Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-42127

SAML plugin crashes with Maximum Authentication Lifetime set to greater then 24 days

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Fixed
    • Icon: Minor Minor
    • saml-plugin
    • OS: Red Hat Linux 7.3
      Jenkins: 2.32.2
      SAML Plugin: 0.13

      After authenticating to our IDP, instead of logging in, we receive a SamlException: No Valid subject assertion found in response in our browser, when the Maximum Authentication LIfetime is set to anything greater then 24 days (2073600 seconds).

      As soon as I set this to 24 days or smaller then Jenkins does not crash and everything works fine, until our users experiences the crash because the MAL has exceeded our IDP session timeout.

      Our IDP session timeout is 30 days.

      The SAML Plugin documentation says to set the Maximum Authentication Lifetime to greater then your IDP session timeout. We try and set it to 31 days or 2678400 seconds but that fails and we get an 'angry Jenkins face' and the output in the jenkins-saml-stack-trace-browser-message file.

            ifernandezcalvo Ivan Fernandez Calvo
            wdascsteinke Chris Steinke
            Votes:
            1 Vote for this issue
            Watchers:
            4 Start watching this issue

              Created:
              Updated:
              Resolved: