Status: Closed (View Workflow)
Resolution: Not A Defect
We are using AWS SSO to login to jenkins through SAML2.0 plugin. As a part of security, we are trying to add groups in project based access. The requirement is :
AWS SSO is not synced with Jenkins group attribute (SAML 2.0). Every applications who will be using jenkins will have individual groups and they can only access particular project is we add the groups under project based matrix.
However, we are observing that groups are not getting added and also adding group, how individual project based can be accessed,
Ivan Fernandez Calvo made changes -
|Field||Original Value||New Value|
|Resolution||Not A Defect [ 7 ]|
|Status||Open [ 1 ]||Closed [ 6 ]|
SAML protocol does not sync any groups between Service Providers(SP), the Identity Provider(IdP) sends the authorization groups in the SAML response when the authentication success. The SAML plugin matches those groups with the existing groups on Jenkins, so you have to create and configure the groups that you want to match in Jenkins using the exact same group ID it is in the groups attribute in the SAML Response.
The group attribute can change between IdP vendors check the configuration settings to set the proper attribute your IdP send in the SAML Response.