Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-48619

The GitHub plugin does not math author to existing user by email

    Details

    • Similar Issues:

      Description

      Jenkins is configured to allow log in via a 3rd party SAML provider.

       

      The list of changes created by the GitHub Branch Source plugin do not match authors to existing users by email. Instead new users are created with the identical email.

        Attachments

          Activity

          Hide
          ifernandezcalvo Ivan Fernandez Calvo added a comment -

          This issue is probably not related to SAML Plugin either Github Branch Source, it is more SCM related stuff

          Did you set the email attribute in Jenkins SAML configuration?
          Did you check that user has the email set in Jenkins?
          Which attribute do you set for the username in Jenkins SAML configuration?
          Is the identifier of commits the same that username attribute in Jenkins SAML configuration? if not it will not match it is how works the SCM integration

          Show
          ifernandezcalvo Ivan Fernandez Calvo added a comment - This issue is probably not related to SAML Plugin either Github Branch Source, it is more SCM related stuff Did you set the email attribute in Jenkins SAML configuration? Did you check that user has the email set in Jenkins? Which attribute do you set for the username in Jenkins SAML configuration? Is the identifier of commits the same that username attribute in Jenkins SAML configuration? if not it will not match it is how works the SCM integration
          Hide
          kentzo Ilya Kulakov added a comment -

          Ivan Fernandez Calvo

          I did not specify neither Username nor Email attributes in Jenkins SAML configuration.

          Upon the first login via SAML the user created by Jenkins has both the username and email set to email provided by 3rd party SAML provider.

          For the user in question I manually changed username to a nickname.

          The user created by SCM integration has identical email, but username is local-part of the email. E.g. username: joe.chin, email: joe.chin@sun.com

          Is the identifier of commits the same that username attribute in Jenkins SAML configuration? if not it will not match it is how works the SCM integration

          I would expect SCM integration to look up users by committer's email (if any) and then by author's email before creating new user.

          Is there anything I need / can adjust in the configuration to ensure commits will be attached to the existing user by email?

           

          Show
          kentzo Ilya Kulakov added a comment - Ivan Fernandez Calvo I did not specify neither Username nor Email attributes in Jenkins SAML configuration. Upon the first login via SAML the user created by Jenkins has both the username and email set to email provided by 3rd party SAML provider. For the user in question I manually changed username to a nickname. The user created by SCM integration has identical email, but username is local-part of the email. E.g. username: joe.chin, email: joe.chin@sun.com Is the identifier of commits the same that username attribute in Jenkins SAML configuration? if not it will not match it is how works the SCM integration I would expect SCM integration to look up users by committer's email (if any) and then by author's email before creating new user. Is there anything I need / can adjust in the configuration to ensure commits will be attached to the existing user by email?  
          Hide
          ifernandezcalvo Ivan Fernandez Calvo added a comment -

          >The user created by SCM integration has identical email, but username is local-part of the email. E.g. username: joe.chin, email: joe.chin@sun.com

          set the username attribute in the SAML configuration to create the users with the same UID that uses your SCM is the only way, I mean, if a user has login name "joe.chin" and email "joe.chin@sun.com", and the SCM integration create the user as "joe.chin", you have to check in your SAMLResponse if you send an attribute (login or something like that) with this value, then set the name of this attribute as username attribute in SAML Plugin configuration.

          Show
          ifernandezcalvo Ivan Fernandez Calvo added a comment - >The user created by SCM integration has identical email, but username is local-part of the email. E.g. username: joe.chin, email: joe.chin@sun.com set the username attribute in the SAML configuration to create the users with the same UID that uses your SCM is the only way, I mean, if a user has login name "joe.chin" and email "joe.chin@sun.com", and the SCM integration create the user as "joe.chin", you have to check in your SAMLResponse if you send an attribute (login or something like that) with this value, then set the name of this attribute as username attribute in SAML Plugin configuration.
          Hide
          kentzo Ilya Kulakov added a comment -

          Ivan, the number of attributes reported by the SAML provider is limited to the email only.

          I enabled the "Create new accounts based on author/committer's email" in the settings.

          However, it does not solve a situation when user uses different emails and usernames on SCM and SAML. Is it possible to provide multiple usernames / emails within a user profile in Jenkins?

           

          Show
          kentzo Ilya Kulakov added a comment - Ivan, the number of attributes reported by the SAML provider is limited to the email only. I enabled the "Create new accounts based on author/committer's email" in the settings. However, it does not solve a situation when user uses different emails and usernames on SCM and SAML. Is it possible to provide multiple usernames / emails within a user profile in Jenkins?  
          Hide
          ifernandezcalvo Ivan Fernandez Calvo added a comment -

          > Is it possible to provide multiple usernames / emails within a user profile in Jenkins?

          I do not think so.

          Your only solution it is to add the login attribute to your IdP configuration to send it in the SAML Response and use this login attribute as username, this will make that username in SAML and in SCM will match

          Show
          ifernandezcalvo Ivan Fernandez Calvo added a comment - > Is it possible to provide multiple usernames / emails within a user profile in Jenkins? I do not think so. Your only solution it is to add the login attribute to your IdP configuration to send it in the SAML Response and use this login attribute as username, this will make that username in SAML and in SCM will match

            People

            • Assignee:
              ifernandezcalvo Ivan Fernandez Calvo
              Reporter:
              kentzo Ilya Kulakov
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: