Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-66828

SAML settings wiped out on config load when using Configuration as Code plugin

    XMLWordPrintable

Details

    • Bug
    • Status: Closed (View Workflow)
    • Major
    • Resolution: Fixed
    • configuration-as-code-plugin, saml-plugin
    • None
    • Jenkins version: 2.303.2
      Plugin versions: saml:2.0.8, configuration-as-code:1.54
      OS: Ubuntu 20.04.3 LTS
    • saml-2.1.0

    Description

      After configuring SAML settings and saving changes to my jcasc yaml file, the settings are wiped out and the following error is displayed when viewing the casc config via the GUI:

      samlCustomProperty:
 attributes: |-
 FAILED TO EXPORT
 org.jenkinsci.plugins.saml.user.SamlCustomProperty#attributes: No configurator found for type class org.jenkinsci.plugins.saml.user.SamlCustomProperty$Attribute

       

      config file for SAML in casc yaml looks like this:

      securityRealm:
 saml:
 binding: "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
 displayNameAttributeName: "displayName"
 emailAttributeName: "Email"
 groupsAttributeName: "group"
 idpMetadataConfiguration:
 period: 0
 url: "https://xxxxxxxxx.okta.com/app/xxxxxxxxxxxxx/sso/saml/metadata"
 logoutUrl: "https://xxxxxxxxxx.okta.com"
 maximumAuthenticationLifetime: 31536000
 usernameCaseConversion: "none"

      Attachments

        Activity

          Ascending order - Click to sort in descending order
          ifernandezcalvo Ivan Fernandez Calvo added a comment - - edited

          I try to understand all the steps you are following to replicate the error Are these the steps you do?

          • Start a Jenkins instance and install the SAML plugin
          • Configure the SAML plugin manually
          • Check that the configuration is valid and the Authentication works
          • Go to JCasC on the manage Jenkins and export the configuration (<--I guess your error is here)
          • Stop Jenkins
          • Copy the JCasC file to the Jenkins Home folder
          • Start Jenkins

          In which of these steps do you see the error?

          timja Any idea what this could be?

          ifernandezcalvo Ivan Fernandez Calvo added a comment - - edited I try to understand all the steps you are following to replicate the error Are these the steps you do? Start a Jenkins instance and install the SAML plugin Configure the SAML plugin manually Check that the configuration is valid and the Authentication works Go to JCasC on the manage Jenkins and export the configuration (<--I guess your error is here) Stop Jenkins Copy the JCasC file to the Jenkins Home folder Start Jenkins In which of these steps do you see the error? timja Any idea what this could be?
          timja Tim Jacomb added a comment -

          Attribute is not a describe-able https://github.com/jenkinsci/saml-plugin/blob/master/src/main/java/org/jenkinsci/plugins/saml/user/SamlCustomProperty.java#L45

          timja Tim Jacomb added a comment - Attribute is not a describe-able https://github.com/jenkinsci/saml-plugin/blob/master/src/main/java/org/jenkinsci/plugins/saml/user/SamlCustomProperty.java#L45
          gcarnell Gabe Carnell added a comment -

          ifernandezcalvo, the error occurs after I reload the JCasC config by restarting Jenkins. After the server comes back up SAML is no longer configured in the Configure Global Security screen, and when I view the JCasC config I see the "No configurator found" error message.

          gcarnell Gabe Carnell added a comment - ifernandezcalvo , the error occurs after I reload the JCasC config by restarting Jenkins. After the server comes back up SAML is no longer configured in the Configure Global Security screen, and when I view the JCasC config I see the "No configurator found" error message.
          ifernandezcalvo Ivan Fernandez Calvo added a comment -

          I am trying to replicate it locally but I cannot on Jenkins core 2.277 and the SAML plugin from sources, I will try with Jenkins core 2.303.2, what it is weir for me it is that fails on the class "org.jenkinsci.plugins.saml.user.SamlCustomProperty", this class is used to save a custom property in the user, it is not used on the configuration classes so I dunno why it is used in the JCasC load it should not.

          jenkins:
  securityRealm:
    saml:
      binding: "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
      displayNameAttributeName: "displayName"
      emailAttributeName: "mail"
      encryptionData:
        forceSignRedirectBindingAuthnRequest: false
        wantsAssertionsSigned: false
      groupsAttributeName: "groups"
      idpMetadataConfiguration:
        period: 0
        url: "http://127.0.0.1:58080/simplesaml/saml2/idp/metadata.php"
      maximumAuthenticationLifetime: 86400
      usernameAttributeName: "uid"
      usernameCaseConversion: "none"
          ifernandezcalvo Ivan Fernandez Calvo added a comment - I am trying to replicate it locally but I cannot on Jenkins core 2.277 and the SAML plugin from sources, I will try with Jenkins core 2.303.2, what it is weir for me it is that fails on the class "org.jenkinsci.plugins.saml.user.SamlCustomProperty", this class is used to save a custom property in the user, it is not used on the configuration classes so I dunno why it is used in the JCasC load it should not. jenkins: securityRealm: saml: binding: "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" displayNameAttributeName: "displayName" emailAttributeName: "mail" encryptionData: forceSignRedirectBindingAuthnRequest: false wantsAssertionsSigned: false groupsAttributeName: "groups" idpMetadataConfiguration: period: 0 url: "http: //127.0.0.1:58080/simplesaml/saml2/idp/metadata.php" maximumAuthenticationLifetime: 86400 usernameAttributeName: "uid" usernameCaseConversion: "none"
          ifernandezcalvo Ivan Fernandez Calvo added a comment -

          I cannot replicate it, in my test environment the JCasC works as expected https://github.com/kuisathaverat/jenkins-issues/tree/master/JENKINS-66828 due to the class that fails in your environment is a User property that does not have anything to do with the SAML configuration classes I'd recomment to remove all users folders at JENKISN_HOME/users/* and try again.

          ifernandezcalvo Ivan Fernandez Calvo added a comment - I cannot replicate it, in my test environment the JCasC works as expected https://github.com/kuisathaverat/jenkins-issues/tree/master/JENKINS-66828 due to the class that fails in your environment is a User property that does not have anything to do with the SAML configuration classes I'd recomment to remove all users folders at JENKISN_HOME/users/* and try again.

          People

            ifernandezcalvo Ivan Fernandez Calvo
            gcarnell Gabe Carnell
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: