[JIRA] (JENKINS-55232) regarding Authentication response is not success message

3 views
Skip to first unread message

luckyhk.lee@samsung.com (JIRA)

unread,
Dec 17, 2018, 10:09:04 PM12/17/18
to jenkinsc...@googlegroups.com
Hokwang Lee created an issue
 
Jenkins / Improvement JENKINS-55232
regarding Authentication response is not success message
Issue Type: Improvement Improvement
Assignee: Ivan Fernandez Calvo
Components: saml-plugin
Created: 2018-12-18 03:08
Priority: Minor Minor
Reporter: Hokwang Lee

Hi.

 

I need help. I am beginner regarding auth.

I want to connect AD FS 4.0 with Jenkins using saml plugin.

After installed Jenkins (lts) and saml plugin (latest),

Configure Global Security > 

select SAML 2.0 in Security Realm

 

IdP Metadata URL : https://sts-dev.secsso.net/federationmetadata/2007-06/federationmetadata.xml

Refresh Period : 0

Display Name Attribute : SEC_LOGINID

Group Attribute : (empty)

Maximum Authentication Lifetime : 86400

Username Attribute : SEC_LOGINID

Email Attribute : SEC_MAIL

Username Case Conversion : None

Data Binding Method : HTTP-POST

Logout URL : (empty)

 

and save,

there's log in Jenkins

Is this OK ?

Dec 18, 2018 3:03:31 AM org.springframework.context.support.AbstractApplicationContext prepareRefreshDec 18, 2018 3:03:31 AM org.springframework.context.support.AbstractApplicationContext prepareRefreshINFO: Refreshing org.springframework.web.context.support.StaticWebApplicationContext@660e8514: display name [Root WebApplicationContext]; startup date [Tue Dec 18 03:03:31 UTC 2018]; root of context hierarchyDec 18, 2018 3:03:31 AM org.springframework.context.support.AbstractApplicationContext obtainFreshBeanFactoryINFO: Bean factory for application context [org.springframework.web.context.support.StaticWebApplicationContext@660e8514]: org.springframework.beans.factory.support.DefaultListableBeanFactory@175ab9f6Dec 18, 2018 3:03:31 AM org.springframework.beans.factory.support.DefaultListableBeanFactory preInstantiateSingletonsINFO: Pre-instantiating singletons in org.springframework.beans.factory.support.DefaultListableBeanFactory@175ab9f6: defining beans [filter,legacy]; root of factory hierarchyDec 18, 2018 3:03:31 AM hudson.model.listeners.SaveableListener fireOnChangeWARNING: nulljava.lang.NullPointerException at com.google.common.base.Preconditions.checkNotNull(Preconditions.java:187) at com.google.common.cache.LocalCache.getIfPresent(LocalCache.java:3953) at com.google.common.cache.LocalCache$LocalManualCache.getIfPresent(LocalCache.java:4758) at org.csanchez.jenkins.plugins.kubernetes.KubernetesClientProvider$SaveableListenerImpl.onChange(KubernetesClientProvider.java:164) at hudson.model.listeners.SaveableListener.fireOnChange(SaveableListener.java:81) at jenkins.model.Jenkins.save(Jenkins.java:3242) at hudson.BulkChange.commit(BulkChange.java:98) at hudson.security.GlobalSecurityConfiguration.doConfigure(GlobalSecurityConfiguration.java:106) at java.lang.invoke.MethodHandle.invokeWithArguments(MethodHandle.java:627) at org.kohsuke.stapler.Function$MethodFunction.invoke(Function.java:396) at org.kohsuke.stapler.Function$InstanceFunction.invoke(Function.java:408) at org.kohsuke.stapler.interceptor.RequirePOST$Processor.invoke(RequirePOST.java:77) at org.kohsuke.stapler.PreInvokeInterceptedFunction.invoke(PreInvokeInterceptedFunction.java:26) at org.kohsuke.stapler.Function.bindAndInvoke(Function.java:212) at org.kohsuke.stapler.Function.bindAndInvokeAndServeResponse(Function.java:145) at org.kohsuke.stapler.MetaClass$11.doDispatch(MetaClass.java:537) at org.kohsuke.stapler.NameBasedDispatcher.dispatch(NameBasedDispatcher.java:58) at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:739) at org.kohsuke.stapler.Stapler.invoke(Stapler.java:870) at org.kohsuke.stapler.MetaClass$9.dispatch(MetaClass.java:458) at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:739) at org.kohsuke.stapler.Stapler.invoke(Stapler.java:870) at org.kohsuke.stapler.Stapler.invoke(Stapler.java:668) at org.kohsuke.stapler.Stapler.service(Stapler.java:238) at javax.servlet.http.HttpServlet.service(HttpServlet.java:790) at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:865) at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1655) at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:154) at org.jenkinsci.plugins.ssegateway.Endpoint$SSEListenChannelFilter.doFilter(Endpoint.java:243) at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:151) at io.jenkins.blueocean.ResourceCacheControl.doFilter(ResourceCacheControl.java:134) at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:151) at io.jenkins.blueocean.auth.jwt.impl.JwtAuthenticationFilter.doFilter(JwtAuthenticationFilter.java:61) at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:151) at jenkins.telemetry.impl.UserLanguages$AcceptLanguageFilter.doFilter(UserLanguages.java:128) at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:151) at hudson.util.PluginServletFilter.doFilter(PluginServletFilter.java:157) at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1642) at hudson.security.csrf.CrumbFilter.doFilter(CrumbFilter.java:99) at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1642) at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:84) at hudson.security.UnwrapSecurityExceptionFilter.doFilter(UnwrapSecurityExceptionFilter.java:51) at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) at jenkins.security.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:117) at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) at org.acegisecurity.providers.anonymous.AnonymousProcessingFilter.doFilter(AnonymousProcessingFilter.java:125) at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) at org.acegisecurity.ui.rememberme.RememberMeProcessingFilter.doFilter(RememberMeProcessingFilter.java:142) at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) at org.acegisecurity.ui.AbstractProcessingFilter.doFilter(AbstractProcessingFilter.java:271) at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) at jenkins.security.BasicHeaderProcessor.doFilter(BasicHeaderProcessor.java:93) at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) at org.acegisecurity.context.HttpSessionContextIntegrationFilter.doFilter(HttpSessionContextIntegrationFilter.java:249) at hudson.security.HttpSessionContextIntegrationFilter2.doFilter(HttpSessionContextIntegrationFilter2.java:67) at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) at hudson.security.ChainedServletFilter.doFilter(ChainedServletFilter.java:90) at hudson.security.HudsonFilter.doFilter(HudsonFilter.java:171) at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1642) at org.kohsuke.stapler.compression.CompressionFilter.doFilter(CompressionFilter.java:49) at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1642) at hudson.util.CharacterEncodingFilter.doFilter(CharacterEncodingFilter.java:82) at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1642) at org.kohsuke.stapler.DiagnosticThreadNameFilter.doFilter(DiagnosticThreadNameFilter.java:30) at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1642) at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:533) at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:146) at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:524) at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:132) at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:257) at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:1595) at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:255) at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1340) at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:203) at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:473) at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:1564) at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:201) at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1242) at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:144) at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:132) at org.eclipse.jetty.server.Server.handle(Server.java:503) at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:364) at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:260) at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:305) at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:103) at org.eclipse.jetty.io.ChannelEndPoint$2.run(ChannelEndPoint.java:118) at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.runTask(EatWhatYouKill.java:333) at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.doProduce(EatWhatYouKill.java:310) at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.tryProduce(EatWhatYouKill.java:168) at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.run(EatWhatYouKill.java:126) at org.eclipse.jetty.util.thread.ReservedThreadExecutor$ReservedThread.run(ReservedThreadExecutor.java:366) at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:765) at org.eclipse.jetty.util.thread.QueuedThreadPool$2.run(QueuedThreadPool.java:683) at java.lang.Thread.run(Thread.java:748)

 

anyway, then, click login button

the page redirect login and input ID and password 

and then redirect to https://nwse.sec.samsung.net/stage-jenkins/samlLogout/

that shows  

You are now logged out of Jenkins, however this has not logged you out of SAML.

Have a nice day

 

and jenkins log is below.

Dec 18, 2018 3:05:46 AM org.opensaml.core.config.InitializationService initializeDec 18, 2018 3:05:46 AM org.opensaml.core.config.InitializationService initializeINFO: Initializing OpenSAML using the Java Services APIDec 18, 2018 3:05:46 AM org.pac4j.saml.metadata.SAML2ServiceProviderMetadataResolver <init>INFO: Using SP entity ID https://nwse.sec.samsung.net/stage-jenkins/securityRealm/finishLoginDec 18, 2018 3:05:46 AM org.pac4j.saml.metadata.SAML2ServiceProviderMetadataResolver resolveINFO: Writing sp metadata to /var/jenkins_home/saml-sp-metadata.xmlDec 18, 2018 3:05:46 AM org.pac4j.saml.metadata.SAML2ServiceProviderMetadataResolver resolveINFO: Attempting to create directory structure for /var/jenkins_homeDec 18, 2018 3:05:46 AM org.pac4j.saml.metadata.SAML2ServiceProviderMetadataResolver resolveWARNING: Could not construct the directory structure for SP metadata /var/jenkins_home/saml-sp-metadata.xmlDec 18, 2018 3:05:46 AM org.pac4j.saml.crypto.DefaultSignatureSigningParametersProvider buildINFO: Created signature signing parameters.Signature algorithm: http://www.w3.org/2001/04/xmldsig-more#rsa-sha256Signature canonicalization algorithm: http://www.w3.org/2001/10/xml-exc-c14n#Signature reference digest methods: http://www.w3.org/2001/04/xmlenc#sha512Dec 18, 2018 3:05:48 AM org.opensaml.core.config.InitializationService initializeINFO: Initializing OpenSAML using the Java Services APIDec 18, 2018 3:05:48 AM org.pac4j.saml.metadata.SAML2ServiceProviderMetadataResolver <init>INFO: Using SP entity ID https://nwse.sec.samsung.net/stage-jenkins/securityRealm/finishLoginDec 18, 2018 3:05:48 AM org.pac4j.saml.metadata.SAML2ServiceProviderMetadataResolver resolveINFO: Writing sp metadata to /var/jenkins_home/saml-sp-metadata.xmlDec 18, 2018 3:05:48 AM org.pac4j.saml.metadata.SAML2ServiceProviderMetadataResolver resolveINFO: Attempting to create directory structure for /var/jenkins_homeDec 18, 2018 3:05:48 AM org.pac4j.saml.metadata.SAML2ServiceProviderMetadataResolver resolveWARNING: Could not construct the directory structure for SP metadata /var/jenkins_home/saml-sp-metadata.xmlDec 18, 2018 3:05:48 AM org.jenkinsci.plugins.saml.SamlSecurityRealm doFinishLoginWARNING: Unable to validate the SAML Response: Authentication response is not success ; actual urn:oasis:names:tc:SAML:2.0:status:Responder; nested exception is org.pac4j.saml.exceptions.SAMLException: Authentication response is not success ; actual urn:oasis:names:tc:SAML:2.0:status:ResponderFor more info check 'Maximum Authentication Lifetime' at https://github.com/jenkinsci/saml-plugin/blob/master/doc/CONFIGURE.md#configuring-plugin-settingsIf you have issues check the troubleshoting guide at https://github.com/jenkinsci/saml-plugin/blob/master/doc/TROUBLESHOOTING.mdorg.acegisecurity.BadCredentialsException: Authentication response is not success ; actual urn:oasis:names:tc:SAML:2.0:status:Responder; nested exception is org.pac4j.saml.exceptions.SAMLException: Authentication response is not success ; actual urn:oasis:names:tc:SAML:2.0:status:Responder at org.jenkinsci.plugins.saml.SamlProfileWrapper.process(SamlProfileWrapper.java:59) at org.jenkinsci.plugins.saml.SamlProfileWrapper.process(SamlProfileWrapper.java:35) at org.jenkinsci.plugins.saml.OpenSAMLWrapper.get(OpenSAMLWrapper.java:64) at org.jenkinsci.plugins.saml.SamlSecurityRealm.doFinishLogin(SamlSecurityRealm.java:312) at java.lang.invoke.MethodHandle.invokeWithArguments(MethodHandle.java:627) at org.kohsuke.stapler.Function$MethodFunction.invoke(Function.java:396) at org.kohsuke.stapler.Function$InstanceFunction.invoke(Function.java:408) at org.kohsuke.stapler.interceptor.RequirePOST$Processor.invoke(RequirePOST.java:77) at org.kohsuke.stapler.PreInvokeInterceptedFunction.invoke(PreInvokeInterceptedFunction.java:26) at org.kohsuke.stapler.Function.bindAndInvoke(Function.java:212) at org.kohsuke.stapler.Function.bindAndInvokeAndServeResponse(Function.java:145) at org.kohsuke.stapler.MetaClass$11.doDispatch(MetaClass.java:537) at org.kohsuke.stapler.NameBasedDispatcher.dispatch(NameBasedDispatcher.java:58) at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:739) at org.kohsuke.stapler.Stapler.invoke(Stapler.java:870) at org.kohsuke.stapler.MetaClass$2.doDispatch(MetaClass.java:221) at org.kohsuke.stapler.NameBasedDispatcher.dispatch(NameBasedDispatcher.java:58) at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:739) at org.kohsuke.stapler.Stapler.invoke(Stapler.java:870) at org.kohsuke.stapler.Stapler.invoke(Stapler.java:668) at org.kohsuke.stapler.Stapler.service(Stapler.java:238) at javax.servlet.http.HttpServlet.service(HttpServlet.java:790) at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:865) at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1655) at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:154) at org.jenkinsci.plugins.ssegateway.Endpoint$SSEListenChannelFilter.doFilter(Endpoint.java:243) at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:151) at io.jenkins.blueocean.ResourceCacheControl.doFilter(ResourceCacheControl.java:134) at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:151) at io.jenkins.blueocean.auth.jwt.impl.JwtAuthenticationFilter.doFilter(JwtAuthenticationFilter.java:61) at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:151) at jenkins.telemetry.impl.UserLanguages$AcceptLanguageFilter.doFilter(UserLanguages.java:128) at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:151) at hudson.util.PluginServletFilter.doFilter(PluginServletFilter.java:157) at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1642) at org.jenkinsci.plugins.saml.SamlCrumbExclusion.process(SamlCrumbExclusion.java:26) at hudson.security.csrf.CrumbFilter.doFilter(CrumbFilter.java:73) at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1642) at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:84) at hudson.security.UnwrapSecurityExceptionFilter.doFilter(UnwrapSecurityExceptionFilter.java:51) at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) at jenkins.security.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:117) at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) at org.acegisecurity.providers.anonymous.AnonymousProcessingFilter.doFilter(AnonymousProcessingFilter.java:125) at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) at org.acegisecurity.ui.rememberme.RememberMeProcessingFilter.doFilter(RememberMeProcessingFilter.java:142) at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) at org.acegisecurity.ui.AbstractProcessingFilter.doFilter(AbstractProcessingFilter.java:271) at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) at jenkins.security.BasicHeaderProcessor.doFilter(BasicHeaderProcessor.java:93) at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) at org.acegisecurity.context.HttpSessionContextIntegrationFilter.doFilter(HttpSessionContextIntegrationFilter.java:249) at hudson.security.HttpSessionContextIntegrationFilter2.doFilter(HttpSessionContextIntegrationFilter2.java:67) at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) at hudson.security.ChainedServletFilter.doFilter(ChainedServletFilter.java:90) at hudson.security.HudsonFilter.doFilter(HudsonFilter.java:171) at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1642) at org.kohsuke.stapler.compression.CompressionFilter.doFilter(CompressionFilter.java:49) at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1642) at hudson.util.CharacterEncodingFilter.doFilter(CharacterEncodingFilter.java:82) at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1642) at org.kohsuke.stapler.DiagnosticThreadNameFilter.doFilter(DiagnosticThreadNameFilter.java:30) at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1642) at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:533) at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:146) at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:524) at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:132) at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:257) at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:1595) at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:255) at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1340) at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:203) at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:473) at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:1564) at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:201) at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1242) at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:144) at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:132) at org.eclipse.jetty.server.Server.handle(Server.java:503) at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:364) at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:260) at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:305) at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:103) at org.eclipse.jetty.io.ChannelEndPoint$2.run(ChannelEndPoint.java:118) at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.runTask(EatWhatYouKill.java:333) at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.doProduce(EatWhatYouKill.java:310) at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.tryProduce(EatWhatYouKill.java:168) at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.run(EatWhatYouKill.java:126) at org.eclipse.jetty.util.thread.ReservedThreadExecutor$ReservedThread.run(ReservedThreadExecutor.java:366) at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:765) at org.eclipse.jetty.util.thread.QueuedThreadPool$2.run(QueuedThreadPool.java:683) at java.lang.Thread.run(Thread.java:748)Caused by: org.pac4j.saml.exceptions.SAMLException: Authentication response is not success ; actual urn:oasis:names:tc:SAML:2.0:status:Responder at org.pac4j.saml.sso.impl.SAML2DefaultResponseValidator.validateSamlProtocolResponse(SAML2DefaultResponseValidator.java:208) at org.pac4j.saml.sso.impl.SAML2DefaultResponseValidator.validate(SAML2DefaultResponseValidator.java:132) at org.pac4j.saml.sso.impl.SAML2WebSSOMessageReceiver.receiveMessage(SAML2WebSSOMessageReceiver.java:77) at org.pac4j.saml.sso.impl.SAML2WebSSOProfileHandler.receive(SAML2WebSSOProfileHandler.java:35) at org.pac4j.saml.client.SAML2Client.retrieveCredentials(SAML2Client.java:225) at org.pac4j.saml.client.SAML2Client.retrieveCredentials(SAML2Client.java:60) at org.pac4j.core.client.IndirectClient.getCredentials(IndirectClient.java:106) at org.jenkinsci.plugins.saml.SamlProfileWrapper.process(SamlProfileWrapper.java:55) ... 91 more

What is the problem ?
Add Comment Add Comment
 
This message was sent by Atlassian Jira (v7.11.2#711002-sha1:fdc329d)

luckyhk.lee@samsung.com (JIRA)

unread,
Dec 18, 2018, 12:52:02 AM12/18/18
to jenkinsc...@googlegroups.com
Hokwang Lee commented on Improvement JENKINS-55232
 
Re: regarding Authentication response is not success message

I added saml-sp-metadata.xml in AD FS encryption tab and Signature tab.

And then I can login.

 

Should I add that file to AD? Is there another way?

 

And in my case, in AD FS claim,

When I use SEC_LOGINID for Outgoing Claim Type of cn LDAP Attribute, I can not login successfully.

When I use Name ID for it, there's no problem.

Can you let me know other specific name for displayname and email ?

kuisathaverat@gmail.com (JIRA)

unread,
Dec 18, 2018, 5:53:01 AM12/18/18
to jenkinsc...@googlegroups.com

The first exception is not related to SAML, it seems something in the K8s plugin

```


org.csanchez.jenkins.plugins.kubernetes.KubernetesClientProvider$SaveableListenerImpl.onChange(KubernetesClientProvider.java:164) at hudson.model.listeners.SaveableListener.fireOnChange(SaveableListener.java:81) at jenkins.model.Jenkins.save(Jenkins.java:3242) at hudson.BulkChange.commit(BulkChange.java:98) at hudson.security.GlobalSecurityConfiguration.doConfigure(GlobalSecurityConfiguration.java:106) at

```

kuisathaverat@gmail.com (JIRA)

unread,
Dec 18, 2018, 5:58:04 AM12/18/18
to jenkinsc...@googlegroups.com
Ivan Fernandez Calvo closed an issue as Not A Defect
 
Change By: Ivan Fernandez Calvo
Status: Open Closed
Resolution: Not A Defect

kuisathaverat@gmail.com (JIRA)

unread,
Dec 18, 2018, 5:58:04 AM12/18/18
to jenkinsc...@googlegroups.com
The first exception is not related to SAML, it seems something in the K8s plugin
``` {code}
org.csanchez.jenkins.plugins.kubernetes.KubernetesClientProvider$SaveableListenerImpl.onChange(KubernetesClientProvider.java:164) at hudson.model.listeners.SaveableListener.fireOnChange(SaveableListener.java:81) at jenkins.model.Jenkins.save(Jenkins.java:3242) at hudson.BulkChange.commit(BulkChange.java:98) at hudson.security.GlobalSecurityConfiguration.doConfigure(GlobalSecurityConfiguration.java:106) at

2018 3:05:48 AM org.jenkinsci.plugins.saml.SamlSecurityRealm doFinishLoginWARNING: Unable to validate the SAML Response: Authentication response is not success ; actual urn:oasis:names:tc:SAML:2.0:status:Responder; nested exception is org.pac4j.saml.exceptions.SAMLException: Authentication response is not success ; actual urn:oasis:names:tc:SAML:2.0:status:ResponderFor more info check 'Maximum Authentication Lifetime' at https://github.com/jenkinsci/saml-plugin/blob/master/doc/CONFIGURE.md#configuring-plugin-settingsIf you have issues check the troubleshoting guide at https://github.com/jenkinsci/saml-plugin/blob/master/doc/TROUBLESHOOTING.md
{code}

kuisathaverat@gmail.com (JIRA)

unread,
Dec 18, 2018, 5:59:01 AM12/18/18
to jenkinsc...@googlegroups.com
The first exception is not related to SAML, it seems something in the K8s plugin

{code}
org.csanchez.jenkins.plugins.kubernetes.KubernetesClientProvider$SaveableListenerImpl.onChange(KubernetesClientProvider.java:164) at hudson.model.listeners.SaveableListener.fireOnChange(SaveableListener.java:81) at jenkins.model.Jenkins.save(Jenkins.java:3242) at hudson.BulkChange.commit(BulkChange.java:98) at hudson.security.GlobalSecurityConfiguration.doConfigure(GlobalSecurityConfiguration.java:106) at
{code}


{code}
2018 3:05:48 AM org.jenkinsci.plugins.saml.SamlSecurityRealm doFinishLoginWARNING: Unable to validate the SAML Response: Authentication response is not success ; actual urn:oasis:names:tc:SAML:2.0:status:Responder; nested exception is org.pac4j.saml.exceptions.SAMLException: Authentication response is not success ; actual urn:oasis:names:tc:SAML:2.0:status:ResponderFor more info check 'Maximum Authentication Lifetime' at https://github.com/jenkinsci/saml-plugin/blob/master/doc/CONFIGURE.md#configuring-plugin-settingsIf you have issues check the troubleshoting guide at https://github.com/jenkinsci/saml-plugin/blob/master/doc/TROUBLESHOOTING.md
{code}

kuisathaverat@gmail.com (JIRA)

unread,
Dec 18, 2018, 6:01:02 AM12/18/18
to jenkinsc...@googlegroups.com
The first exception is not related to SAML, it seems something in the K8s plugin

{code}
org.csanchez.jenkins.plugins.kubernetes.KubernetesClientProvider$SaveableListenerImpl.onChange(KubernetesClientProvider.java:164) at hudson.model.listeners.SaveableListener.fireOnChange(SaveableListener.java:81) at jenkins.model.Jenkins.save(Jenkins.java:3242) at hudson.BulkChange.commit(BulkChange.java:98) at hudson.security.GlobalSecurityConfiguration.doConfigure(GlobalSecurityConfiguration.java:106) at
{code}



{code}
2018 3:05:48 AM org.jenkinsci.plugins.saml.SamlSecurityRealm doFinishLoginWARNING: Unable to validate the SAML Response: Authentication response is not success ; actual urn:oasis:names:tc:SAML:2.0:status:Responder; nested exception is org.pac4j.saml.exceptions.SAMLException: Authentication response is not success ; actual urn:oasis:names:tc:SAML:2.0:status:ResponderFor more info check 'Maximum Authentication Lifetime' at https://github.com/jenkinsci/saml-plugin/blob/master/doc/CONFIGURE.md#configuring-plugin-settingsIf you have issues check the troubleshoting guide at https://github.com/jenkinsci/saml-plugin/blob/master/doc/TROUBLESHOOTING.md
{code}

luckyhk.lee@samsung.com (JIRA)

unread,
Dec 18, 2018, 9:35:02 PM12/18/18
to jenkinsc...@googlegroups.com

Sorry and thank you Ivan Fernandez Calvo

I am very beginner about auth, SAML.

Can you reply my comment one more please ?

kuisathaverat@gmail.com (JIRA)

unread,
Dec 19, 2018, 4:21:02 AM12/19/18
to jenkinsc...@googlegroups.com

You need to debug your SAML authentication to see what it is in the SAMLResponse, and why it is not valid, on the Troubleshooting Guide is explained how to do that.

kuisathaverat@gmail.com (JIRA)

unread,
Dec 19, 2018, 4:23:02 AM12/19/18
to jenkinsc...@googlegroups.com
You need to debug your SAML authentication to see what it is in the SAMLResponse, and why it is not valid, on the [Troubleshooting Guide|https://github.com/jenkinsci/saml-plugin/blob/master/doc/TROUBLESHOOTING.md] is explained how to do that , for anything else ask on the Google user group as it is mentioned at [How to report an issue | https://wiki . jenkins.io/display/JENKINS/How+to+report+an+issue#Howtoreportanissue-WhatinformationtoprovideforEnvironmentandDescription]

dhilipthegreat@gmail.com (JIRA)

unread,
Dec 4, 2019, 2:48:02 AM12/4/19
to jenkinsc...@googlegroups.com

Hey Hokwang Lee ! Have you fixed this issue. Can you please let me know. I have been struck in the same stage. Thanks
This message was sent by Atlassian Jira (v7.13.6#713006-sha1:cc4451f)
Atlassian logo
Reply all
Reply to author
Forward
0 new messages