Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-59097

SAML Plugin ADFS - Not sending Name field in request - Could not construct the directory structure for SP metadata

    Details

    • Type: Improvement
    • Status: Resolved (View Workflow)
    • Priority: Minor
    • Resolution: Fixed
    • Component/s: saml-plugin
    • Labels:
      None
    • Similar Issues:
    • Released As:
      saml-1.1.3

      Description

      Hi, I have a dockerized Jenkins where I've installed the saml-plugin. I've done the basic settings but in SAML request it doesn't send a NameID policy. For comparison I am attaching the SAML request from a Gitlab instance to ADFS and a SAML request from Jenkins to ADFS.

       

      Another thing is that in logs it says:

      Could not construct the directory structure for SP metadata /var/jenkins_home/saml-sp-metadata.xml

      Why is that?

      Thanks

        Attachments

          Issue Links

            Activity

            Hide
            ifernandezcalvo Ivan Fernandez Calvo added a comment -

            send the NameIDPolicy is optional

            http://docs.oasis-open.org/security/saml/v2.0/saml-core-2.0-os.pdf

            <NameIDPolicy> [Optional]
            Specifies constraints on the name identifier to be used to represent the requested subject. If omitted,
            then any type of identifier supported by the identity provider for the requested subject can be used,
            constrained by any relevant deployment-specific policies, with respect to privacy, for example.
            
            Show
            ifernandezcalvo Ivan Fernandez Calvo added a comment - send the NameIDPolicy is optional http://docs.oasis-open.org/security/saml/v2.0/saml-core-2.0-os.pdf <NameIDPolicy> [Optional] Specifies constraints on the name identifier to be used to represent the requested subject. If omitted, then any type of identifier supported by the identity provider for the requested subject can be used, constrained by any relevant deployment-specific policies, with respect to privacy, for example.
            Hide
            jahanzaib jahanzaib added a comment -

            Thanks for the reply, but how can I set the NameIDPolicy in the saml-plugin configuration?

            Show
            jahanzaib jahanzaib added a comment - Thanks for the reply, but how can I set the NameIDPolicy in the saml-plugin configuration?
            Hide
            ifernandezcalvo Ivan Fernandez Calvo added a comment -

            SAML plugin does not send this setting, you can set the NameIDPolicy when you set the service provider (SP) settings in the Identity provider (IdP) configuration. this Jira is not a support site, please read How to report an issue and use the google groups get help

            Show
            ifernandezcalvo Ivan Fernandez Calvo added a comment - SAML plugin does not send this setting, you can set the NameIDPolicy when you set the service provider (SP) settings in the Identity provider (IdP) configuration. this Jira is not a support site, please read How to report an issue and use the google groups get help
            Hide
            ifernandezcalvo Ivan Fernandez Calvo added a comment -

            thanks for the PR, you can download the incremental binaries at https://repo.jenkins-ci.org/incrementals/org/jenkins-ci/plugins/saml/1.1.3-rc189.322b07e917fe/

            Show
            ifernandezcalvo Ivan Fernandez Calvo added a comment - thanks for the PR, you can download the incremental binaries at https://repo.jenkins-ci.org/incrementals/org/jenkins-ci/plugins/saml/1.1.3-rc189.322b07e917fe/

              People

              • Assignee:
                jahanzaib jahanzaib
                Reporter:
                jahanzaib jahanzaib
              • Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: