[JENKINS-66828] SAML settings wiped out on config load when using Configuration as Code plugin

Type: Bug
Resolution: Fixed
Priority: Major
Component/s: configuration-as-code-plugin, saml-plugin
Labels:
None
Environment:
Jenkins version: 2.303.2
Plugin versions: saml:2.0.8, configuration-as-code:1.54
OS: Ubuntu 20.04.3 LTS

Similar Issues:
Powered by SuggestiMate

Show
Released As:
saml-2.1.0

After configuring SAML settings and saving changes to my jcasc yaml file, the settings are wiped out and the following error is displayed when viewing the casc config via the GUI:

samlCustomProperty:
 attributes: |-
 FAILED TO EXPORT
 org.jenkinsci.plugins.saml.user.SamlCustomProperty#attributes: No configurator found for type class org.jenkinsci.plugins.saml.user.SamlCustomProperty$Attribute

config file for SAML in casc yaml looks like this:

securityRealm:
 saml:
 binding: "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
 displayNameAttributeName: "displayName"
 emailAttributeName: "Email"
 groupsAttributeName: "group"
 idpMetadataConfiguration:
 period: 0
 url: "https://xxxxxxxxx.okta.com/app/xxxxxxxxxxxxx/sso/saml/metadata"
 logoutUrl: "https://xxxxxxxxxx.okta.com"
 maximumAuthenticationLifetime: 31536000
 usernameCaseConversion: "none"

Ivan Fernandez Calvo added a comment - 2021-10-08 07:53 - edited

I try to understand all the steps you are following to replicate the error Are these the steps you do?

Start a Jenkins instance and install the SAML plugin
Configure the SAML plugin manually
Check that the configuration is valid and the Authentication works
Go to JCasC on the manage Jenkins and export the configuration (<--I guess your error is here)
Stop Jenkins
Copy the JCasC file to the Jenkins Home folder
Start Jenkins

In which of these steps do you see the error?

timja Any idea what this could be?

Ivan Fernandez Calvo added a comment - 2021-10-08 07:53 - edited I try to understand all the steps you are following to replicate the error Are these the steps you do? Start a Jenkins instance and install the SAML plugin Configure the SAML plugin manually Check that the configuration is valid and the Authentication works Go to JCasC on the manage Jenkins and export the configuration (<--I guess your error is here) Stop Jenkins Copy the JCasC file to the Jenkins Home folder Start Jenkins In which of these steps do you see the error? timja Any idea what this could be?

Tim Jacomb added a comment - 2021-10-08 14:32

Attribute is not a describe-able https://github.com/jenkinsci/saml-plugin/blob/master/src/main/java/org/jenkinsci/plugins/saml/user/SamlCustomProperty.java#L45

Tim Jacomb added a comment - 2021-10-08 14:32 Attribute is not a describe-able https://github.com/jenkinsci/saml-plugin/blob/master/src/main/java/org/jenkinsci/plugins/saml/user/SamlCustomProperty.java#L45

Gabe Carnell added a comment - 2021-10-08 15:30

ifernandezcalvo, the error occurs after I reload the JCasC config by restarting Jenkins. After the server comes back up SAML is no longer configured in the Configure Global Security screen, and when I view the JCasC config I see the "No configurator found" error message.

Gabe Carnell added a comment - 2021-10-08 15:30 ifernandezcalvo , the error occurs after I reload the JCasC config by restarting Jenkins. After the server comes back up SAML is no longer configured in the Configure Global Security screen, and when I view the JCasC config I see the "No configurator found" error message.

Ivan Fernandez Calvo added a comment - 2021-11-13 12:52

I am trying to replicate it locally but I cannot on Jenkins core 2.277 and the SAML plugin from sources, I will try with Jenkins core 2.303.2, what it is weir for me it is that fails on the class "org.jenkinsci.plugins.saml.user.SamlCustomProperty", this class is used to save a custom property in the user, it is not used on the configuration classes so I dunno why it is used in the JCasC load it should not.

jenkins:
  securityRealm:
    saml:
      binding: "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
      displayNameAttributeName: "displayName"
      emailAttributeName: "mail"
      encryptionData:
        forceSignRedirectBindingAuthnRequest: false
        wantsAssertionsSigned: false
      groupsAttributeName: "groups"
      idpMetadataConfiguration:
        period: 0
        url: "http://127.0.0.1:58080/simplesaml/saml2/idp/metadata.php"
      maximumAuthenticationLifetime: 86400
      usernameAttributeName: "uid"
      usernameCaseConversion: "none"

Ivan Fernandez Calvo added a comment - 2021-11-13 12:52 I am trying to replicate it locally but I cannot on Jenkins core 2.277 and the SAML plugin from sources, I will try with Jenkins core 2.303.2, what it is weir for me it is that fails on the class "org.jenkinsci.plugins.saml.user.SamlCustomProperty", this class is used to save a custom property in the user, it is not used on the configuration classes so I dunno why it is used in the JCasC load it should not. jenkins: securityRealm: saml: binding: "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" displayNameAttributeName: "displayName" emailAttributeName: "mail" encryptionData: forceSignRedirectBindingAuthnRequest: false wantsAssertionsSigned: false groupsAttributeName: "groups" idpMetadataConfiguration: period: 0 url: "http: //127.0.0.1:58080/simplesaml/saml2/idp/metadata.php" maximumAuthenticationLifetime: 86400 usernameAttributeName: "uid" usernameCaseConversion: "none"

Ivan Fernandez Calvo added a comment - 2021-11-13 13:43

I cannot replicate it, in my test environment the JCasC works as expected https://github.com/kuisathaverat/jenkins-issues/tree/master/JENKINS-66828 due to the class that fails in your environment is a User property that does not have anything to do with the SAML configuration classes I'd recomment to remove all users folders at JENKISN_HOME/users/* and try again.

Ivan Fernandez Calvo added a comment - 2021-11-13 13:43 I cannot replicate it, in my test environment the JCasC works as expected https://github.com/kuisathaverat/jenkins-issues/tree/master/JENKINS-66828 due to the class that fails in your environment is a User property that does not have anything to do with the SAML configuration classes I'd recomment to remove all users folders at JENKISN_HOME/users/* and try again.

Assignee:: Ivan Fernandez Calvo

Reporter:: Gabe Carnell

Votes:: 0 Vote for this issue

Watchers:: 4 Start watching this issue

Created:: 2021-10-07 22:10

Updated:: 2022-01-21 10:49

Resolved:: 2022-01-21 10:49

Details

Description

Attachments

Activity

Collapse comment: Ivan Fernandez Calvo added a comment - 2021-10-08 07:53, Edited by Ivan Fernandez Calvo - 2021-10-08 07:56

Expand comment: Ivan Fernandez Calvo added a comment - 2021-10-08 07:53, Edited by Ivan Fernandez Calvo - 2021-10-08 07:56

Collapse comment: Tim Jacomb added a comment - 2021-10-08 14:32

Expand comment: Tim Jacomb added a comment - 2021-10-08 14:32

Collapse comment: Gabe Carnell added a comment - 2021-10-08 15:30

Expand comment: Gabe Carnell added a comment - 2021-10-08 15:30

Collapse comment: Ivan Fernandez Calvo added a comment - 2021-11-13 12:52

Expand comment: Ivan Fernandez Calvo added a comment - 2021-11-13 12:52

Collapse comment: Ivan Fernandez Calvo added a comment - 2021-11-13 13:43

Expand comment: Ivan Fernandez Calvo added a comment - 2021-11-13 13:43

People

Dates