Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-59091

Unable to get SAML 2.0 Plugin on Jenkins deployed on WebLogic

    Details

    • Type: Bug
    • Status: Closed (View Workflow)
    • Priority: Major
    • Resolution: Not A Defect
    • Component/s: saml-plugin
    • Labels:
      None
    • Environment:
      QA
    • Similar Issues:

      Description

      Hi,

      I have installed Jenkins ver. 2.176.2 war as an application within my WebLogic Server (12.2.1.3). It's working as expected for all my other needs. I want to integrate with ADFS using SAML 2.0 and that's where I am running into issues. I have downloaded and installed the SAML Plugin (v 1.1.2). When I enable the SAML checkbox and enter the IDP Metadata Content or IDP MetaData URL and click on "Validate IDP MetaData" I get error message as shown below. 

       

      Appreciate your help in this regards.

       

      Thanks

       

      java.lang.ClassCastException: org.opensaml.saml2.core.impl.ActionBuilder cannot be cast to org.opensaml.core.xml.XMLObjectBuilderjava.lang.ClassCastException: org.opensaml.saml2.core.impl.ActionBuilder cannot be cast to org.opensaml.core.xml.XMLObjectBuilder at org.opensaml.core.xml.config.XMLConfigurator.initializeObjectProviders(XMLConfigurator.java:238) at org.opensaml.core.xml.config.XMLConfigurator.load(XMLConfigurator.java:203) at org.opensaml.core.xml.config.XMLConfigurator.load(XMLConfigurator.java:188) at org.opensaml.core.xml.config.XMLConfigurator.load(XMLConfigurator.java:162) at org.opensaml.core.xml.config.AbstractXMLObjectProviderInitializer.init(AbstractXMLObjectProviderInitializer.java:52) at org.opensaml.core.config.InitializationService.initialize(InitializationService.java:56) at org.jenkinsci.plugins.saml.OpenSAMLWrapper.get(OpenSAMLWrapper.java:63) at org.jenkinsci.plugins.saml.IdpMetadataConfiguration$DescriptorImpl.doTestIdpMetadataURL(IdpMetadataConfiguration.java:241) at java.lang.invoke.MethodHandle.invokeWithArguments(MethodHandle.java:627) at org.kohsuke.stapler.Function$MethodFunction.invoke(Function.java:396) at org.kohsuke.stapler.Function$InstanceFunction.invoke(Function.java:408) at org.kohsuke.stapler.Function.bindAndInvoke(Function.java:212) at org.kohsuke.stapler.Function.bindAndInvokeAndServeResponse(Function.java:145) at org.kohsuke.stapler.MetaClass$11.doDispatch(MetaClass.java:535) at org.kohsuke.stapler.NameBasedDispatcher.dispatch(NameBasedDispatcher.java:58) at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:747)Caused: javax.servlet.ServletException at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:797) at org.kohsuke.stapler.Stapler.invoke(Stapler.java:878) at org.kohsuke.stapler.MetaClass$4.doDispatch(MetaClass.java:280) at org.kohsuke.stapler.NameBasedDispatcher.dispatch(NameBasedDispatcher.java:58) at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:747) at org.kohsuke.stapler.Stapler.invoke(Stapler.java:878) at org.kohsuke.stapler.Stapler.invoke(Stapler.java:676) at org.kohsuke.stapler.Stapler.service(Stapler.java:238) at javax.servlet.http.HttpServlet.service(HttpServlet.java:790) at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:286) at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:260) at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:137) at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:350) at weblogic.servlet.internal.TailFilter.doFilter(TailFilter.java:25) at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:78) at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:154) at hudson.plugins.audit_trail.AuditTrailFilter.doFilter(AuditTrailFilter.java:92) at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:151) at jenkins.telemetry.impl.UserLanguages$AcceptLanguageFilter.doFilter(UserLanguages.java:128) at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:151) at hudson.util.PluginServletFilter.doFilter(PluginServletFilter.java:157) at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:78) at hudson.security.csrf.CrumbFilter.doFilter(CrumbFilter.java:99) at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:78) at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:84) at hudson.security.UnwrapSecurityExceptionFilter.doFilter(UnwrapSecurityExceptionFilter.java:51) at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) at jenkins.security.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:117) at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) at org.acegisecurity.providers.anonymous.AnonymousProcessingFilter.doFilter(AnonymousProcessingFilter.java:125) at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) at org.acegisecurity.ui.rememberme.RememberMeProcessingFilter.doFilter(RememberMeProcessingFilter.java:142) at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) at org.acegisecurity.ui.AbstractProcessingFilter.doFilter(AbstractProcessingFilter.java:271) at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) at jenkins.security.BasicHeaderProcessor.doFilter(BasicHeaderProcessor.java:93) at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) at org.acegisecurity.context.HttpSessionContextIntegrationFilter.doFilter(HttpSessionContextIntegrationFilter.java:249) at hudson.security.HttpSessionContextIntegrationFilter2.doFilter(HttpSessionContextIntegrationFilter2.java:67) at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) at hudson.security.ChainedServletFilter.doFilter(ChainedServletFilter.java:90) at hudson.security.HudsonFilter.doFilter(HudsonFilter.java:171) at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:78) at org.kohsuke.stapler.compression.CompressionFilter.doFilter(CompressionFilter.java:49) at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:78) at hudson.util.CharacterEncodingFilter.doFilter(CharacterEncodingFilter.java:82) at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:78) at org.kohsuke.stapler.DiagnosticThreadNameFilter.doFilter(DiagnosticThreadNameFilter.java:30) at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:78) at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.wrapRun(WebAppServletContext.java:3706) at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3672) at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:328) at weblogic.security.service.SecurityManager.runAsForUserCode(SecurityManager.java:197) at weblogic.servlet.provider.WlsSecurityProvider.runAsForUserCode(WlsSecurityProvider.java:203) at weblogic.servlet.provider.WlsSubjectHandle.run(WlsSubjectHandle.java:71) at weblogic.servlet.internal.WebAppServletContext.doSecuredExecute(WebAppServletContext.java:2443) at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2291) at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2269) at weblogic.servlet.internal.ServletRequestImpl.runInternal(ServletRequestImpl.java:1705) at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1665) at weblogic.servlet.provider.ContainerSupportProviderImpl$WlsRequestExecutor.run(ContainerSupportProviderImpl.java:272) at weblogic.invocation.ComponentInvocationContextManager._runAs(ComponentInvocationContextManager.java:352) at weblogic.invocation.ComponentInvocationContextManager.runAs(ComponentInvocationContextManager.java:337) at weblogic.work.LivePartitionUtility.doRunWorkUnderContext(LivePartitionUtility.java:57) at weblogic.work.PartitionUtility.runWorkUnderContext(PartitionUtility.java:41) at weblogic.work.SelfTuningWorkManagerImpl.runWorkUnderContext(SelfTuningWorkManagerImpl.java:652) at weblogic.work.ExecuteThread.execute(ExecuteThread.java:420) at weblogic.work.ExecuteThread.run(ExecuteThread.java:360)

       

       

        Attachments

          Activity

          Hide
          ifernandezcalvo Ivan Fernandez Calvo added a comment -

          weblogic provide a OpenSAML library bundle that it is not compatible with the version used by the plugin, it is not a bug https://stackoverflow.com/questions/25061918/spring-saml-on-weblogic-12c

          Show
          ifernandezcalvo Ivan Fernandez Calvo added a comment - weblogic provide a OpenSAML library bundle that it is not compatible with the version used by the plugin, it is not a bug https://stackoverflow.com/questions/25061918/spring-saml-on-weblogic-12c
          Hide
          srinivasan6 SRINIVASAN RAMAMURTHY added a comment -

          Thanks Ivan for your guidance. Once I disabled the openSAML jar files within WebLogic,, it worked. I am running into a different issue.

           

          My SP Metadata always shows "AuthnRequestsSigned="true". How do i disable it? I am using HTTP-POST Data Binding. I can create Keystores and Keys and share it with IDp Provider, but I am being asked by admin if i can send without signed. I could not find how to do it in Jenkins. 

          I am not sure what this checkbox is used for "Disable Signature Redirect Binding Auth Request" is used for. I tried by changing the Data Binding to HTTP-Redirect and select the chec-box, but when I view the spMetaData file, it still shows up with AuthnRequestSigned = ture. 

           

          Any pointers? 

           

          Thanks

           

          Srini

           

           

          Show
          srinivasan6 SRINIVASAN RAMAMURTHY added a comment - Thanks Ivan for your guidance. Once I disabled the openSAML jar files within WebLogic,, it worked. I am running into a different issue.   My SP Metadata always shows "AuthnRequestsSigned="true". How do i disable it? I am using HTTP-POST Data Binding. I can create Keystores and Keys and share it with IDp Provider, but I am being asked by admin if i can send without signed. I could not find how to do it in Jenkins.  I am not sure what this checkbox is used for "Disable Signature Redirect Binding Auth Request" is used for. I tried by changing the Data Binding to HTTP-Redirect and select the chec-box, but when I view the spMetaData file, it still shows up with AuthnRequestSigned = ture.    Any pointers?    Thanks   Srini    
          Hide
          ifernandezcalvo Ivan Fernandez Calvo added a comment -

          this Jira is not a support site, please read How to report an issue and use the google groups get help

          Show
          ifernandezcalvo Ivan Fernandez Calvo added a comment - this Jira is not a support site, please read How to report an issue and use the google groups get help

            People

            • Assignee:
              ifernandezcalvo Ivan Fernandez Calvo
              Reporter:
              srinivasan6 SRINIVASAN RAMAMURTHY
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: