[JIRA] (JENKINS-61655) SAML plugin wrong configuration
Title: Message Title Ivan Fernandez Calvo closed an issue as Not A Defect Jenkins / JENKINS-61655 SAML plugin wrong configuration Change By: Ivan Fernandez Calvo Status: Open Closed Resolution: Not A Defect Add Comment This message was sent by Atlassian Jira (v7.13.12#713012-sha1:6e07c38) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-issues/JIRA.205385.1585025004000.5065.1585825320272%40Atlassian.JIRA.
[JIRA] (JENKINS-61655) SAML plugin wrong configuration
Title: Message Title Ivan Fernandez Calvo commented on JENKINS-61655 Re: SAML plugin wrong configuration To back to the previous Security realm you need a backup of the JENKINS_HOME/config.xml file, change it and restart Jenkins. If you do not have that file, the only way it is to disable security and configure the security realm again https://jenkins.io/doc/book/system-administration/security/#disabling-security Add Comment This message was sent by Atlassian Jira (v7.13.12#713012-sha1:6e07c38) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-issues/JIRA.205385.1585025004000.11844.1585048800208%40Atlassian.JIRA.
[JIRA] (JENKINS-61655) SAML plugin wrong configuration
Title: Message Title johnny kamel commented on JENKINS-61655 Re: SAML plugin wrong configuration Thank you Ivan Fernandez Calvo attached is the idp metadata, however it is a staging metadata so we might want to disable SAML altogether and revert back to logging in without SAML instead of trying to keep SAML enabled and try to rely on this metadata. I will follow up with the dev team to see if the JENKINS_HOME/saml-idp-metadata.xml is created. With the information you have so far is it possible to know how we can disable the plugin altogether to revert back to jenkins user credentials before we try at a later time to use the SAML plugin? Like you mentioned, the metadata URL may not be correct as provided Add Comment This message was sent by Atlassian Jira (v7.13.12#713012-sha1:6e07c38) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-issues/JIRA.205385.1585025004000.11793.1585045920104%40Atlassian.JIRA.
[JIRA] (JENKINS-61655) SAML plugin wrong configuration
Title: Message Title johnny kamel updated an issue Jenkins / JENKINS-61655 SAML plugin wrong configuration Change By: johnny kamel Attachment: federationmetadata (3).xml Add Comment This message was sent by Atlassian Jira (v7.13.12#713012-sha1:6e07c38) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-issues/JIRA.205385.1585025004000.11787.1585045500138%40Atlassian.JIRA.
[JIRA] (JENKINS-61655) SAML plugin wrong configuration
Title: Message Title Ivan Fernandez Calvo commented on JENKINS-61655 Re: SAML plugin wrong configuration Could you please attach the IdP metadata? Can you check if the JENKINS_HOME/saml-ipd-metadata.xml is created? Could you check if the IdP metadata file looks like this one? https://github.com/jenkinsci/saml-plugin/blob/master/doc/TROUBLESHOOTING.md#idp-metadata The error org.pac4j.saml.exceptions.SAMLException: No idp entityId found at suggest me that EntityDescriptor section is not correct, the entityID is not set or it is incorrect. "https://www.w3.org/2001/XMLSchema-instance" xmlns="urn:oasis:names:tc:SAML:2.0:metadata" entityID="https://SAML_SERVER/idp/"> Add Comment This message was sent by Atlassian Jira (v7.13.12#713012-sha1:6e07c38) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-issues/JIRA.205385.1585025004000.11746.1585044240143%40Atlassian.JIRA.
