebUI or manually from the backend (systemctl restart) appears to re-generate the contents (x509Certificate data) in JENKINS_HOME/saml-sp-metadata.xml . Thus user is locked out with the following OOPs being reported;{code:java}org.pac4j.saml.exceptions.SAMLException: Authentication response is not success ; actual urn:oasis:names:tc:SAML:2.0:status:Responder{code}Not sure if regenerating the contents of saml-sp-metadata.xml is expected behaviour by design for perhaps security reasons? Possible Workarounds; # Send new JENKINS_HOME/saml-sp-metadata.xml file to IT team to import into AD server - need to confirm this works without further hacking . # Attempt to restore a backup copy of JENKINS_HOME/saml-sp-metadata.xml - attempted but this didn't work. Add Comment This message was sent by Atlassian JIRA (v7.3.0#73011-sha1:3c73d0e)
[JIRA] (JENKINS-50016) Contents of saml-sp-metadata.xml changes whenever jenkins service is restarted locking users out
Title: Message Title atul patel updated an issue Jenkins / JENKINS-50016 Contents of saml-sp-metadata.xml changes whenever jenkins service is restarted locking users out Change By: atul patel Jenkins setup was configured to talk to AD via SAML, Users could login via SAML and Jenkins could show AD groups associated with users. All working as expected.A plugin update was available which required Jenkins to be restarted. Upon initiating the plugin update and requesting Jekins to restart resulted in users being locked out with an OOPS message.Restarting Jenkins service either via the WebUI or manually from the backend (systemctl restart) appears to re-generate the contents (x509Certificate data) in JENKINS_HOME/saml-sp-metadata.xml . Thus user is locked out with the following OOPs being reported;{code:java}org.pac4j.saml.exceptions.SAMLException: Authentication response is not success ; actual urn:oasis:names:tc:SAML:2.0:status:Responder{code}Not sure if regenerating the contents of saml-sp-metadata.xml is expected behaviour by design for perhaps security reasons? Possible Workarounds;# Send new JENKINS_HOME/saml-sp-metadata.xml file to IT team to import into AD server - need to confirm this works. # Attempt to restore a backup copy of JENKINS_HOME/saml-sp-metadata.xml - attempted but this didn't work. Add Comment This message was sent by Atlassian JIRA (v7.3.0#73011-sha1:3c73d0e)
[JIRA] (JENKINS-50016) Contents of saml-sp-metadata.xml changes whenever jenkins service is restarted locking users out
Title: Message Title atul patel created an issue Jenkins / JENKINS-50016 Contents of saml-sp-metadata.xml changes whenever jenkins service is restarted locking users out Issue Type: Bug Assignee: Ivan Fernandez Calvo Components: saml-plugin Created: 2018-03-08 12:50 Environment: Host Machine : Ubuntu Xenial (16.04) , hosted in AWS. Jenkins : ver. 2.89.4 SAML Plugin : saml-1.0.5 Labels: SAML2 saml exception Priority: Major Reporter: atul patel Jenkins setup was configured to talk to AD via SAML, Users could login via SAML and Jenkins could show AD groups associated with users. All working as expected. A plugin update was available which required Jenkins to be restarted. Upon initiating the plugin update and requesting Jekins to restart resulted in users being locked out with an OOPS message. Restarting Jenkins service either via the WebUI or manually from the backend (systemctl restart) appears to re-generate the contents (x509Certificate data) in JENKINS_HOME/saml-sp-metadata.xml . Thus user is locked out with the following OOPs being reported; org.pac4j.saml.exceptions.SAMLException: Authentication response is not success ; actual urn:oasis:names:tc:SAML:2.0:status:Responder Not sure if regenerating the contents of saml-sp-metadata.xml is expected behaviour by