Just for quick background we have configured Jenkins community version 2.121.2 as container in docker environment on Linux platform. We have able to integrate ADFS ESO with Jenkins using Shibboleth and SAML protocol using reverse proxy plugin. Still we are facing some issues with group level authorization and this is not working as expected. We are looking for some technical help on this if we are missing something at our end.
1. ADFS/ESO integration is working fine for individual enterprise IDs but not for mail group ids.
2. If person is member of some group and same group is configured in Jenkins global configuration then only he can login to Jenkins but if he is part of multiple group then can’t. doesn’t matter if other groups have been added in Jenkins global config or not.
3. We also observed project level access is also not working with groups. If particular group has been give full access to project configuration then even members of that group are not able to login in Jenkins.
4. We have verified group claims are available in SAML response but somehow Jenkins is not able to determine which group it should pic that has configured in Jenkins itself.
We are struggling on these issue for long and we have lot of pressure from management to fix it before we should think for other Jenkins option as we discussed before.