Group retrieval via URL not working

This issue is archived. You can view it, but you can't modify it. Learn more

XMLWordPrintable

      We are using the SAML plugin to enable SSO with Active Directory:

      securityRealm:
    saml:
      advancedConfiguration:
        forceAuthn: true
        spEntityId: "spn:<app-id>"
      binding: "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
      displayNameAttributeName: "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name"
      emailAttributeName: "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"
      groupsAttributeName: "http://schemas.microsoft.com/ws/2008/06/identity/claims/groups"
      idpMetadataConfiguration:
        period: 1440
        url: "https://login.microsoftonline.com/<not-sure-if-this-needs-to-be-secret>/federationmetadata/2007-06/federationmetadata.xml?appid=<app-id>"
      maximumAuthenticationLifetime: 86400
      usernameAttributeName: "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name"
      usernameCaseConversion: "lowercase"

      We have a user that is part of many AD groups such that the SAML token upon authentication contains a URL to further retrieve the user's group list:

      <AttributeĀ Name="http://schemas.microsoft.com/claims/groups.link"><AttributeValue>https://graph.windows.net/<not-sure-if-this-needs-to-be-secret>/users/<id>/getMemberObjects</AttributeValue></Attribute>

      But the plugin does not appear to properly retrieve the groups from the linked URL.Ā  Is this a bug, or am I missing something in the plugin configuration?

            Assignee:
            Ivan Fernandez Calvo
            Reporter:
            Camden Mamigonian
            Archiver:
            Jenkins Service Account

              Created:
              Updated:
              Resolved:
              Archived: