[JIRA] (JENKINS-59091) Unable to get SAML 2.0 Plugin on Jenkins deployed on WebLogic

srinivasan6@gmail.com (JIRA)

unread,

Aug 26, 2019, 3:32:08 PM8/26/19

to jenkinsc...@googlegroups.com

SRINIVASAN RAMAMURTHY created an issue

Jenkins /

JENKINS-59091

Unable to get SAML 2.0 Plugin on Jenkins deployed on WebLogic

Issue Type:	Bug
Assignee:	Ivan Fernandez Calvo
Components:	saml-plugin
Created:	2019-08-26 19:32
Environment:	QA
Priority:	Major
Reporter:	SRINIVASAN RAMAMURTHY

Hi,

I have installed Jenkins ver. 2.176.2 war as an application within my WebLogic Server (12.2.1.3). It's working as expected for all my other needs. I want to integrate with ADFS using SAML 2.0 and that's where I am running into issues. I have downloaded and installed the SAML Plugin (v 1.1.2). When I enable the SAML checkbox and enter the IDP Metadata Content or IDP MetaData URL and click on "Validate IDP MetaData" I get error message as shown below.

Appreciate your help in this regards.

Thanks

java.lang.ClassCastException: org.opensaml.saml2.core.impl.ActionBuilder cannot be cast to org.opensaml.core.xml.XMLObjectBuilderjava.lang.ClassCastException: org.opensaml.saml2.core.impl.ActionBuilder cannot be cast to org.opensaml.core.xml.XMLObjectBuilder at org.opensaml.core.xml.config.XMLConfigurator.initializeObjectProviders(XMLConfigurator.java:238) at org.opensaml.core.xml.config.XMLConfigurator.load(XMLConfigurator.java:203) at org.opensaml.core.xml.config.XMLConfigurator.load(XMLConfigurator.java:188) at org.opensaml.core.xml.config.XMLConfigurator.load(XMLConfigurator.java:162) at org.opensaml.core.xml.config.AbstractXMLObjectProviderInitializer.init(AbstractXMLObjectProviderInitializer.java:52) at org.opensaml.core.config.InitializationService.initialize(InitializationService.java:56) at org.jenkinsci.plugins.saml.OpenSAMLWrapper.get(OpenSAMLWrapper.java:63) at org.jenkinsci.plugins.saml.IdpMetadataConfiguration$DescriptorImpl.doTestIdpMetadataURL(IdpMetadataConfiguration.java:241) at java.lang.invoke.MethodHandle.invokeWithArguments(MethodHandle.java:627) at org.kohsuke.stapler.Function$MethodFunction.invoke(Function.java:396) at org.kohsuke.stapler.Function$InstanceFunction.invoke(Function.java:408) at org.kohsuke.stapler.Function.bindAndInvoke(Function.java:212) at org.kohsuke.stapler.Function.bindAndInvokeAndServeResponse(Function.java:145) at org.kohsuke.stapler.MetaClass$11.doDispatch(MetaClass.java:535) at org.kohsuke.stapler.NameBasedDispatcher.dispatch(NameBasedDispatcher.java:58) at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:747)Caused: javax.servlet.ServletException at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:797) at org.kohsuke.stapler.Stapler.invoke(Stapler.java:878) at org.kohsuke.stapler.MetaClass$4.doDispatch(MetaClass.java:280) at org.kohsuke.stapler.NameBasedDispatcher.dispatch(NameBasedDispatcher.java:58) at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:747) at org.kohsuke.stapler.Stapler.invoke(Stapler.java:878) at org.kohsuke.stapler.Stapler.invoke(Stapler.java:676) at org.kohsuke.stapler.Stapler.service(Stapler.java:238) at javax.servlet.http.HttpServlet.service(HttpServlet.java:790) at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:286) at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:260) at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:137) at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:350) at weblogic.servlet.internal.TailFilter.doFilter(TailFilter.java:25) at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:78) at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:154) at hudson.plugins.audit_trail.AuditTrailFilter.doFilter(AuditTrailFilter.java:92) at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:151) at jenkins.telemetry.impl.UserLanguages$AcceptLanguageFilter.doFilter(UserLanguages.java:128) at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:151) at hudson.util.PluginServletFilter.doFilter(PluginServletFilter.java:157) at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:78) at hudson.security.csrf.CrumbFilter.doFilter(CrumbFilter.java:99) at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:78) at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:84) at hudson.security.UnwrapSecurityExceptionFilter.doFilter(UnwrapSecurityExceptionFilter.java:51) at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) at jenkins.security.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:117) at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) at org.acegisecurity.providers.anonymous.AnonymousProcessingFilter.doFilter(AnonymousProcessingFilter.java:125) at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) at org.acegisecurity.ui.rememberme.RememberMeProcessingFilter.doFilter(RememberMeProcessingFilter.java:142) at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) at org.acegisecurity.ui.AbstractProcessingFilter.doFilter(AbstractProcessingFilter.java:271) at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) at jenkins.security.BasicHeaderProcessor.doFilter(BasicHeaderProcessor.java:93) at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) at org.acegisecurity.context.HttpSessionContextIntegrationFilter.doFilter(HttpSessionContextIntegrationFilter.java:249) at hudson.security.HttpSessionContextIntegrationFilter2.doFilter(HttpSessionContextIntegrationFilter2.java:67) at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) at hudson.security.ChainedServletFilter.doFilter(ChainedServletFilter.java:90) at hudson.security.HudsonFilter.doFilter(HudsonFilter.java:171) at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:78) at org.kohsuke.stapler.compression.CompressionFilter.doFilter(CompressionFilter.java:49) at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:78) at hudson.util.CharacterEncodingFilter.doFilter(CharacterEncodingFilter.java:82) at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:78) at org.kohsuke.stapler.DiagnosticThreadNameFilter.doFilter(DiagnosticThreadNameFilter.java:30) at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:78) at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.wrapRun(WebAppServletContext.java:3706) at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3672) at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:328) at weblogic.security.service.SecurityManager.runAsForUserCode(SecurityManager.java:197) at weblogic.servlet.provider.WlsSecurityProvider.runAsForUserCode(WlsSecurityProvider.java:203) at weblogic.servlet.provider.WlsSubjectHandle.run(WlsSubjectHandle.java:71) at weblogic.servlet.internal.WebAppServletContext.doSecuredExecute(WebAppServletContext.java:2443) at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2291) at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2269) at weblogic.servlet.internal.ServletRequestImpl.runInternal(ServletRequestImpl.java:1705) at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1665) at weblogic.servlet.provider.ContainerSupportProviderImpl$WlsRequestExecutor.run(ContainerSupportProviderImpl.java:272) at weblogic.invocation.ComponentInvocationContextManager._runAs(ComponentInvocationContextManager.java:352) at weblogic.invocation.ComponentInvocationContextManager.runAs(ComponentInvocationContextManager.java:337) at weblogic.work.LivePartitionUtility.doRunWorkUnderContext(LivePartitionUtility.java:57) at weblogic.work.PartitionUtility.runWorkUnderContext(PartitionUtility.java:41) at weblogic.work.SelfTuningWorkManagerImpl.runWorkUnderContext(SelfTuningWorkManagerImpl.java:652) at weblogic.work.ExecuteThread.execute(ExecuteThread.java:420) at weblogic.work.ExecuteThread.run(ExecuteThread.java:360)

Add Comment

This message was sent by Atlassian Jira (v7.11.2#711002-sha1:fdc329d)

kuisathaverat@gmail.com (JIRA)

unread,

Aug 26, 2019, 5:40:03 PM8/26/19

to jenkinsc...@googlegroups.com

Ivan Fernandez Calvo commented on

JENKINS-59091

Re: Unable to get SAML 2.0 Plugin on Jenkins deployed on WebLogic

weblogic provide a OpenSAML library bundle that it is not compatible with the version used by the plugin, it is not a bug https://stackoverflow.com/questions/25061918/spring-saml-on-weblogic-12c

Add Comment

kuisathaverat@gmail.com (JIRA)

unread,

Aug 26, 2019, 5:41:02 PM8/26/19

to jenkinsc...@googlegroups.com

Ivan Fernandez Calvo closed an issue as Not A Defect

Jenkins /

JENKINS-59091

Unable to get SAML 2.0 Plugin on Jenkins deployed on WebLogic

Change By:	Ivan Fernandez Calvo
Status:	Open Closed
Resolution:	Not A Defect

Add Comment

srinivasan6@gmail.com (JIRA)

unread,

Aug 27, 2019, 8:51:01 PM8/27/19

to jenkinsc...@googlegroups.com

SRINIVASAN RAMAMURTHY commented on

JENKINS-59091

Re: Unable to get SAML 2.0 Plugin on Jenkins deployed on WebLogic

Thanks Ivan for your guidance. Once I disabled the openSAML jar files within WebLogic,, it worked. I am running into a different issue.

My SP Metadata always shows "AuthnRequestsSigned="true". How do i disable it? I am using HTTP-POST Data Binding. I can create Keystores and Keys and share it with IDp Provider, but I am being asked by admin if i can send without signed. I could not find how to do it in Jenkins.

I am not sure what this checkbox is used for "Disable Signature Redirect Binding Auth Request" is used for. I tried by changing the Data Binding to HTTP-Redirect and select the chec-box, but when I view the spMetaData file, it still shows up with AuthnRequestSigned = ture.

Any pointers?

Thanks

Srini