Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-55232

regarding Authentication response is not success message

    Details

    • Type: Improvement
    • Status: Closed (View Workflow)
    • Priority: Minor
    • Resolution: Not A Defect
    • Component/s: saml-plugin
    • Labels:
      None
    • Similar Issues:

      Description

      Hi.

       

      I need help. I am beginner regarding auth.

      I want to connect AD FS 4.0 with Jenkins using saml plugin.

      After installed Jenkins (lts) and saml plugin (latest),

      Configure Global Security > 

      select SAML 2.0 in Security Realm

       

      IdP Metadata URL : https://sts-dev.secsso.net/federationmetadata/2007-06/federationmetadata.xml

      Refresh Period : 0

      Display Name Attribute : SEC_LOGINID

      Group Attribute : (empty)

      Maximum Authentication Lifetime : 86400

      Username Attribute : SEC_LOGINID

      Email Attribute : SEC_MAIL

      Username Case Conversion : None

      Data Binding Method : HTTP-POST

      Logout URL : (empty)

       

      and save,

      there's log in Jenkins

      Is this OK ?

      Dec 18, 2018 3:03:31 AM org.springframework.context.support.AbstractApplicationContext prepareRefreshDec 18, 2018 3:03:31 AM org.springframework.context.support.AbstractApplicationContext prepareRefreshINFO: Refreshing org.springframework.web.context.support.StaticWebApplicationContext@660e8514: display name [Root WebApplicationContext]; startup date [Tue Dec 18 03:03:31 UTC 2018]; root of context hierarchyDec 18, 2018 3:03:31 AM org.springframework.context.support.AbstractApplicationContext obtainFreshBeanFactoryINFO: Bean factory for application context [org.springframework.web.context.support.StaticWebApplicationContext@660e8514]: org.springframework.beans.factory.support.DefaultListableBeanFactory@175ab9f6Dec 18, 2018 3:03:31 AM org.springframework.beans.factory.support.DefaultListableBeanFactory preInstantiateSingletonsINFO: Pre-instantiating singletons in org.springframework.beans.factory.support.DefaultListableBeanFactory@175ab9f6: defining beans [filter,legacy]; root of factory hierarchyDec 18, 2018 3:03:31 AM hudson.model.listeners.SaveableListener fireOnChangeWARNING: nulljava.lang.NullPointerException at com.google.common.base.Preconditions.checkNotNull(Preconditions.java:187) at com.google.common.cache.LocalCache.getIfPresent(LocalCache.java:3953) at com.google.common.cache.LocalCache$LocalManualCache.getIfPresent(LocalCache.java:4758) at org.csanchez.jenkins.plugins.kubernetes.KubernetesClientProvider$SaveableListenerImpl.onChange(KubernetesClientProvider.java:164) at hudson.model.listeners.SaveableListener.fireOnChange(SaveableListener.java:81) at jenkins.model.Jenkins.save(Jenkins.java:3242) at hudson.BulkChange.commit(BulkChange.java:98) at hudson.security.GlobalSecurityConfiguration.doConfigure(GlobalSecurityConfiguration.java:106) at java.lang.invoke.MethodHandle.invokeWithArguments(MethodHandle.java:627) at org.kohsuke.stapler.Function$MethodFunction.invoke(Function.java:396) at org.kohsuke.stapler.Function$InstanceFunction.invoke(Function.java:408) at org.kohsuke.stapler.interceptor.RequirePOST$Processor.invoke(RequirePOST.java:77) at org.kohsuke.stapler.PreInvokeInterceptedFunction.invoke(PreInvokeInterceptedFunction.java:26) at org.kohsuke.stapler.Function.bindAndInvoke(Function.java:212) at org.kohsuke.stapler.Function.bindAndInvokeAndServeResponse(Function.java:145) at org.kohsuke.stapler.MetaClass$11.doDispatch(MetaClass.java:537) at org.kohsuke.stapler.NameBasedDispatcher.dispatch(NameBasedDispatcher.java:58) at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:739) at org.kohsuke.stapler.Stapler.invoke(Stapler.java:870) at org.kohsuke.stapler.MetaClass$9.dispatch(MetaClass.java:458) at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:739) at org.kohsuke.stapler.Stapler.invoke(Stapler.java:870) at org.kohsuke.stapler.Stapler.invoke(Stapler.java:668) at org.kohsuke.stapler.Stapler.service(Stapler.java:238) at javax.servlet.http.HttpServlet.service(HttpServlet.java:790) at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:865) at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1655) at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:154) at org.jenkinsci.plugins.ssegateway.Endpoint$SSEListenChannelFilter.doFilter(Endpoint.java:243) at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:151) at io.jenkins.blueocean.ResourceCacheControl.doFilter(ResourceCacheControl.java:134) at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:151) at io.jenkins.blueocean.auth.jwt.impl.JwtAuthenticationFilter.doFilter(JwtAuthenticationFilter.java:61) at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:151) at jenkins.telemetry.impl.UserLanguages$AcceptLanguageFilter.doFilter(UserLanguages.java:128) at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:151) at hudson.util.PluginServletFilter.doFilter(PluginServletFilter.java:157) at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1642) at hudson.security.csrf.CrumbFilter.doFilter(CrumbFilter.java:99) at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1642) at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:84) at hudson.security.UnwrapSecurityExceptionFilter.doFilter(UnwrapSecurityExceptionFilter.java:51) at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) at jenkins.security.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:117) at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) at org.acegisecurity.providers.anonymous.AnonymousProcessingFilter.doFilter(AnonymousProcessingFilter.java:125) at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) at org.acegisecurity.ui.rememberme.RememberMeProcessingFilter.doFilter(RememberMeProcessingFilter.java:142) at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) at org.acegisecurity.ui.AbstractProcessingFilter.doFilter(AbstractProcessingFilter.java:271) at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) at jenkins.security.BasicHeaderProcessor.doFilter(BasicHeaderProcessor.java:93) at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) at org.acegisecurity.context.HttpSessionContextIntegrationFilter.doFilter(HttpSessionContextIntegrationFilter.java:249) at hudson.security.HttpSessionContextIntegrationFilter2.doFilter(HttpSessionContextIntegrationFilter2.java:67) at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) at hudson.security.ChainedServletFilter.doFilter(ChainedServletFilter.java:90) at hudson.security.HudsonFilter.doFilter(HudsonFilter.java:171) at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1642) at org.kohsuke.stapler.compression.CompressionFilter.doFilter(CompressionFilter.java:49) at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1642) at hudson.util.CharacterEncodingFilter.doFilter(CharacterEncodingFilter.java:82) at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1642) at org.kohsuke.stapler.DiagnosticThreadNameFilter.doFilter(DiagnosticThreadNameFilter.java:30) at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1642) at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:533) at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:146) at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:524) at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:132) at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:257) at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:1595) at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:255) at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1340) at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:203) at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:473) at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:1564) at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:201) at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1242) at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:144) at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:132) at org.eclipse.jetty.server.Server.handle(Server.java:503) at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:364) at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:260) at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:305) at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:103) at org.eclipse.jetty.io.ChannelEndPoint$2.run(ChannelEndPoint.java:118) at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.runTask(EatWhatYouKill.java:333) at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.doProduce(EatWhatYouKill.java:310) at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.tryProduce(EatWhatYouKill.java:168) at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.run(EatWhatYouKill.java:126) at org.eclipse.jetty.util.thread.ReservedThreadExecutor$ReservedThread.run(ReservedThreadExecutor.java:366) at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:765) at org.eclipse.jetty.util.thread.QueuedThreadPool$2.run(QueuedThreadPool.java:683) at java.lang.Thread.run(Thread.java:748)
      

       

      anyway, then, click login button

      the page redirect login and input ID and password 

      and then redirect to https://nwse.sec.samsung.net/stage-jenkins/samlLogout/

      that shows  

      You are now logged out of Jenkins, however this has not logged you out of SAML.

      Have a nice day

       

      and jenkins log is below.

      Dec 18, 2018 3:05:46 AM org.opensaml.core.config.InitializationService initializeDec 18, 2018 3:05:46 AM org.opensaml.core.config.InitializationService initializeINFO: Initializing OpenSAML using the Java Services APIDec 18, 2018 3:05:46 AM org.pac4j.saml.metadata.SAML2ServiceProviderMetadataResolver <init>INFO: Using SP entity ID https://nwse.sec.samsung.net/stage-jenkins/securityRealm/finishLoginDec 18, 2018 3:05:46 AM org.pac4j.saml.metadata.SAML2ServiceProviderMetadataResolver resolveINFO: Writing sp metadata to /var/jenkins_home/saml-sp-metadata.xmlDec 18, 2018 3:05:46 AM org.pac4j.saml.metadata.SAML2ServiceProviderMetadataResolver resolveINFO: Attempting to create directory structure for /var/jenkins_homeDec 18, 2018 3:05:46 AM org.pac4j.saml.metadata.SAML2ServiceProviderMetadataResolver resolveWARNING: Could not construct the directory structure for SP metadata /var/jenkins_home/saml-sp-metadata.xmlDec 18, 2018 3:05:46 AM org.pac4j.saml.crypto.DefaultSignatureSigningParametersProvider buildINFO: Created signature signing parameters.Signature algorithm: http://www.w3.org/2001/04/xmldsig-more#rsa-sha256Signature canonicalization algorithm: http://www.w3.org/2001/10/xml-exc-c14n#Signature reference digest methods: http://www.w3.org/2001/04/xmlenc#sha512Dec 18, 2018 3:05:48 AM org.opensaml.core.config.InitializationService initializeINFO: Initializing OpenSAML using the Java Services APIDec 18, 2018 3:05:48 AM org.pac4j.saml.metadata.SAML2ServiceProviderMetadataResolver <init>INFO: Using SP entity ID https://nwse.sec.samsung.net/stage-jenkins/securityRealm/finishLoginDec 18, 2018 3:05:48 AM org.pac4j.saml.metadata.SAML2ServiceProviderMetadataResolver resolveINFO: Writing sp metadata to /var/jenkins_home/saml-sp-metadata.xmlDec 18, 2018 3:05:48 AM org.pac4j.saml.metadata.SAML2ServiceProviderMetadataResolver resolveINFO: Attempting to create directory structure for /var/jenkins_homeDec 18, 2018 3:05:48 AM org.pac4j.saml.metadata.SAML2ServiceProviderMetadataResolver resolveWARNING: Could not construct the directory structure for SP metadata /var/jenkins_home/saml-sp-metadata.xmlDec 18, 2018 3:05:48 AM org.jenkinsci.plugins.saml.SamlSecurityRealm doFinishLoginWARNING: Unable to validate the SAML Response: Authentication response is not success ; actual urn:oasis:names:tc:SAML:2.0:status:Responder; nested exception is org.pac4j.saml.exceptions.SAMLException: Authentication response is not success ; actual urn:oasis:names:tc:SAML:2.0:status:ResponderFor more info check 'Maximum Authentication Lifetime' at https://github.com/jenkinsci/saml-plugin/blob/master/doc/CONFIGURE.md#configuring-plugin-settingsIf you have issues check the troubleshoting guide at https://github.com/jenkinsci/saml-plugin/blob/master/doc/TROUBLESHOOTING.mdorg.acegisecurity.BadCredentialsException: Authentication response is not success ; actual urn:oasis:names:tc:SAML:2.0:status:Responder; nested exception is org.pac4j.saml.exceptions.SAMLException: Authentication response is not success ; actual urn:oasis:names:tc:SAML:2.0:status:Responder at org.jenkinsci.plugins.saml.SamlProfileWrapper.process(SamlProfileWrapper.java:59) at org.jenkinsci.plugins.saml.SamlProfileWrapper.process(SamlProfileWrapper.java:35) at org.jenkinsci.plugins.saml.OpenSAMLWrapper.get(OpenSAMLWrapper.java:64) at org.jenkinsci.plugins.saml.SamlSecurityRealm.doFinishLogin(SamlSecurityRealm.java:312) at java.lang.invoke.MethodHandle.invokeWithArguments(MethodHandle.java:627) at org.kohsuke.stapler.Function$MethodFunction.invoke(Function.java:396) at org.kohsuke.stapler.Function$InstanceFunction.invoke(Function.java:408) at org.kohsuke.stapler.interceptor.RequirePOST$Processor.invoke(RequirePOST.java:77) at org.kohsuke.stapler.PreInvokeInterceptedFunction.invoke(PreInvokeInterceptedFunction.java:26) at org.kohsuke.stapler.Function.bindAndInvoke(Function.java:212) at org.kohsuke.stapler.Function.bindAndInvokeAndServeResponse(Function.java:145) at org.kohsuke.stapler.MetaClass$11.doDispatch(MetaClass.java:537) at org.kohsuke.stapler.NameBasedDispatcher.dispatch(NameBasedDispatcher.java:58) at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:739) at org.kohsuke.stapler.Stapler.invoke(Stapler.java:870) at org.kohsuke.stapler.MetaClass$2.doDispatch(MetaClass.java:221) at org.kohsuke.stapler.NameBasedDispatcher.dispatch(NameBasedDispatcher.java:58) at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:739) at org.kohsuke.stapler.Stapler.invoke(Stapler.java:870) at org.kohsuke.stapler.Stapler.invoke(Stapler.java:668) at org.kohsuke.stapler.Stapler.service(Stapler.java:238) at javax.servlet.http.HttpServlet.service(HttpServlet.java:790) at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:865) at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1655) at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:154) at org.jenkinsci.plugins.ssegateway.Endpoint$SSEListenChannelFilter.doFilter(Endpoint.java:243) at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:151) at io.jenkins.blueocean.ResourceCacheControl.doFilter(ResourceCacheControl.java:134) at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:151) at io.jenkins.blueocean.auth.jwt.impl.JwtAuthenticationFilter.doFilter(JwtAuthenticationFilter.java:61) at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:151) at jenkins.telemetry.impl.UserLanguages$AcceptLanguageFilter.doFilter(UserLanguages.java:128) at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:151) at hudson.util.PluginServletFilter.doFilter(PluginServletFilter.java:157) at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1642) at org.jenkinsci.plugins.saml.SamlCrumbExclusion.process(SamlCrumbExclusion.java:26) at hudson.security.csrf.CrumbFilter.doFilter(CrumbFilter.java:73) at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1642) at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:84) at hudson.security.UnwrapSecurityExceptionFilter.doFilter(UnwrapSecurityExceptionFilter.java:51) at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) at jenkins.security.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:117) at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) at org.acegisecurity.providers.anonymous.AnonymousProcessingFilter.doFilter(AnonymousProcessingFilter.java:125) at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) at org.acegisecurity.ui.rememberme.RememberMeProcessingFilter.doFilter(RememberMeProcessingFilter.java:142) at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) at org.acegisecurity.ui.AbstractProcessingFilter.doFilter(AbstractProcessingFilter.java:271) at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) at jenkins.security.BasicHeaderProcessor.doFilter(BasicHeaderProcessor.java:93) at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) at org.acegisecurity.context.HttpSessionContextIntegrationFilter.doFilter(HttpSessionContextIntegrationFilter.java:249) at hudson.security.HttpSessionContextIntegrationFilter2.doFilter(HttpSessionContextIntegrationFilter2.java:67) at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) at hudson.security.ChainedServletFilter.doFilter(ChainedServletFilter.java:90) at hudson.security.HudsonFilter.doFilter(HudsonFilter.java:171) at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1642) at org.kohsuke.stapler.compression.CompressionFilter.doFilter(CompressionFilter.java:49) at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1642) at hudson.util.CharacterEncodingFilter.doFilter(CharacterEncodingFilter.java:82) at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1642) at org.kohsuke.stapler.DiagnosticThreadNameFilter.doFilter(DiagnosticThreadNameFilter.java:30) at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1642) at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:533) at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:146) at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:524) at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:132) at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:257) at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:1595) at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:255) at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1340) at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:203) at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:473) at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:1564) at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:201) at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1242) at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:144) at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:132) at org.eclipse.jetty.server.Server.handle(Server.java:503) at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:364) at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:260) at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:305) at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:103) at org.eclipse.jetty.io.ChannelEndPoint$2.run(ChannelEndPoint.java:118) at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.runTask(EatWhatYouKill.java:333) at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.doProduce(EatWhatYouKill.java:310) at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.tryProduce(EatWhatYouKill.java:168) at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.run(EatWhatYouKill.java:126) at org.eclipse.jetty.util.thread.ReservedThreadExecutor$ReservedThread.run(ReservedThreadExecutor.java:366) at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:765) at org.eclipse.jetty.util.thread.QueuedThreadPool$2.run(QueuedThreadPool.java:683) at java.lang.Thread.run(Thread.java:748)Caused by: org.pac4j.saml.exceptions.SAMLException: Authentication response is not success ; actual urn:oasis:names:tc:SAML:2.0:status:Responder at org.pac4j.saml.sso.impl.SAML2DefaultResponseValidator.validateSamlProtocolResponse(SAML2DefaultResponseValidator.java:208) at org.pac4j.saml.sso.impl.SAML2DefaultResponseValidator.validate(SAML2DefaultResponseValidator.java:132) at org.pac4j.saml.sso.impl.SAML2WebSSOMessageReceiver.receiveMessage(SAML2WebSSOMessageReceiver.java:77) at org.pac4j.saml.sso.impl.SAML2WebSSOProfileHandler.receive(SAML2WebSSOProfileHandler.java:35) at org.pac4j.saml.client.SAML2Client.retrieveCredentials(SAML2Client.java:225) at org.pac4j.saml.client.SAML2Client.retrieveCredentials(SAML2Client.java:60) at org.pac4j.core.client.IndirectClient.getCredentials(IndirectClient.java:106) at org.jenkinsci.plugins.saml.SamlProfileWrapper.process(SamlProfileWrapper.java:55) ... 91 more
      

      What is the problem ?

        Attachments

          Activity

          Hide
          luckyhorang Hokwang Lee added a comment -

          I added saml-sp-metadata.xml in AD FS encryption tab and Signature tab.

          And then I can login.

           

          Should I add that file to AD? Is there another way?

           

          And in my case, in AD FS claim,

          When I use SEC_LOGINID for Outgoing Claim Type of cn LDAP Attribute, I can not login successfully.

          When I use Name ID for it, there's no problem.

          Can you let me know other specific name for displayname and email ?

          Show
          luckyhorang Hokwang Lee added a comment - I added saml-sp-metadata.xml in AD FS encryption tab and Signature tab. And then I can login.   Should I add that file to AD? Is there another way?   And in my case, in AD FS claim, When I use SEC_LOGINID for Outgoing Claim Type of cn LDAP Attribute, I can not login successfully. When I use Name ID for it, there's no problem. Can you let me know other specific name for displayname and email ?
          Hide
          ifernandezcalvo Ivan Fernandez Calvo added a comment - - edited

          The first exception is not related to SAML, it seems something in the K8s plugin

          org.csanchez.jenkins.plugins.kubernetes.KubernetesClientProvider$SaveableListenerImpl.onChange(KubernetesClientProvider.java:164) at hudson.model.listeners.SaveableListener.fireOnChange(SaveableListener.java:81) at jenkins.model.Jenkins.save(Jenkins.java:3242) at hudson.BulkChange.commit(BulkChange.java:98) at hudson.security.GlobalSecurityConfiguration.doConfigure(GlobalSecurityConfiguration.java:106) at 
          

          Check your configuration seem is not correct, Jenkins Jira is not a support site How to report an issue

          Configure Guide

          Troubleshooting Guide

          2018 3:05:48 AM org.jenkinsci.plugins.saml.SamlSecurityRealm doFinishLoginWARNING: Unable to validate the SAML Response: Authentication response is not success ; actual urn:oasis:names:tc:SAML:2.0:status:Responder; nested exception is org.pac4j.saml.exceptions.SAMLException: Authentication response is not success ; actual urn:oasis:names:tc:SAML:2.0:status:ResponderFor more info check 'Maximum Authentication Lifetime' at https://github.com/jenkinsci/saml-plugin/blob/master/doc/CONFIGURE.md#configuring-plugin-settingsIf you have issues check the troubleshoting guide at https://github.com/jenkinsci/saml-plugin/blob/master/doc/TROUBLESHOOTING.md
          
          Show
          ifernandezcalvo Ivan Fernandez Calvo added a comment - - edited The first exception is not related to SAML, it seems something in the K8s plugin org.csanchez.jenkins.plugins.kubernetes.KubernetesClientProvider$SaveableListenerImpl.onChange(KubernetesClientProvider.java:164) at hudson.model.listeners.SaveableListener.fireOnChange(SaveableListener.java:81) at jenkins.model.Jenkins.save(Jenkins.java:3242) at hudson.BulkChange.commit(BulkChange.java:98) at hudson.security.GlobalSecurityConfiguration.doConfigure(GlobalSecurityConfiguration.java:106) at Check your configuration seem is not correct, Jenkins Jira is not a support site How to report an issue Configure Guide Troubleshooting Guide 2018 3:05:48 AM org.jenkinsci.plugins.saml.SamlSecurityRealm doFinishLoginWARNING: Unable to validate the SAML Response: Authentication response is not success ; actual urn:oasis:names:tc:SAML:2.0:status:Responder; nested exception is org.pac4j.saml.exceptions.SAMLException: Authentication response is not success ; actual urn:oasis:names:tc:SAML:2.0:status:ResponderFor more info check 'Maximum Authentication Lifetime' at https: //github.com/jenkinsci/saml-plugin/blob/master/doc/CONFIGURE.md#configuring-plugin-settingsIf you have issues check the troubleshoting guide at https://github.com/jenkinsci/saml-plugin/blob/master/doc/TROUBLESHOOTING.md
          Hide
          luckyhorang Hokwang Lee added a comment -

          Sorry and thank you Ivan Fernandez Calvo

          I am very beginner about auth, SAML.

          Can you reply my comment one more please ?

          Show
          luckyhorang Hokwang Lee added a comment - Sorry and thank you Ivan Fernandez Calvo I am very beginner about auth, SAML. Can you reply my comment one more please ?
          Hide
          ifernandezcalvo Ivan Fernandez Calvo added a comment - - edited

          You need to debug your SAML authentication to see what it is in the SAMLResponse, and why it is not valid, on the Troubleshooting Guide is explained how to do that, for anything else ask on the Google user group as it is mentioned at How to report an issue

          Show
          ifernandezcalvo Ivan Fernandez Calvo added a comment - - edited You need to debug your SAML authentication to see what it is in the SAMLResponse, and why it is not valid, on the  Troubleshooting Guide is explained how to do that, for anything else ask on the Google user group as it is mentioned at How to report an issue

            People

            • Assignee:
              ifernandezcalvo Ivan Fernandez Calvo
              Reporter:
              luckyhorang Hokwang Lee
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: