Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-51686

SSO is not working after upgrading to new versions

    Details

    • Type: Bug
    • Status: Closed (View Workflow)
    • Priority: Minor
    • Resolution: Incomplete
    • Component/s: saml-plugin
    • Labels:
      None
    • Environment:
      JENKINS VERSION: 2.124
      SAML PLUGIN VERSION:1.0.5
    • Similar Issues:

      Description

      Hi Team,

      We have working "sso" setup on Jenkins 2.73.3 version. And when we tried to setup sso on new jenkins(Version: 2.124)It'sts not reading metadata properly.  It's throwing

      "org.pac4j.saml.exceptions.SAMLException: Cannot find entity org.pac4j.saml.metadata.SAML2ServiceProviderMetadataResolver@2411b522 or role {urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor in metadata provider"

       

      After debugging it, i can see it is trying to search "SPSSODescriptor" actually we don't have that tag in my IDP Data.(we have "IDPSSODescriptor") tag.

       

      Please suggest what to do next?

       

        Attachments

          Activity

          Hide
          gaky anil g added a comment -

          Hi Ivan Fernandez Calvo,

          SAML Plugin expecting both IDPSSO and SPSSO descriptors in the metadata.

          When I checked with my IDP provider, they told they won't provide SPSSO metadata. I am not sure whether its right approach or not. As a workaround, I added a new metadata block as SPSSO and copied same metadata from IDP SSO. It's worked. 

          Do we need both IDP SSO and SPSSO metadata descriptors in IDP metadata?


          Thanks,
          Anil G

          Show
          gaky anil g added a comment - Hi Ivan Fernandez Calvo , SAML Plugin expecting both IDPSSO and SPSSO descriptors in the metadata. When I checked with my IDP provider, they told they won't provide SPSSO metadata. I am not sure whether its right approach or not. As a workaround, I added a new metadata block as SPSSO and copied same metadata from IDP SSO. It's worked.  Do we need both IDP SSO and SPSSO metadata descriptors in IDP metadata? – Thanks, Anil G
          Hide
          ifernandezcalvo Ivan Fernandez Calvo added a comment -

          Validate the IdP Metadata with the check configuration button in the Manage Jenkins/Global Security
          Try to save the configuration again.
          check if JENKINS_HOME/saml-idp-metadata.xml and JENKINS_HOME/saml-sp-metadata.xml files exist
          review the troubleshooting guide
          review the configuration guide

          Show
          ifernandezcalvo Ivan Fernandez Calvo added a comment - Validate the IdP Metadata with the check configuration button in the Manage Jenkins/Global Security Try to save the configuration again. check if JENKINS_HOME/saml-idp-metadata.xml and JENKINS_HOME/saml-sp-metadata.xml files exist review the troubleshooting guide review the configuration guide
          Hide
          ifernandezcalvo Ivan Fernandez Calvo added a comment -

          anil g Is the issue resolved? 

          Show
          ifernandezcalvo Ivan Fernandez Calvo added a comment - anil g Is the issue resolved? 

            People

            • Assignee:
              ifernandezcalvo Ivan Fernandez Calvo
              Reporter:
              gaky anil g
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: