Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-59417

AD Groups do not refresh during a SAML Session

    Details

    • Type: Bug
    • Status: Closed (View Workflow)
    • Priority: Critical
    • Resolution: Not A Defect
    • Component/s: saml-plugin
    • Labels:
      None
    • Environment:
      CloudBees Core - Traditional Platform 2.164.1.2
      RBAC plugin version: 5.27
      SAML plugin version: 1.1.2
    • Similar Issues:

      Description

      Steps to reproduce:

      1.) User is logged into Jenkins via SAML session
      2.) User is added to AD Group by AD Admin
      3.) User can hit /whoAmI endpoint and see new group added
      4.) User is not able to access folders with group
      5.) User has to logout of SAML session
      6.) Admin has to logout of SAML session
      7.) Admin has to login to new SAML session
      8.) Admin has to manually add user to group in Jenkins Groups UI.
      9.) User can now login and access folders with group

      I've looked at this with FĂ©lix Belzunce Arcos and he believed it to be a problem with https://github.com/jenkinsci/saml-plugin/blob/master/src/main/java/org/jenkinsci/plugins/saml/SamlGroupDetails.java

        Attachments

          Activity

          Hide
          ifernandezcalvo Ivan Fernandez Calvo added a comment - - edited

          The behavior that you see it is by design, you have to create your groups in Jenkins and associate them to your users or external groups in Jenkins, SAML plugin does not sync any data from external sources, it only read the groups from the SAMLResponse when you login, SAML services does not provide any kind of service to sync groups, SAML is an authentication and authorization system that's it.

          Show
          ifernandezcalvo Ivan Fernandez Calvo added a comment - - edited The behavior that you see it is by design, you have to create your groups in Jenkins and associate them to your users or external groups in Jenkins, SAML plugin does not sync any data from external sources, it only read the groups from the SAMLResponse when you login, SAML services does not provide any kind of service to sync groups, SAML is an authentication and authorization system that's it.

            People

            • Assignee:
              ifernandezcalvo Ivan Fernandez Calvo
              Reporter:
              rsmith Ryan Smith
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: