Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-65039

Login failures after upgrading saml-plugin from 1.1.7 to 2.0.0

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Fixed
    • Icon: Major Major
    • saml-plugin
    • saml-2.0.2

      Our setup was working fine using saml-plugin 1.1.7 to login using JumpCloud based accounts.  Upon upgrading the plugin to 2.0.0 and restarting the jenkins service, every attempt at login was met with:

      You are now logged out of Jenkins, however this has not logged you out of SAML.
      
      Have a nice day

      Tried:

      • Clearing browser cache
      • Using FF & Chrome
      • Using private browsing windows of each browser
      • Restarting jenkins service & server

       

      These were the only new SAML related logs that showed up when trying to login.

      2021-03-03 22:59:47.828+0000 [id=18]    SEVERE  o.p.s.s.i.SAML2AuthnResponseValidator#validateSamlSSOResponse: Current assertion validation failed, continue with the next one
      2021-03-03 22:59:47.837+0000 [id=17]    SEVERE  o.p.s.s.i.SAML2AuthnResponseValidator#validateSamlSSOResponse: Current assertion validation failed, continue with the next one
      2021-03-03 22:59:47.848+0000 [id=17]    WARNING o.j.p.saml.SamlSecurityRealm#doFinishLogin: Unable to validate the SAML Response: Assertion must be explicitly signed; nested exception is org.pac4j.saml.exceptions.SAMLSignatureRequiredException: Assertion must be explicitly signed
      2021-03-03 22:59:47.848+0000 [id=18]    WARNING o.j.p.saml.SamlSecurityRealm#doFinishLogin: Unable to validate the SAML Response: Assertion must be explicitly signed; nested exception is org.pac4j.saml.exceptions.SAMLSignatureRequiredException: Assertion must be explicitly signed
      2021-03-03 22:59:48.184+0000 [id=16]    INFO    o.p.s.config.SAML2Configuration#initSignatureSigningConfiguration: Bootstrapped Blacklisted Algorithms
      2021-03-03 22:59:48.185+0000 [id=16]    INFO    o.p.s.config.SAML2Configuration#initSignatureSigningConfiguration: Bootstrapped Signature Algorithms
      2021-03-03 22:59:48.185+0000 [id=16]    INFO    o.p.s.config.SAML2Configuration#initSignatureSigningConfiguration: Bootstrapped Signature Reference Digest Methods
      2021-03-03 22:59:48.185+0000 [id=16]    INFO    o.p.s.config.SAML2Configuration#initSignatureSigningConfiguration: Bootstrapped Canonicalization Algorithm
      

      We ended up:

      1. Disabling security & restarting Jenkins service.
      2. Downgrading the saml-plugin back to 1.1.7
      3. Re-adding the SAML auth info.
      4. Re-enabling matrix based security.

       

      Let me know if I can provide more information or log data to help sort this out.

        1. config.xml
          4 kB
          Chad
        2. saml-ipd-metadata.xml
          0.9 kB
          Chad
        3. saml-sp-metadata.xml
          2 kB
          Chad

            ifernandezcalvo Ivan Fernandez Calvo
            cvogelsong Chad
            Votes:
            0 Vote for this issue
            Watchers:
            6 Start watching this issue

              Created:
              Updated:
              Resolved: