Since version 4.x of the SAML plugin and the changes made to use the springframework, one method SamlSecurityRealm#loadGroupByGroupname throws the wrong exception hudson.security.UserMayOrMayNotExistException2 although the signature of the super method declares a throws org.acegisecurity.userdetails.UsernameNotFoundException as per https://github.com/jenkinsci/jenkins/blob/jenkins-2.361.1/core/src/main/java/hudson/security/SecurityRealm.java#L474.

A consumer of loadGroupByGroupname that tries to catch the org.acegisecurity.userdetails.UsernameNotFoundException as per the signature would not catch it anymore. This is the case for the RBAC plugin by CloudBees for example:

2022-10-27 05:48:13.733+0000 [id=129]	WARNING	o.e.j.s.h.ContextHandler$Context#log: Error while serving http://allan.cje.com:8080/groups/groupExistsCheck
hudson.security.UserMayOrMayNotExistException2: test7
	at org.jenkinsci.plugins.saml.SamlSecurityRealm.loadGroupByGroupname(SamlSecurityRealm.java:636)
	at nectar.plugins.rbac.groups.GroupContainerMixIn.doGroupExistsCheck(GroupContainerMixIn.java:191)