[JIRA] (JENKINS-59417) AD Groups do not refresh during a SAML Session

8 views
Skip to first unread message

rsmith@cloudbees.com (JIRA)

unread,
Sep 18, 2019, 1:46:03 AM9/18/19
to jenkinsc...@googlegroups.com
Ryan Smith created an issue
 
Jenkins / Bug JENKINS-59417
AD Groups do not refresh during a SAML Session
Issue Type: Bug Bug
Assignee: Ivan Fernandez Calvo
Components: saml-plugin
Created: 2019-09-18 05:45
Environment: CloudBees Core - Traditional Platform 2.164.1.2
RBAC plugin version: 5.27
SAML plugin version: 1.1.2
Priority: Critical Critical
Reporter: Ryan Smith

Steps to reproduce:

1.) User is logged into Jenkins via SAML session
2.) User is added to AD Group by AD Admin
3.) User can hit /whoAmI endpoint and see new group added
4.) User is not able to access folders with group
5.) User has to logout of SAML session
6.) Admin has to logout of SAML session
7.) Admin has to login to new SAML session
8.) Admin has to manually add user to group in Jenkins Groups UI.
9.) User can now login and access folders with group

I've looked at this with Félix Belzunce Arcos and he believed it to be a problem with https://github.com/jenkinsci/saml-plugin/blob/master/src/main/java/org/jenkinsci/plugins/saml/SamlGroupDetails.java
Add Comment Add Comment
 
This message was sent by Atlassian Jira (v7.13.6#713006-sha1:cc4451f)
Atlassian logo

kuisathaverat@gmail.com (JIRA)

unread,
Sep 18, 2019, 2:41:02 AM9/18/19
to jenkinsc...@googlegroups.com
Ivan Fernandez Calvo commented on Bug JENKINS-59417
 
Re: AD Groups do not refresh during a SAML Session

I do not see which Jenkins core and SAML plugin version you are using in the issues, it use to be useful info, anyway, I guess you are using RBAC CouldBees to manage groups on Jenkins. The behavior that you see it is by design, you have to create your groups in Jenkins and associate then to your users or external groups in Jenkins.

kuisathaverat@gmail.com (JIRA)

unread,
Sep 18, 2019, 3:03:02 AM9/18/19
to jenkinsc...@googlegroups.com
Ivan Fernandez Calvo closed an issue as Not A Defect
 
Change By: Ivan Fernandez Calvo
Status: Open Closed
Resolution: Not A Defect

kuisathaverat@gmail.com (JIRA)

unread,
Sep 18, 2019, 3:04:02 AM9/18/19
to jenkinsc...@googlegroups.com
 
Re: AD Groups do not refresh during a SAML Session
I do not see which Jenkins core and SAML plugin version you are using in the issues, it use to be useful info, anyway, I guess you are using RBAC CouldBees to manage groups on Jenkins. The behavior that you see it is by design, you have to create your groups in Jenkins and associate then to your users or external groups in Jenkins.

kuisathaverat@gmail.com (JIRA)

unread,
Sep 18, 2019, 3:06:02 AM9/18/19
to jenkinsc...@googlegroups.com
The behavior that you see it is by design, you have to create your groups in Jenkins and associate then them to your users or external groups in Jenkins , SAML plugin does not sync any data from external sources, it only read the groups from the SAMLResponse when you login, SAML services does not provide any kind of service to sync groups, SAML is an authentication and authorization system that's it .
Reply all
Reply to author
Forward
0 new messages