Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-54247

Add to TROUBLESHOOTING how to backup/restore current keys

    Details

    • Similar Issues:
    • Released As:
      saml-1.1.2

      Description

      Hi,

      I tried to find a way to save current keys used for saml auth. But it was unsuccessful. 

      I can backup metadata (directly from the plugin configuration link).

      Is there way to backup current keys that uses SAML plugin?

      For example, we redeployed completely from scratch  Jenkins master, is there a way to use the same metadata without reconfiguring idP? It would be nice to add this info to : https://github.com/jenkinsci/saml-plugin/blob/master/doc/TROUBLESHOOTING.md

      Thank you!

        Attachments

          Activity

          Hide
          ifernandezcalvo Ivan Fernandez Calvo added a comment -

          If you configured the encryption settings, you only have to copy the key store and the config files (you should maintain the secrets also). The default key store is "JENKINS_HOME/saml-jenkins-keystore.jks" the configuration is in "JENKINS_HOME/saml-jenkins-keystore.xml" some data is encrypted, so it is not for manual manage, and it only is valid for a Jenkins with the same JANKINS_HOME/secrets.

          Show
          ifernandezcalvo Ivan Fernandez Calvo added a comment - If you configured the encryption settings, you only have to copy the key store and the config files (you should maintain the secrets also). The default key store is "JENKINS_HOME/saml-jenkins-keystore.jks" the configuration is in "JENKINS_HOME/saml-jenkins-keystore.xml" some data is encrypted, so it is not for manual manage, and it only is valid for a Jenkins with the same JANKINS_HOME/secrets.
          Hide
          astepano Andrei Stepanov added a comment -

          Hi, thank you for answer.

           

          I our Jenkins:  checkbox "Encryption Configuration" is not set.

          Does this mean that Jenkins master doesn't have personal private key to talk to idP?

          Could you please just in steps say what I need to back up, and how to restore?

          We do not use "Encryption Configuration" checkbox is SAML plugin configuration.

           

          Show
          astepano Andrei Stepanov added a comment - Hi, thank you for answer.   I our Jenkins:  checkbox "Encryption Configuration" is not set. Does this mean that Jenkins master doesn't have personal private key to talk to idP? Could you please just in steps say what I need to back up, and how to restore? We do not use "Encryption Configuration" checkbox is SAML plugin configuration.  
          Hide
          ifernandezcalvo Ivan Fernandez Calvo added a comment -

          >Does this mean that Jenkins master doesn't have personal private key to talk to idP?

          The plugin creates a key pair automatically and stores them in "JENKINS_HOME/saml-jenkins-keystore.jks", then store the data related into "JENKINS_HOME/saml-jenkins-keystore.xml", you can grab the public key from "JENKINS_HOME/saml-sp-metadata.xml".

          >Could you please just in steps say what I need to back up, and how to restore?

          You need the following files to restore the SAML configuration

          • JENKINS_HOME/config.xml
          • JENKINS_HOME/saml-jenkins-keystore.jks
          • JENKINS_HOME/saml-jenkins-keystore.xml
          • JENKINS_HOME/saml-ipd-metadata.xml
          • JENKINS_HOME/saml-sp-metadata.xml
          • Also you need the same secret.key, if not the configuration is impossible to unencrypt

          but in any case, you use to make a backup of your full JENKINS_HOME to make your Jenkins instance work properly (not only SAML Plugin), I recommend you to take a look at this CloudBees KB https://support.cloudbees.com/hc/en-us/articles/216241937-Migration-Guide-CloudBees-Jenkins-Platform-and-CloudBees-Jenkins-Team-

          Show
          ifernandezcalvo Ivan Fernandez Calvo added a comment - >Does this mean that Jenkins master doesn't have personal private key to talk to idP? The plugin creates a key pair automatically and stores them in "JENKINS_HOME/saml-jenkins-keystore.jks", then store the data related into "JENKINS_HOME/saml-jenkins-keystore.xml", you can grab the public key from "JENKINS_HOME/saml-sp-metadata.xml". >Could you please just in steps say what I need to back up, and how to restore? You need the following files to restore the SAML configuration JENKINS_HOME/config.xml JENKINS_HOME/saml-jenkins-keystore.jks JENKINS_HOME/saml-jenkins-keystore.xml JENKINS_HOME/saml-ipd-metadata.xml JENKINS_HOME/saml-sp-metadata.xml Also you need the same secret.key, if not the configuration is impossible to unencrypt but in any case, you use to make a backup of your full JENKINS_HOME to make your Jenkins instance work properly (not only SAML Plugin), I recommend you to take a look at this CloudBees KB https://support.cloudbees.com/hc/en-us/articles/216241937-Migration-Guide-CloudBees-Jenkins-Platform-and-CloudBees-Jenkins-Team-
          Hide
          astepano Andrei Stepanov added a comment -

          Okay, thank you. I think this ticket can be closed.

          Show
          astepano Andrei Stepanov added a comment - Okay, thank you. I think this ticket can be closed.

            People

            • Assignee:
              ifernandezcalvo Ivan Fernandez Calvo
              Reporter:
              astepano Andrei Stepanov
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: