Details

    • Type: New Feature
    • Status: Closed (View Workflow)
    • Priority: Minor
    • Resolution: Won't Do
    • Component/s: saml-plugin
    • Labels:
      None
    • Environment:
      Jenkins ver. 2.149
    • Similar Issues:

      Description

      this has been resolved now

        Attachments

          Activity

          Hide
          ifernandezcalvo Ivan Fernandez Calvo added a comment -

          it is not a standard method to pass groups, indeed is a workaround, I ask to this in the past, I do not want to support weird, not standard behaviors see this PR for more info https://github.com/jenkinsci/saml-plugin/pull/34

          Show
          ifernandezcalvo Ivan Fernandez Calvo added a comment - it is not a standard method to pass groups, indeed is a workaround, I ask to this in the past, I do not want to support weird, not standard behaviors see this PR for more info https://github.com/jenkinsci/saml-plugin/pull/34 Check it your IdP can integrate with your LDAP/AD in a way that returns a list, I know that OneLogin works with the plugins, so it should be possible, contact with OneLogin support. if after all, you want to make it, It can be done implementing a securityListener like this https://github.com/jenkinsci/saml-plugin/blob/master/src/main/java/org/jenkinsci/plugins/saml/user/LoginDetailsProperty.java#L128-L168 , it should replace the authorities with a list instead of an element, but this should be done in another plugin not here is not SAML standard.
          Hide
          ifernandezcalvo Ivan Fernandez Calvo added a comment -

          by the way this is the correct way to send groups

          ```
          <saml:Attribute Name="urn:mace:dir:attribute-def:groups" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
          <saml:AttributeValue xsi:type="xs:string">developer</saml:AttributeValue>
          <saml:AttributeValue xsi:type="xs:string">browser</saml:AttributeValue>
          </saml:Attribute>
          ```

          your integration is doing this that it is completely wrong

          ```
          <saml:Attribute Name="urn:mace:dir:attribute-def:groups" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
          <saml:AttributeValue xsi:type="xs:string">developer,browser</saml:AttributeValue>
          </saml:Attribute>
          ```

          Show
          ifernandezcalvo Ivan Fernandez Calvo added a comment - by the way this is the correct way to send groups ``` <saml:Attribute Name="urn:mace:dir:attribute-def:groups" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"> <saml:AttributeValue xsi:type="xs:string">developer</saml:AttributeValue> <saml:AttributeValue xsi:type="xs:string">browser</saml:AttributeValue> </saml:Attribute> ``` your integration is doing this that it is completely wrong ``` <saml:Attribute Name="urn:mace:dir:attribute-def:groups" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"> <saml:AttributeValue xsi:type="xs:string">developer,browser</saml:AttributeValue> </saml:Attribute> ```

            People

            • Assignee:
              ifernandezcalvo Ivan Fernandez Calvo
              Reporter:
              synalogik Ebrahim Moshaya
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: