-
Type:
Bug
-
Resolution: Not A Defect
-
Priority:
Minor
-
Component/s: saml-plugin
-
None
-
Environment:Jenkins 1.656
SAML Plugin 0.5
I'm trying to extract group info from the SAML2 response and map it to Jenkins' "Matrix-based security". Is this possible? I've also tried using the Role-based strategy from the docs with no luck as well.
One question is what should the "Group Attribute" value be in the SAML settings given the below response? I've tried the default (http://schemas.xmlsoap.org/claims/Group), as well as the attribute name (app.groups), and a few other variations. The group info from the SAML2 response from Okta is as follows:
{{
<saml2p:Response>
...
<saml2:Assertion>
...
<saml2:AttributeStatement xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
<saml2:Attribute Name="app.groups"
NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified"
>
<saml2:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:type="xs:string"
>MobileCI Admin</saml2:AttributeValue>
<saml2:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:type="xs:string"
>MobileCI</saml2:AttributeValue>
</saml2:Attribute>
</saml2:AttributeStatement>
</saml2:Assertion>
</saml2p:Response>
}}
Any info would be appreciated.
Thanks!
