[JIRA] [saml-plugin] (JENKINS-31043) SAML plugin can't auth with CSRF protection enabled

[mdonohue@java.net (JIRA)]

mdonohue created an issue

Jenkins / JENKINS-31043 SAML plugin can't auth with CSRF protection enabled Issue Type: Bug Assignee: Ben McCann Components: saml-plugin Created: 20/Oct/15 6:22 AM Priority: Critical Reporter: mdonohue I have SAML configured to auth users. We recently decided to turn on CSRF protection, but discovered it prevents anyone from authenticating via SAML. The securityRealm/loginFinished page produces a "missing CSRF crumb" error. Add Comment

This message was sent by Atlassian JIRA (v6.4.2#64017-sha1:e244265)

[mdonohue@java.net (JIRA)]

mdonohue commented on JENKINS-31043

Re: SAML plugin can't auth with CSRF protection enabled The CSRF protection can be disabled in some circumstances - I wrote a patch against the saml plugin to exclude the loginFinished endpoint from CSRF protection. This gets rid of the missing crumb error, but login does not complete either. This is the patch: https://github.com/mdonohue/saml-plugin/commit/717fd8cb75b5f8ab65a48fcafded25c1f802f7ac

Add Comment

[benjamin.j.mccann@gmail.com (JIRA)]

Ben McCann assigned an issue to Unassigned

Jenkins / JENKINS-31043

SAML plugin can't auth with CSRF protection enabled

Change By: Ben McCann Assignee: Ben McCann

Add Comment

This message was sent by Atlassian JIRA (v7.1.7#71011-sha1:2526d7c)

[mdonohue@java.net (JIRA)]

mdonohue assigned an issue to mdonohue

Jenkins / JENKINS-31043 SAML plugin can't auth with CSRF protection enabled

Change By: mdonohue Assignee: mdonohue

Add Comment

[mdonohue@java.net (JIRA)]

mdonohue commented on JENKINS-31043

Re: SAML plugin can't auth with CSRF protection enabled Patch was merged, and plugin released back in February.

Add Comment

[mdonohue@java.net (JIRA)]

mdonohue closed an issue as Fixed

Jenkins / JENKINS-31043

SAML plugin can't auth with CSRF protection enabled

Change By: mdonohue Status: Open Closed Resolution: Fixed

Add Comment