-
Bug
-
Resolution: Not A Defect
-
Minor
-
Jenkins: 2.32.1
SAML plugin: 0.12
Hi,
we wanted to use SAML plugin and connect it to our IDP provider "pingone". After putting in the Metadata and the URI's on Jenkins side and the URLS on the IDP side, I was able to access / login Jenkins from IDP's portal site. However I am not able to login into Jenkins via its URL.
The reason is probably that SAML plugin does not send the IDPID to the when communicating with IDP.
For example SAML sends this URL to PingOne:
https://sso.connect.pingidentity.com/sso/idp/SSO.saml2?SAMLRequest=pVLBbtswDLsZZ%2BtcM7xPI212Q4sNXsIhfayiu4dtDLP4B&RelayState=https%3A%2F%2Fdm-jenkins.dmglobal.com%2Fjenkins%2FsecurityRealm%2FfinishLogin
Other applications using the same IDP sends this URL:
https://sso.connect.pingidentity.com/sso/idp/SSO.saml2?idpid=f8de2c8f-1e77-4698-a952-0b9feec61626&SAMLRequest=hZLNbts%2FX7X5Aw%3D%3D&RelayState=ss%3Amem%3Ad2e334c7131a9ee3f33eb5a41f1218b89c8e91805ba76597463c935195faf23c
Can you fix this issue, so that the IDPID is sent?
Let me attach a slightly modified Metadata file to this ticket.
Any help would be appreciated.
Kind regards
Tom
[JENKINS-41013] IDPID not send to IDP
Could you check that you used "https://dm-jenkins.dmglobal.com/jenkins/securityRealm/finishLogin" as URL of the Service provider on PingOne?
| Resolution | New: Not A Defect [ 7 ] | |
| Status | Original: Open [ 1 ] | New: Resolved [ 5 ] |
idpid it is not an attribute of SAML 2.0 it is used only by pingone and reviewing the documentation, it is generated by him self
I am going to check if it is possible to generate attributes automatically from metadata, but may be the metadata required modifications like it is described here https://docs.pivotal.io/p-identity/1-1/pingone/config-sso.html
https://docs.pingidentity.com/bundle/p1_attributesReference_cas/page/attributesRef.html