SAML plugin with SSO

[Prasu S]

Hi ,

We are planning to implement MFA(multi factor authentication) for Jenkins 2.138 . I installed SAML plugin 1.0.7 and configured it with IDP metadata provided by service provider.Display Name attribute and group attribute are auto filled by Jenkins as below  . After restarting Jenkins , it goes through all the MFA steps like entering username /password/OTP(PIN) and after successful verification of all the login information , it goes back to SSO login screen instead of Jenkins application . We are using project -based Matrix Authorization Strategy which is tied with Network username and password(ENT).  Any idea why we are not able to connect to the Jenkins application ? Thanks in advance.

[Prasu S]

Can someone please help with this issue?

On Monday, September 24, 2018 at 2:07:12 PM UTC-4, Prasu S wrote:

Hi ,

We are planning to implement MFA(multi factor authentication) for Jenkins 2.138 . I installed SAML plugin 1.0.7 and configured it with IDP metadata provided by service provider.Display Name attribute and group attribute are auto filled by Jenkins as below  . After restarting Jenkins , it goes through all the MFA steps like entering username /password/OTP(PIN) and after successful verification of all the login information , it goes back to SSO login screen instead of Jenkins application . We are using project -based Matrix Authorization Strategy which is tied with Network username and password(ENT).  Any idea why we are not able to connect to the Jenkins application ? Thanks in advance.

Display Name attribute is http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name

Group Attribute is http://schemas.xmlsoap.org/claims/Group

[Prasu S]

On Monday, September 24, 2018 at 2:07:12 PM UTC-4, Prasu S wrote:

> Hi ,
>
>
> We are planning to implement MFA(multi factor authentication) for Jenkins 2.138 . I installed SAML plugin 1.0.7 and configured it with IDP metadata provided by service provider.Display Name attribute and group attribute are auto filled by Jenkins as below  . After restarting Jenkins , it goes through all the MFA steps like entering username /password/OTP(PIN) and after successful verification of all the login information , it goes back to SSO login screen instead of Jenkins application . We are using project -based Matrix Authorization Strategy which is tied with active directory(AD).  Any idea why we are not able to connect to the Jenkins application ? Thanks in advance.

[Slide]

Multi-posting probably will not help you get help on your issue. People on the list have seen it, it may take some time to get a response.

--
You received this message because you are subscribed to the Google Groups "Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-use...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/e40685a6-8812-4a5c-9886-868777cfa49f%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Ivan Fernandez Calvo]

Hi,

Did you read the documentation at https://github.com/jenkinsci/saml-plugin/tree/master/doc? you should take a look at the troubleshooting guide. The probable cause, it is that you do not set the proper group and display name for your IdP, Jenkins do not know anything about your IdP and different IdP use to use different attributes. If you increase the verbosity of the logs (see the troubleshooting guide) you could see the attributes in the message and you can set the proper values, also you can ask to your IdP for those attributes.