-
Type:
Bug
-
Resolution: Not A Defect
-
Priority:
Major
-
Component/s: saml-plugin
-
None
Dear,
I am running a new Jenkins LTS installation for our test environment.Ā Ā
Jenkins version : Jenkins 2.361.3
SAML plugin : 2.333.vc81e525974a_c
Ā
After SAML configuration on Jenkins application, I'm getting the following error when performing a "log in".
I'm getting properly authenticated to the Azure AD Enterprise Application which redirects me to the following Jenkins page:
"
You are now logged out of Jenkins, however this has not logged you out of SAML.
"
Ā
Following the Jenkins troubleshooting page, I've created a Jenkins log recorder that listens onĀ
org.jenkinsci.plugins.saml (FINEST)
org.pac4j (FINE)
The following log events are captured
// code placeholder
Decoded SAML relay state of: https://test-jenkins.eurocontrol.int/securityRealm/finishLogin Nov 30, 2022 12:44:46 PMĀ FINEĀ org.pac4j.saml.transport.Pac4jHTTPPostDecoder doDecodeDecoded SAML message Nov 30, 2022 12:44:46 PMĀ SEVEREĀ org.pac4j.saml.sso.impl.SAML2AuthnResponseValidator validateSamlSSOResponseCurrent assertion validation failed, continue with the next one org.pac4j.saml.exceptions.SAMLSignatureValidationException: Signature is not trusted at org.pac4j.saml.profile.impl.AbstractSAML2ResponseValidator.validateSignature(AbstractSAML2ResponseValidator.java:147) at org.pac4j.saml.sso.impl.SAML2AuthnResponseValidator.validateAssertionSignature(SAML2AuthnResponseValidator.java:616) at org.pac4j.saml.sso.impl.SAML2AuthnResponseValidator.validateAssertion(SAML2AuthnResponseValidator.java:371) at org.pac4j.saml.sso.impl.SAML2AuthnResponseValidator.validateSamlSSOResponse(SAML2AuthnResponseValidator.java:293) at org.pac4j.saml.sso.impl.SAML2AuthnResponseValidator.validate(SAML2AuthnResponseValidator.java:140)
Ā
saml-idp-metadata.xml & saml-sp-metadata.xml are properly saved in the home folder of the Jenkins process
What causes this specific issue?Ā Why is the signature not trusted?Ā
