Status: Closed (View Workflow)
Resolution: Cannot Reproduce
AWS EC2 instance running Amazon Linux 2
docker container jenkins/jenkins:lts (V2.235.3)
saml plugin V1.1.6
JCASC plugin V1.42
java.runtime.name OpenJDK Runtime Environment
Browser: Google Chrome 84.0.4147.105
Once you configure the "Logout URL" field in the SAML plugin and hit the "Logout" button in the Jenkins UI, logout fails with a message:
I believe this is due to the , now enforced, CSRF protection
When I disable the SAML plugin and log on with a local Jenkins user, the logout functionality works as expected.
As a workaround, I have tried to :
- Enable/disable the "proxy compatibility" checkbox for the Default Crumb Issuer
- Add a reverse proxy (Nginx) to my setup in order to redirect the browser to the Identity Provider for Single Log Out
The problem with this is that we bypass Jenkins' standard logout and I can't figure out how to reset the Jenkins session
- Install and configure the Strict Crumb Issuer Plugin which provides more options to customize the crumb validation
None of the above worked for me.
The only thing that did work was to disable the CSRF protection completely. However, this is not a viable workaround for my production Jenkins instance.
Other issues seem to suggest that this issue is to be resolved by the plugin used.