| Hi Ivan, I don't have a SAML configuration I can use for testing until next week, (I'm waiting on an Okta sandbox being rebuilt), but, I think this is not sufficient to fix this in Windows.
public HttpResponse doMetadata(StaplerRequest request, StaplerResponse response) {
return new SamlSPMetadataWrapper(getSamlPluginConfig(), request, response).get();
}
I think that the path for the metadata that is being passed is incorrect.
Without an active session, Jenkins does not properly redirect to Okta, when the plugin is deployed on a Windows host, and I see the following in the logs:
[id=14] INFO o.o.c.c.InitializationService#initialize: Initializing OpenSAML using the Java Services API
[id=14] INFO o.o.c.c.InitializationService#initialize: Initializing OpenSAML using the Java Services API
[id=14] INFO o.p.s.m.SAML2ServiceProviderMetadataResolver#<init>: Using SP entity ID Jenkins-users
[id=14] INFO o.p.s.m.SAML2ServiceProviderMetadataResolver#resolve: Writing sp metadata to C:\Jenkins\saml-sp-metadata.xml
[id=14] INFO o.p.s.m.SAML2ServiceProviderMetadataResolver#resolve: Attempting to create directory structure for C:\Jenkins
[id=14] WARNING o.p.s.m.SAML2ServiceProviderMetadataResolver#resolve: Could not construct the directory structure for SP metadata C:\Jenkins\saml-sp-metadata.xml
[id=14] INFO o.p.s.c.DefaultSignatureSigningParametersProvider#build: Created signature signing parameters.
My guess is, the path being passed is `C:\Jenkins\Windows` - and this is ultimately causing pac4j to properly find the `saml-sp-metadata.xml`: https://github.com/jenkinsci/saml-plugin/blob/master/src/main/java/org/jenkinsci/plugins/saml/SamlSPMetadataWrapper.java#L42-L44 Based on this failing: https://github.com/pac4j/pac4j/blob/f82b377690f400f518145a4d543acb187d4dd4ac/pac4j-saml/src/main/java/org/pac4j/saml/metadata/SAML2ServiceProviderMetadataResolver.java#L134-L160 Do you have any thoughts here? I will try to update this issue as soon as I have Idp config for testing, some time next week. |
