-
Type:
Bug
-
Resolution: Fixed
-
Priority:
Blocker
-
Component/s: saml-plugin
-
Environment:saml 4.568.v78a_9a_db_8dc9b_
Jenkins Weekly 2.519
After upgrading to the latest SAML version, I get redirected to the SAML provider and back to Jenkins multiple times per second in an endless loop.Â
The Jenkins log reports no errors, but shows that the SAML data has been updated (multiple times per second).
Signature algorithm: http://www.w3.org/2001/04/xmldsig-more#rsa-sha256Signature canonicalization algorithm: http://www.w3.org/2001/10/xml-exc-c14n#Signature reference digest methods: http://www.w3.org/2001/04/xmlenc#sha2562025-07-22 09:07:32.482+0000 [id=31] INFO o.o.c.c.InitializationService#initialize: Initializing OpenSAML using the Java Services API2025-07-22 09:07:32.592+0000 [id=31] INFO o.p.s.config.SAML2Configuration#setCallbackUrl: Using service provider entity ID https://myjenkins.mycompany-rnd.com/securityRealm/finishLogin2025-07-22 09:07:32.593+0000 [id=31] INFO o.p.s.config.SAML2Configuration#initSignatureSigningConfiguration: Bootstrapped Blacklisted Algorithms2025-07-22 09:07:32.593+0000 [id=31] INFO o.p.s.config.SAML2Configuration#initSignatureSigningConfiguration: Bootstrapped Signature Algorithms2025-07-22 09:07:32.593+0000 [id=31] INFO o.p.s.config.SAML2Configuration#initSignatureSigningConfiguration: Bootstrapped Signature Reference Digest Methods2025-07-22 09:07:32.593+0000 [id=31] INFO o.p.s.config.SAML2Configuration#initSignatureSigningConfiguration: Bootstrapped Canonicalization Algorithm2025-07-22 09:07:32.608+0000 [id=31] INFO o.p.s.m.SAML2FileSystemMetadataGenerator#storeMetadata: Writing metadata to C:\Jenkins\saml-sp-metadata.xml2025-07-22 09:07:32.617+0000 [id=31] INFO o.o.s.m.r.i.AbstractReloadingMetadataResolver#processNonExpiredMetadata: FilesystemMetadataResolver org.opensaml.saml.metadata.resolver.impl.FilesystemMetadataResolver: New metadata successfully loaded for 'C:\Jenkins\saml-sp-metadata.xml'2025-07-22 09:07:32.618+0000 [id=31] INFO o.o.s.m.r.i.AbstractReloadingMetadataResolver#refresh: FilesystemMetadataResolver org.opensaml.saml.metadata.resolver.impl.FilesystemMetadataResolver: Next refresh cycle for metadata provider 'C:\Jenkins\saml-sp-metadata.xml' will occur on '2025-07-22T12:07:32.614036800Z' ('2025-07-22T14:07:32.614036800+02:00[Europe/Berlin]' local time)2025-07-22 09:07:32.744+0000 [id=31] INFO o.p.s.c.SAML2AuthenticationCredentials#<init>: Constructed SAML2 credentials: SAML2AuthenticationCredentials(nameId=SAML2AuthenticationCredentials.SAMLNameID(format=urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress, nameQualifier=null, spNameQualifier=null, spProviderId=null, value=username@mycompany.com), sessionIndex=_db4f8bf7-85ca-45ff-8440-955999b80800, attributes=[SAML2AuthenticationCredentials.SAMLAttribute(friendlyName=null, name=http://schemas.microsoft.com/identity/claims/tenantid, nameFormat=null, attributeValues=[ff009f2c-d651-472e-b73e-xxx894c6011e]), SAML2AuthenticationCredentials.SAMLAttribute(friendlyName=null, name=http://schemas.microsoft.com/identity/claims/objectidentifier, nameFormat=null, attributeValues=[64e66b3c-1ef4-4001-a6dc-bcfacc34b417]), SAML2AuthenticationCredentials.SAMLAttribute(friendlyName=null, name=http://schemas.microsoft.com/identity/claims/identityprovider, nameFormat=null, attributeValues=[https://sts.windows.net/ff009f2c-d651-472e-b73e-xxx894c6011e/]), SAML2AuthenticationCredentials.SAMLAttribute(friendlyName=null, name=http://schemas.microsoft.com/claims/authnmethodsreferences, nameFormat=null, attributeValues=[http://schemas.microsoft.com/ws/2008/06/identity/authenticationmethod/x509, http://schemas.microsoft.com/claims/multipleauthn]), SAML2AuthenticationCredentials.SAMLAttribute(friendlyName=null, name=displayname, nameFormat=null, attributeValues=[Firstname Lastname]), SAML2AuthenticationCredentials.SAMLAttribute(friendlyName=null, name=email, nameFormat=null, attributeValues=[username@mycompany.com]), SAML2AuthenticationCredentials.SAMLAttribute(friendlyName=null, name=username, nameFormat=null, attributeValues=[username@mycompany.com])], conditions=SAML2AuthenticationCredentials.SAMLConditions(notBefore=2025-07-22T09:02:32.184Z, notOnOrAfter=2025-07-22T10:07:32.184Z), issuerId=https://sts.windows.net/ff009f2c-d651-472e-b73e-xxx894c6011e/, authnContexts=[urn:oasis:names:tc:SAML:2.0:ac:classes:Unspecified], authnContextAuthorities=[], inResponseTo=_b01b7ee6b41748e69cd65801a4fe201a1dcad9d)2025-07-22 09:07:32.878+0000 [id=31] INFO o.o.c.c.InitializationService#initialize: Initializing OpenSAML using the Java Services API2025-07-22 09:07:33.011+0000 [id=31] INFO o.p.s.config.SAML2Configuration#setCallbackUrl: Using service provider entity ID https://myjenkins.mycompany-rnd.com/securityRealm/finishLogin2025-07-22 09:07:33.012+0000 [id=31] INFO o.p.s.config.SAML2Configuration#initSignatureSigningConfiguration: Bootstrapped Blacklisted Algorithms2025-07-22 09:07:33.012+0000 [id=31] INFO o.p.s.config.SAML2Configuration#initSignatureSigningConfiguration: Bootstrapped Signature Algorithms2025-07-22 09:07:33.012+0000 [id=31] INFO o.p.s.config.SAML2Configuration#initSignatureSigningConfiguration: Bootstrapped Signature Reference Digest Methods2025-07-22 09:07:33.012+0000 [id=31] INFO o.p.s.config.SAML2Configuration#initSignatureSigningConfiguration: Bootstrapped Canonicalization Algorithm2025-07-22 09:07:33.023+0000 [id=31] INFO o.p.s.m.SAML2FileSystemMetadataGenerator#storeMetadata: Writing metadata to C:\Jenkins\saml-sp-metadata.xml2025-07-22 09:07:33.047+0000 [id=31] INFO o.o.s.m.r.i.AbstractReloadingMetadataResolver#processNonExpiredMetadata: FilesystemMetadataResolver org.opensaml.saml.metadata.resolver.impl.FilesystemMetadataResolver: New metadata successfully loaded for 'C:\Jenkins\saml-sp-metadata.xml'2025-07-22 09:07:33.047+0000 [id=31] INFO o.o.s.m.r.i.AbstractReloadingMetadataResolver#refresh: FilesystemMetadataResolver org.opensaml.saml.metadata.resolver.impl.FilesystemMetadataResolver: Next refresh cycle for metadata provider 'C:\Jenkins\saml-sp-metadata.xml' will occur on '2025-07-22T12:07:33.044072300Z' ('2025-07-22T14:07:33.044072300+02:00[Europe/Berlin]' local time)2025-07-22 09:07:33.051+0000 [id=31] INFO o.p.s.c.DefaultSignatureSigningParametersProvider#build: Created signature signing parameters.
I was unable to login with the new plugin version installed. Downgrading to the former version 4.544.v264eea_ed3eed solved the issue.
This only happens on Jenkins Weekly 2.519 so far. Jenkins LTS 2.504.3 runs without any issues.
- links to
