Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-66722

Using SAML plugin 1.1.6

    XMLWordPrintable

Details

    • Bug
    • Status: Closed (View Workflow)
    • Blocker
    • Resolution: Fixed
    • saml-plugin
    • None
    • Jenkins 2.289.3, Windows Server 2019

    Description

      So, been using the SAML plugin for some time and all was good.  Have not upgraded to latest version as of yet.  When our instance of Jenkins was hit it would atomically re-direct to our IdP for authentication and upon success the user would be logged in to Jenkins.  But, yesterday, something changed and we no-longer get the initial re-direct.  Now you get to the Jenkins landing page and the user is NOT logged on and must hit the logon button.  For us, this is a huge security vuln and we need to figure out what happened.

      As far as we know we did not make any changes to the SAML config and compared to the settings to a backup.  We turned on the FINEST logging and do not see anything errors but also we do not see any re-direct upon the first hit.

       

      Any Thoughts?

      Attachments

        Activity

          Ascending order - Click to sort in descending order
          charbl2007 Larry Charbonneau created issue -
          charbl2007 Larry Charbonneau added a comment -

          Found our issue ... .someone had granted Anonymous user permissions

          charbl2007 Larry Charbonneau added a comment - Found our issue ... .someone had granted Anonymous user permissions
          charbl2007 Larry Charbonneau made changes -
          Field Original Value New Value
          Resolution Fixed [ 1 ]
          Status Open [ 1 ] Closed [ 6 ]

          People

            ifernandezcalvo Ivan Fernandez Calvo
            charbl2007 Larry Charbonneau
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: