Hi,

we wanted to use SAML plugin and connect it to our IDP provider "pingone". After putting in the Metadata and the URI's on Jenkins side and the URLS on the IDP side, I was able to access / login Jenkins from IDP's portal site. However I am not able to login into Jenkins via its URL.

The reason is probably that SAML plugin does not send the IDPID to the when communicating with IDP.

For example SAML sends this URL to PingOne:
https://sso.connect.pingidentity.com/sso/idp/SSO.saml2?SAMLRequest=pVLBbtswDLsZZ%2BtcM7xPI212Q4sNXsIhfayiu4dtDLP4B&RelayState=https%3A%2F%2Fdm-jenkins.dmglobal.com%2Fjenkins%2FsecurityRealm%2FfinishLogin

Other applications using the same IDP sends this URL:
https://sso.connect.pingidentity.com/sso/idp/SSO.saml2?idpid=f8de2c8f-1e77-4698-a952-0b9feec61626&SAMLRequest=hZLNbts%2FX7X5Aw%3D%3D&RelayState=ss%3Amem%3Ad2e334c7131a9ee3f33eb5a41f1218b89c8e91805ba76597463c935195faf23c

Can you fix this issue, so that the IDPID is sent?
Let me attach a slightly modified Metadata file to this ticket.

Any help would be appreciated.
Kind regards
Tom