[JIRA] (JENKINS-61655) SAML plugin wrong configuration
Title: Message Title Ivan Fernandez Calvo updated an issue Jenkins / JENKINS-61655 SAML plugin wrong configuration Change By: Ivan Fernandez Calvo Steps: 1- Logged in as admin to jenkins (jenkins.bre.mcd.com)2- Installed SAML plugin 1.1.53- Configured plugin with idP metadata: ([https://gasstg.mcd.com/federationmetadata/2007-06/federationmetadata.xml)] 4- Was logged out of Jenkins and now can't log back in, most likely as was testing the metadata and didn't want it to take effect Full stack trace below, when trying to access jenkins.bre.mcd.com via browserh2. Stack trace {code} org.pac4j.saml.exceptions.SAMLException: No idp entityId found at org.pac4j.saml.metadata.SAML2IdentityProviderMetadataResolver.resolve(SAML2IdentityProviderMetadataResolver.java:107) at org.pac4j.saml.client.SAML2Client.initIdentityProviderMetadataResolver(SAML2Client.java:170) at org.pac4j.saml.client.SAML2Client.internalInit(SAML2Client.java:115) at org.pac4j.core.util.InitializableWebObject.init(InitializableWebObject.java:24) at org.jenkinsci.plugins.saml.OpenSAMLWrapper.createSAML2Client(OpenSAMLWrapper.java:153) at org.jenkinsci.plugins.saml.SamlRedirectActionWrapper.process(SamlRedirectActionWrapper.java:45) at org.jenkinsci.plugins.saml.SamlRedirectActionWrapper.process(SamlRedirectActionWrapper.java:30) at org.jenkinsci.plugins.saml.OpenSAMLWrapper.get(OpenSAMLWrapper.java:64) at org.jenkinsci.plugins.saml.SamlSecurityRealm.doCommenceLogin(SamlSecurityRealm.java:257) at java.lang.invoke.MethodHandle.invokeWithArguments(MethodHandle.java:627) at org.kohsuke.stapler.Function$MethodFunction.invoke(Function.java:396) at org.kohsuke.stapler.Function$InstanceFunction.invoke(Function.java:408) at org.kohsuke.stapler.Function.bindAndInvoke(Function.java:212) at org.kohsuke.stapler.Function.bindAndInvokeAndServeResponse(Function.java:145) at org.kohsuke.stapler.MetaClass$11.doDispatch(MetaClass.java:535) at org.kohsuke.stapler.NameBasedDispatcher.dispatch(NameBasedDispatcher.java:58) at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:747) Caused: javax.servlet.ServletException at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:797) at org.kohsuke.stapler.Stapler.invoke(Stapler.java:878) at org.kohsuke.stapler.MetaClass$2.doDispatch(MetaClass.java:219) at org.kohsuke.stapler.NameBasedDispatcher.dispatch(NameBasedDispatcher.java:58) at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:747) at org.kohsuke.stapler.Stapler.invoke(Stapler.java:878) at org.kohsuke.stapler.Stapler.invoke(Stapler.java:676) at org.kohsuke.stapler.Stapler.service(Stapler.java:238) at javax.servlet.http.HttpServlet.service(HttpServlet.java:790) at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:873) at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1623) at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:154) at org.jenkinsci.plugins.ssegateway.Endpoint$SSEListenChannelFilter.doFilter(Endpoint.java:246) at
[JIRA] (JENKINS-61655) SAML plugin wrong configuration
Title: Message Title johnny kamel created an issue Jenkins / JENKINS-61655 SAML plugin wrong configuration Issue Type: Bug Assignee: Ivan Fernandez Calvo Components: saml-plugin Created: 2020-03-24 04:43 Environment: production, runing jenkins in a container , SAML plugin 1.1.5. jenkins.bre.mcd.com Priority: Major Reporter: johnny kamel Steps: 1- Logged in as admin to jenkins (jenkins.bre.mcd.com) 2- Installed SAML plugin 1.1.5 3- Configured plugin with idP metadata: (https://gasstg.mcd.com/federationmetadata/2007-06/federationmetadata.xml) 4- Was logged out of Jenkins and now can't log back in, most likely as was testing the metadata and didn't want it to take effect Full stack trace below, when trying to access jenkins.bre.mcd.com via browser Stack trace org.pac4j.saml.exceptions.SAMLException: No idp entityId found at org.pac4j.saml.metadata.SAML2IdentityProviderMetadataResolver.resolve(SAML2IdentityProviderMetadataResolver.java:107) at org.pac4j.saml.client.SAML2Client.initIdentityProviderMetadataResolver(SAML2Client.java:170) at org.pac4j.saml.client.SAML2Client.internalInit(SAML2Client.java:115) at org.pac4j.core.util.InitializableWebObject.init(InitializableWebObject.java:24) at org.jenkinsci.plugins.saml.OpenSAMLWrapper.createSAML2Client(OpenSAMLWrapper.java:153) at org.jenkinsci.plugins.saml.SamlRedirectActionWrapper.process(SamlRedirectActionWrapper.java:45) at org.jenkinsci.plugins.saml.SamlRedirectActionWrapper.process(SamlRedirectActionWrapper.java:30) at org.jenkinsci.plugins.saml.OpenSAMLWrapper.get(OpenSAMLWrapper.java:64) at org.jenkinsci.plugins.saml.SamlSecurityRealm.doCommenceLogin(SamlSecurityRealm.java:257) at java.lang.invoke.MethodHandle.invokeWithArguments(MethodHandle.java:627) at