Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-65093

Getting "java.lang.String cannot be cast to java.util.List" after upgrading to saml-plugin 2.0.0

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed (View Workflow)
    • Priority: Minor
    • Resolution: Fixed
    • Component/s: saml-plugin
    • Labels:
    • Environment:
      OS: Amazon Linux release 2 (Karoo)
      Jenkins version: 2.282
      saml-plugin version: 2.0.0
    • Similar Issues:
    • Released As:
      saml-2.0.3

      Description

      After upgrading to 2.0.0, when users are redirected back to `/securityRealm/finishLogin ` the following exception is thrown:

      WARNING o.e.j.s.h.ContextHandler$Context#log: Error while serving http://jenkins.domain/securityRealm/finishLogin 
      java.lang.ClassCastException: java.lang.String cannot be cast to java.util.List 
              at org.jenkinsci.plugins.saml.SamlSecurityRealm.modifyUserFullName(SamlSecurityRealm.java:453) 
              at org.jenkinsci.plugins.saml.SamlSecurityRealm.doFinishLogin(SamlSecurityRealm.java:335) 
              at java.lang.invoke.MethodHandle.invokeWithArguments(MethodHandle.java:627) 
              at org.kohsuke.stapler.Function$MethodFunction.invoke(Function.java:396) 
      Caused: java.lang.reflect.InvocationTargetException 
      

      However if you continue into Jenkins, the user is authenticated and can browse freely. It will happen every time a user needs to be re-authenticated.

       

       

        Attachments

          Issue Links

            Activity

            Hide
            andreya_kostov Andreya Kostov added a comment -

            We've hit the same issue after upgrading to 2.0.0. It looks like the issue is that the plugin interprets the configured display name attribute as multi-value. The same is true for the email attribute. However, in the returned SAML assertion, these attributes are single-value. In my case, the offending attribute was "email" - the IDP does not return a display name attribute. Removing the email attribute mapping (although there's a tooltip that it's recommended to set it) solves the error.

            Show
            andreya_kostov Andreya Kostov added a comment - We've hit the same issue after upgrading to 2.0.0. It looks like the issue is that the plugin interprets the configured display name attribute as multi-value . The same is true for the email attribute . However, in the returned SAML assertion, these attributes are single-value. In my case, the offending attribute was "email" - the IDP does not return a display name attribute. Removing the email attribute mapping (although there's a tooltip that it's recommended to set it) solves the error.
            Hide
            drewrogers Drew added a comment - - edited

            We upgraded to 2.0.2, and are still getting the exception:

            2021-03-15 08:17:27.000+0000 [id=14]    WARNING o.e.j.s.h.ContextHandler$Context#log: Error while serving http://jenkins.ourdomain.io/securityRealm/finishLogin
            java.lang.ClassCastException: java.lang.String cannot be cast to java.util.List
                    at org.jenkinsci.plugins.saml.SamlSecurityRealm.modifyUserFullName(SamlSecurityRealm.java:457)
                    at org.jenkinsci.plugins.saml.SamlSecurityRealm.doFinishLogin(SamlSecurityRealm.java:336)
                    at java.lang.invoke.MethodHandle.invokeWithArguments(MethodHandle.java:627)
                    at org.kohsuke.stapler.Function$MethodFunction.invoke(Function.java:396)
            Caused: java.lang.reflect.InvocationTargetException
            
            

            Note these exceptions popped up after we upgraded to saml-plugin 2.0.0

            Show
            drewrogers Drew added a comment - - edited We upgraded to 2.0.2, and are still getting the exception: 2021-03-15 08:17:27.000+0000 [id=14] WARNING o.e.j.s.h.ContextHandler$Context#log: Error while serving http: //jenkins.ourdomain.io/securityRealm/finishLogin java.lang.ClassCastException: java.lang. String cannot be cast to java.util.List at org.jenkinsci.plugins.saml.SamlSecurityRealm.modifyUserFullName(SamlSecurityRealm.java:457) at org.jenkinsci.plugins.saml.SamlSecurityRealm.doFinishLogin(SamlSecurityRealm.java:336) at java.lang.invoke.MethodHandle.invokeWithArguments(MethodHandle.java:627) at org.kohsuke.stapler.Function$MethodFunction.invoke(Function.java:396) Caused: java.lang.reflect.InvocationTargetException Note these exceptions popped up after we upgraded to saml-plugin 2.0.0
            Hide
            drewrogers Drew added a comment -

            Ivan Fernandez Calvo is there a PR linked to this?

            Show
            drewrogers Drew added a comment - Ivan Fernandez Calvo is there a PR linked to this?
            Hide
            ifernandezcalvo Ivan Fernandez Calvo added a comment - - edited

            I just made it https://github.com/jenkinsci/saml-plugin/pull/96, there is an incremental version generated from the PR https://repo.jenkins-ci.org/incrementals/org/jenkins-ci/plugins/saml/2.0.3-rc229.ff6a67618aae/saml-2.0.3-rc229.ff6a67618aae.hpi Could you confirm me that it fixes the issue?

            Show
            ifernandezcalvo Ivan Fernandez Calvo added a comment - - edited I just made it https://github.com/jenkinsci/saml-plugin/pull/96 , there is an incremental version generated from the PR https://repo.jenkins-ci.org/incrementals/org/jenkins-ci/plugins/saml/2.0.3-rc229.ff6a67618aae/saml-2.0.3-rc229.ff6a67618aae.hpi Could you confirm me that it fixes the issue?
            Hide
            drewrogers Drew added a comment -

            We will wait for 2.0.3 to officially released to upgrade the plugin, then I'll let you know if it fixes the issue. Thanks!

            Show
            drewrogers Drew added a comment - We will wait for 2.0.3 to officially released to upgrade the plugin, then I'll let you know if it fixes the issue. Thanks!
            Hide
            drewrogers Drew added a comment -

            Ivan Fernandez Calvo are you waiting on us to verify if this works using the RC 2.0.3 version?

            Show
            drewrogers Drew added a comment - Ivan Fernandez Calvo are you waiting on us to verify if this works using the RC 2.0.3 version?
            Hide
            ifernandezcalvo Ivan Fernandez Calvo added a comment -

            no really, I was waiting to find the time to release, it uses to be on weekends. I just released 2.0.3

            Show
            ifernandezcalvo Ivan Fernandez Calvo added a comment - no really, I was waiting to find the time to release, it uses to be on weekends. I just released 2.0.3
            Hide
            drewrogers Drew added a comment -

            Issue fixed, thanks!

            Show
            drewrogers Drew added a comment - Issue fixed, thanks!

              People

              Assignee:
              ifernandezcalvo Ivan Fernandez Calvo
              Reporter:
              drewrogers Drew
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: