saml-plugin
Oct 12, 2022 10:27:25 AM FINE org.jenkinsci.plugins.saml.SamlSecurityRealm
SamlSecurityRealm.doCommenceLogin called. Using consumerServiceUrl https://jenkins-ei.redacted.com/securityRealm/finishLogin
Oct 12, 2022 10:27:25 AM FINE org.jenkinsci.plugins.saml.SamlSecurityRealm
Safe URL redirection: /samlLogout/
Oct 12, 2022 10:27:25 AM FINEST org.jenkinsci.plugins.saml.OpenSAMLWrapper
adapt TCCL
Oct 12, 2022 10:27:25 AM FINE org.pac4j.core.util.InitializableObject init
Initializing: SAML2Client (nb: 0, last: null)
Oct 12, 2022 10:27:25 AM INFO org.pac4j.saml.config.SAML2Configuration setCallbackUrl
Using service provider entity ID jenkins-ei
Oct 12, 2022 10:27:25 AM FINE org.pac4j.core.util.InitializableObject init
Initializing: SAML2Configuration (nb: 0, last: null)
Oct 12, 2022 10:27:25 AM INFO org.pac4j.saml.config.SAML2Configuration initSignatureSigningConfiguration
Bootstrapped Blacklisted Algorithms
Oct 12, 2022 10:27:25 AM INFO org.pac4j.saml.config.SAML2Configuration initSignatureSigningConfiguration
Bootstrapped Signature Algorithms
Oct 12, 2022 10:27:25 AM INFO org.pac4j.saml.config.SAML2Configuration initSignatureSigningConfiguration
Bootstrapped Signature Reference Digest Methods
Oct 12, 2022 10:27:25 AM INFO org.pac4j.saml.config.SAML2Configuration initSignatureSigningConfiguration
Bootstrapped Canonicalization Algorithm
Oct 12, 2022 10:27:25 AM FINE org.pac4j.saml.metadata.keystore.SAML2FileSystemKeystoreGenerator retrieve
Retrieving keystore from file [/var/jenkins_home/saml-jenkins-keystore.jks]
Oct 12, 2022 10:27:25 AM FINE org.pac4j.saml.crypto.KeyStoreCredentialProvider loadKeyStore
Loading keystore with type JKS
Oct 12, 2022 10:27:25 AM FINE org.pac4j.saml.crypto.KeyStoreCredentialProvider loadKeyStore
Loaded keystore with type JKS with size 1
Oct 12, 2022 10:27:25 AM FINE org.pac4j.saml.metadata.SAML2IdentityProviderMetadataResolver hasChanged
lastModified: -1 / newLastModified: 1665584682106 -> hasChanged: true
Oct 12, 2022 10:27:25 AM FINE org.pac4j.saml.metadata.keystore.SAML2FileSystemKeystoreGenerator retrieve
Retrieving keystore from file [/var/jenkins_home/saml-jenkins-keystore.jks]
Oct 12, 2022 10:27:25 AM FINE org.pac4j.saml.crypto.KeyStoreCredentialProvider loadKeyStore
Loading keystore with type JKS
Oct 12, 2022 10:27:26 AM FINE org.pac4j.saml.crypto.KeyStoreCredentialProvider loadKeyStore
Loaded keystore with type JKS with size 1
Oct 12, 2022 10:27:26 AM INFO org.pac4j.saml.metadata.SAML2FileSystemMetadataGenerator storeMetadata
Writing metadata to /var/jenkins_home/saml-sp-metadata.xml
Oct 12, 2022 10:27:26 AM FINE org.pac4j.saml.metadata.SAML2FileSystemMetadataGenerator storeMetadata
Attempting to create directory structure for: /var/jenkins_home
Oct 12, 2022 10:27:26 AM FINE org.pac4j.saml.metadata.keystore.SAML2FileSystemKeystoreGenerator retrieve
Retrieving keystore from file [/var/jenkins_home/saml-jenkins-keystore.jks]
Oct 12, 2022 10:27:26 AM FINE org.pac4j.saml.crypto.KeyStoreCredentialProvider loadKeyStore
Loading keystore with type JKS
Oct 12, 2022 10:27:26 AM FINE org.pac4j.saml.crypto.KeyStoreCredentialProvider loadKeyStore
Loaded keystore with type JKS with size 1
Oct 12, 2022 10:27:26 AM FINE org.jenkinsci.plugins.saml.OpenSAMLWrapper
redactedredactedurn:oasis:names:tc:SAML:2.0:nameid-format:transienturn:oasis:names:tc:SAML:2.0:nameid-format:persistenturn:oasis:names:tc:SAML:1.1:nameid-format:emailAddressurn:oasis:names:tc:SAML:1.1:nameid-format:unspecified
Oct 12, 2022 10:27:26 AM FINE org.pac4j.jee.context.session.JEESessionStore getNativeSession
createSession: false, retrieved session: Session@616a2fb{id=node01tdbtmlyewjhb17xlkh87gttfd27179,x=node01tdbtmlyewjhb17xlkh87gttfd27179.node0,req=1,res=true}
Oct 12, 2022 10:27:26 AM FINE org.pac4j.jee.context.session.JEESessionStore get
Get value: null for key: SAML2Client$attemptedAuthentication
Oct 12, 2022 10:27:26 AM FINE org.pac4j.saml.context.SAML2ContextProvider addTransportContext
Creating message store by org.pac4j.saml.store.EmptyStoreFactory
Oct 12, 2022 10:27:26 AM FINE org.pac4j.saml.metadata.SAML2IdentityProviderMetadataResolver hasChanged
lastModified: 1665584682106 / newLastModified: 1665584682106 -> hasChanged: false
Oct 12, 2022 10:27:26 AM FINE org.pac4j.saml.metadata.SAML2IdentityProviderMetadataResolver hasChanged
lastModified: 1665584682106 / newLastModified: 1665584682106 -> hasChanged: false
Oct 12, 2022 10:27:26 AM FINE org.pac4j.saml.metadata.SAML2IdentityProviderMetadataResolver hasChanged
lastModified: 1665584682106 / newLastModified: 1665584682106 -> hasChanged: false
Oct 12, 2022 10:27:26 AM FINE org.pac4j.saml.metadata.SAML2IdentityProviderMetadataResolver hasChanged
lastModified: 1665584682106 / newLastModified: 1665584682106 -> hasChanged: false
Oct 12, 2022 10:27:26 AM FINE org.pac4j.jee.context.session.JEESessionStore getNativeSession
createSession: false, retrieved session: Session@616a2fb{id=node01tdbtmlyewjhb17xlkh87gttfd27179,x=node01tdbtmlyewjhb17xlkh87gttfd27179.node0,req=1,res=true}
Oct 12, 2022 10:27:26 AM FINE org.pac4j.jee.context.session.JEESessionStore get
Get value: null for key: samlRelayState
Oct 12, 2022 10:27:26 AM FINE org.pac4j.saml.metadata.keystore.SAML2FileSystemKeystoreGenerator retrieve
Retrieving keystore from file [/var/jenkins_home/saml-jenkins-keystore.jks]
Oct 12, 2022 10:27:26 AM FINE org.pac4j.saml.crypto.KeyStoreCredentialProvider loadKeyStore
Loading keystore with type JKS
Oct 12, 2022 10:27:26 AM FINE org.pac4j.saml.crypto.KeyStoreCredentialProvider loadKeyStore
Loaded keystore with type JKS with size 1
Oct 12, 2022 10:27:26 AM INFO org.pac4j.saml.crypto.DefaultSignatureSigningParametersProvider build
Created signature signing parameters.
Signature algorithm: http://www.w3.org/2001/04/xmldsig-more#rsa-sha256
Signature canonicalization algorithm: http://www.w3.org/2001/10/xml-exc-c14n#
Signature reference digest methods: http://www.w3.org/2001/04/xmlenc#sha256
Oct 12, 2022 10:27:26 AM FINE org.pac4j.saml.transport.Pac4jHTTPPostEncoder doInitialize
Initialized Pac4jHTTPPostEncoder
Oct 12, 2022 10:27:26 AM FINE org.pac4j.saml.transport.Pac4jHTTPPostEncoder postEncode
Invoking Velocity template to create POST body
Oct 12, 2022 10:27:26 AM FINE org.pac4j.saml.transport.Pac4jHTTPPostEncoder populateVelocityContext
Encoding action url of 'https://login.microsoftonline.com/redacted-uuid/saml2' with encoded value 'https://login.microsoftonline.com/redacted-uuid/saml2'
Oct 12, 2022 10:27:26 AM FINE org.pac4j.saml.transport.Pac4jHTTPPostEncoder populateVelocityContext
Marshalling and Base64 encoding SAML message
Oct 12, 2022 10:27:26 AM FINE org.pac4j.saml.transport.Pac4jHTTPPostEncoder marshallMessage
Marshalling message
Oct 12, 2022 10:27:26 AM FINE org.pac4j.saml.transport.Pac4jHTTPPostEncoder populateVelocityContext
Setting RelayState parameter to: 'https://jenkins-ei.redacted.com/securityRealm/finishLogin', encoded as 'https://jenkins-ei.redacted.com/securityRealm/finishLogin'
Oct 12, 2022 10:27:26 AM FINEST org.jenkinsci.plugins.saml.OpenSAMLWrapper
reset TCCL
Oct 12, 2022 10:27:26 AM FINE org.jenkinsci.plugins.saml.SamlSecurityRealm
SUCCESS :
Oct 12, 2022 10:27:26 AM FINE org.jenkinsci.plugins.saml.SamlCrumbExclusion
SamlCrumbExclusion.shouldExclude excluding '/securityRealm/finishLogin'
Oct 12, 2022 10:27:26 AM FINER org.jenkinsci.plugins.saml.SamlSecurityRealm
SamlSecurityRealm.doFinishLogin called
Oct 12, 2022 10:27:26 AM FINEST org.jenkinsci.plugins.saml.SamlSecurityRealm
Invalidate previous session
Oct 12, 2022 10:27:26 AM FINEST org.jenkinsci.plugins.saml.SamlSecurityRealm
SAMLResponse XML:>>
Oct 12, 2022 10:27:26 AM FINEST org.jenkinsci.plugins.saml.OpenSAMLWrapper
adapt TCCL
Oct 12, 2022 10:27:26 AM FINE org.pac4j.core.util.InitializableObject init
Initializing: SAML2Client (nb: 0, last: null)
Oct 12, 2022 10:27:26 AM INFO org.pac4j.saml.config.SAML2Configuration setCallbackUrl
Using service provider entity ID jenkins-ei
Oct 12, 2022 10:27:26 AM FINE org.pac4j.core.util.InitializableObject init
Initializing: SAML2Configuration (nb: 0, last: null)
Oct 12, 2022 10:27:26 AM INFO org.pac4j.saml.config.SAML2Configuration initSignatureSigningConfiguration
Bootstrapped Blacklisted Algorithms
Oct 12, 2022 10:27:26 AM INFO org.pac4j.saml.config.SAML2Configuration initSignatureSigningConfiguration
Bootstrapped Signature Algorithms
Oct 12, 2022 10:27:26 AM INFO org.pac4j.saml.config.SAML2Configuration initSignatureSigningConfiguration
Bootstrapped Signature Reference Digest Methods
Oct 12, 2022 10:27:26 AM INFO org.pac4j.saml.config.SAML2Configuration initSignatureSigningConfiguration
Bootstrapped Canonicalization Algorithm
Oct 12, 2022 10:27:26 AM FINE org.pac4j.saml.metadata.keystore.SAML2FileSystemKeystoreGenerator retrieve
Retrieving keystore from file [/var/jenkins_home/saml-jenkins-keystore.jks]
Oct 12, 2022 10:27:26 AM FINE org.pac4j.saml.crypto.KeyStoreCredentialProvider loadKeyStore
Loading keystore with type JKS
Oct 12, 2022 10:27:26 AM FINE org.pac4j.saml.crypto.KeyStoreCredentialProvider loadKeyStore
Loaded keystore with type JKS with size 1
Oct 12, 2022 10:27:26 AM FINE org.pac4j.saml.metadata.SAML2IdentityProviderMetadataResolver hasChanged
lastModified: -1 / newLastModified: 1665584682106 -> hasChanged: true
Oct 12, 2022 10:27:26 AM FINE org.pac4j.saml.metadata.keystore.SAML2FileSystemKeystoreGenerator retrieve
Retrieving keystore from file [/var/jenkins_home/saml-jenkins-keystore.jks]
Oct 12, 2022 10:27:26 AM FINE org.pac4j.saml.crypto.KeyStoreCredentialProvider loadKeyStore
Loading keystore with type JKS
Oct 12, 2022 10:27:26 AM FINE org.pac4j.saml.crypto.KeyStoreCredentialProvider loadKeyStore
Loaded keystore with type JKS with size 1
Oct 12, 2022 10:27:26 AM INFO org.pac4j.saml.metadata.SAML2FileSystemMetadataGenerator storeMetadata
Writing metadata to /var/jenkins_home/saml-sp-metadata.xml
Oct 12, 2022 10:27:26 AM FINE org.pac4j.saml.metadata.SAML2FileSystemMetadataGenerator storeMetadata
Attempting to create directory structure for: /var/jenkins_home
Oct 12, 2022 10:27:26 AM FINE org.pac4j.saml.metadata.keystore.SAML2FileSystemKeystoreGenerator retrieve
Retrieving keystore from file [/var/jenkins_home/saml-jenkins-keystore.jks]
Oct 12, 2022 10:27:26 AM FINE org.pac4j.saml.crypto.KeyStoreCredentialProvider loadKeyStore
Loading keystore with type JKS
Oct 12, 2022 10:27:26 AM FINE org.pac4j.saml.crypto.KeyStoreCredentialProvider loadKeyStore
Loaded keystore with type JKS with size 1
Oct 12, 2022 10:27:27 AM FINE org.jenkinsci.plugins.saml.OpenSAMLWrapper
redactedredactedurn:oasis:names:tc:SAML:2.0:nameid-format:transienturn:oasis:names:tc:SAML:2.0:nameid-format:persistenturn:oasis:names:tc:SAML:1.1:nameid-format:emailAddressurn:oasis:names:tc:SAML:1.1:nameid-format:unspecified
Oct 12, 2022 10:27:27 AM FINE org.pac4j.saml.context.SAML2ContextProvider addTransportContext
Creating message store by org.pac4j.saml.store.EmptyStoreFactory
Oct 12, 2022 10:27:27 AM FINE org.pac4j.saml.metadata.SAML2IdentityProviderMetadataResolver hasChanged
lastModified: 1665584682106 / newLastModified: 1665584682106 -> hasChanged: false
Oct 12, 2022 10:27:27 AM FINE org.pac4j.saml.metadata.SAML2IdentityProviderMetadataResolver hasChanged
lastModified: 1665584682106 / newLastModified: 1665584682106 -> hasChanged: false
Oct 12, 2022 10:27:27 AM FINE org.pac4j.saml.metadata.SAML2IdentityProviderMetadataResolver hasChanged
lastModified: 1665584682106 / newLastModified: 1665584682106 -> hasChanged: false
Oct 12, 2022 10:27:27 AM FINE org.pac4j.saml.metadata.SAML2IdentityProviderMetadataResolver hasChanged
lastModified: 1665584682106 / newLastModified: 1665584682106 -> hasChanged: false
Oct 12, 2022 10:27:27 AM FINE org.pac4j.saml.transport.AbstractPac4jDecoder doInitialize
Initialized Pac4jHTTPPostDecoder
Oct 12, 2022 10:27:27 AM FINE org.pac4j.saml.transport.Pac4jHTTPPostDecoder doDecode
Decoded SAML relay state of: https://jenkins-ei.redacted.com/securityRealm/finishLogin
Oct 12, 2022 10:27:27 AM FINE org.pac4j.saml.transport.Pac4jHTTPPostDecoder doDecode
Decoded SAML message
Oct 12, 2022 10:27:27 AM FINE org.pac4j.saml.metadata.SAML2IdentityProviderMetadataResolver hasChanged
lastModified: 1665584682106 / newLastModified: 1665584682106 -> hasChanged: false
Oct 12, 2022 10:27:27 AM FINE org.pac4j.saml.profile.impl.AbstractSAML2ResponseValidator validateSignatureIfItExists
Cannot locate a signature from the message; skipping validation
Oct 12, 2022 10:27:27 AM FINE org.pac4j.saml.profile.impl.AbstractSAML2ResponseValidator validateIssuer
Comparing issuer https://sts.windows.net/redacted-uuid/ against https://sts.windows.net/redacted-uuid/
Oct 12, 2022 10:27:27 AM FINE org.pac4j.saml.profile.impl.AbstractSAML2ResponseValidator validateIssuer
Comparing issuer https://sts.windows.net/redacted-uuid/ against https://sts.windows.net/redacted-uuid/
Oct 12, 2022 10:27:27 AM WARNING org.pac4j.saml.profile.impl.AbstractSAML2ResponseValidator isDateValid
interval=30,before=2022-10-12T14:32:27.008632Z,after=2022-10-12T14:21:57.008632Z,issueInstant=2022-10-04T16:45:00.088Z
Oct 12, 2022 10:27:27 AM SEVERE org.pac4j.saml.sso.impl.SAML2AuthnResponseValidator validateSamlSSOResponse
Current assertion validation failed, continue with the next one
org.pac4j.saml.exceptions.SAMLAuthnInstantException: Authentication issue instant is too old or in the future
at org.pac4j.saml.sso.impl.SAML2AuthnResponseValidator.validateAuthenticationStatements(SAML2AuthnResponseValidator.java:623)
at org.pac4j.saml.sso.impl.SAML2AuthnResponseValidator.validateAssertion(SAML2AuthnResponseValidator.java:390)
at org.pac4j.saml.sso.impl.SAML2AuthnResponseValidator.validateSamlSSOResponse(SAML2AuthnResponseValidator.java:303)
at org.pac4j.saml.sso.impl.SAML2AuthnResponseValidator.validate(SAML2AuthnResponseValidator.java:97)
at org.pac4j.saml.profile.impl.AbstractSAML2MessageReceiver.receiveMessage(AbstractSAML2MessageReceiver.java:53)
at org.pac4j.saml.sso.impl.SAML2WebSSOProfileHandler.receive(SAML2WebSSOProfileHandler.java:35)
at org.pac4j.saml.credentials.extractor.SAML2CredentialsExtractor.receiveLogin(SAML2CredentialsExtractor.java:71)
at org.pac4j.saml.credentials.extractor.SAML2CredentialsExtractor.extract(SAML2CredentialsExtractor.java:66)
at org.pac4j.core.client.BaseClient.retrieveCredentials(BaseClient.java:71)
at org.pac4j.core.client.IndirectClient.getCredentials(IndirectClient.java:145)
at org.jenkinsci.plugins.saml.SamlProfileWrapper.process(SamlProfileWrapper.java:56)
at org.jenkinsci.plugins.saml.SamlProfileWrapper.process(SamlProfileWrapper.java:35)
at org.jenkinsci.plugins.saml.OpenSAMLWrapper.get(OpenSAMLWrapper.java:68)
at org.jenkinsci.plugins.saml.SamlSecurityRealm.doFinishLogin(SamlSecurityRealm.java:318)
at java.base/java.lang.invoke.MethodHandle.invokeWithArguments(MethodHandle.java:710)
at org.kohsuke.stapler.Function$MethodFunction.invoke(Function.java:397)
at org.kohsuke.stapler.Function$InstanceFunction.invoke(Function.java:409)
at org.kohsuke.stapler.interceptor.RequirePOST$Processor.invoke(RequirePOST.java:78)
at org.kohsuke.stapler.PreInvokeInterceptedFunction.invoke(PreInvokeInterceptedFunction.java:26)
at org.kohsuke.stapler.Function.bindAndInvoke(Function.java:207)
at org.kohsuke.stapler.Function.bindAndInvokeAndServeResponse(Function.java:140)
at org.kohsuke.stapler.MetaClass$11.doDispatch(MetaClass.java:558)
at org.kohsuke.stapler.NameBasedDispatcher.dispatch(NameBasedDispatcher.java:59)
at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:762)
at org.kohsuke.stapler.Stapler.invoke(Stapler.java:894)
at org.kohsuke.stapler.MetaClass$2.doDispatch(MetaClass.java:224)
at org.kohsuke.stapler.NameBasedDispatcher.dispatch(NameBasedDispatcher.java:59)
at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:762)
at org.kohsuke.stapler.Stapler.invoke(Stapler.java:894)
at org.kohsuke.stapler.Stapler.invoke(Stapler.java:690)
at org.kohsuke.stapler.Stapler.service(Stapler.java:240)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:590)
at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:764)
at org.eclipse.jetty.servlet.ServletHandler$ChainEnd.doFilter(ServletHandler.java:1665)
at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:157)
at org.jenkinsci.plugins.ssegateway.Endpoint$SSEListenChannelFilter.doFilter(Endpoint.java:248)
at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:154)
at jenkins.telemetry.impl.UserLanguages$AcceptLanguageFilter.doFilter(UserLanguages.java:129)
at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:154)
at hudson.plugins.audit_trail.AuditTrailFilter.doFilter(AuditTrailFilter.java:112)
at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:154)
at jenkins.security.ResourceDomainFilter.doFilter(ResourceDomainFilter.java:81)
at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:154)
at io.jenkins.blueocean.ResourceCacheControl.doFilter(ResourceCacheControl.java:134)
at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:154)
at io.jenkins.blueocean.auth.jwt.impl.JwtAuthenticationFilter.doFilter(JwtAuthenticationFilter.java:60)
at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:154)
at jenkins.metrics.impl.MetricsFilter.doFilter(MetricsFilter.java:125)
at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:154)
at hudson.util.PluginServletFilter.doFilter(PluginServletFilter.java:160)
at org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:202)
at org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1635)
at org.jenkinsci.plugins.saml.SamlCrumbExclusion.process(SamlCrumbExclusion.java:25)
at hudson.security.csrf.CrumbFilter.doFilter(CrumbFilter.java:128)
at org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:202)
at org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1635)
at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:94)
at jenkins.security.AcegiSecurityExceptionFilter.doFilter(AcegiSecurityExceptionFilter.java:52)
at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:99)
at hudson.security.UnwrapSecurityExceptionFilter.doFilter(UnwrapSecurityExceptionFilter.java:54)
at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:99)
at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:122)
at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:116)
at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:99)
at org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:109)
at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:99)
at org.springframework.security.web.authentication.rememberme.RememberMeAuthenticationFilter.doFilter(RememberMeAuthenticationFilter.java:141)
at org.springframework.security.web.authentication.rememberme.RememberMeAuthenticationFilter.doFilter(RememberMeAuthenticationFilter.java:97)
at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:99)
at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:223)
at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:217)
at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:99)
at jenkins.security.BasicHeaderProcessor.doFilter(BasicHeaderProcessor.java:97)
at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:99)
at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:112)
at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:82)
at hudson.security.HttpSessionContextIntegrationFilter2.doFilter(HttpSessionContextIntegrationFilter2.java:63)
at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:99)
at hudson.security.ChainedServletFilter.doFilter(ChainedServletFilter.java:111)
at hudson.security.HudsonFilter.doFilter(HudsonFilter.java:172)
at org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:202)
at org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1635)
at org.kohsuke.stapler.compression.CompressionFilter.doFilter(CompressionFilter.java:53)
at org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:202)
at org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1635)
at hudson.util.CharacterEncodingFilter.doFilter(CharacterEncodingFilter.java:86)
at org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:202)
at org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1635)
at org.kohsuke.stapler.DiagnosticThreadNameFilter.doFilter(DiagnosticThreadNameFilter.java:30)
at org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:202)
at org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1635)
at jenkins.security.SuspiciousRequestFilter.doFilter(SuspiciousRequestFilter.java:38)
at org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:202)
at org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1635)
at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:527)
at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:131)
at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:549)
at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:122)
at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:223)
at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:1571)
at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:221)
at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1383)
at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:176)
at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:484)
at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:1544)
at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:174)
at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1305)
at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:129)
at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:122)
at org.eclipse.jetty.server.Server.handle(Server.java:563)
at org.eclipse.jetty.server.HttpChannel.lambda$handle$0(HttpChannel.java:505)
at org.eclipse.jetty.server.HttpChannel.dispatch(HttpChannel.java:762)
at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:497)
at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:282)
at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:314)
at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:100)
at org.eclipse.jetty.io.SelectableChannelEndPoint$1.run(SelectableChannelEndPoint.java:53)
at org.eclipse.jetty.util.thread.strategy.AdaptiveExecutionStrategy.runTask(AdaptiveExecutionStrategy.java:421)
at org.eclipse.jetty.util.thread.strategy.AdaptiveExecutionStrategy.consumeTask(AdaptiveExecutionStrategy.java:390)
at org.eclipse.jetty.util.thread.strategy.AdaptiveExecutionStrategy.tryProduce(AdaptiveExecutionStrategy.java:277)
at org.eclipse.jetty.util.thread.strategy.AdaptiveExecutionStrategy.lambda$new$0(AdaptiveExecutionStrategy.java:139)
at org.eclipse.jetty.util.thread.ReservedThreadExecutor$ReservedThread.run(ReservedThreadExecutor.java:411)
at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:933)
at org.eclipse.jetty.util.thread.QueuedThreadPool$Runner.run(QueuedThreadPool.java:1077)
at java.base/java.lang.Thread.run(Thread.java:829)
Oct 12, 2022 10:27:27 AM FINEST org.jenkinsci.plugins.saml.OpenSAMLWrapper
reset TCCL
Oct 12, 2022 10:27:27 AM WARNING org.jenkinsci.plugins.saml.SamlSecurityRealm doFinishLogin
Unable to validate the SAML Response: Authentication issue instant is too old or in the future
For more info check 'Maximum Authentication Lifetime' at https://github.com/jenkinsci/saml-plugin/blob/master/doc/CONFIGURE.md#configuring-plugin-settings
If you have issues check the troubleshoting guide at https://github.com/jenkinsci/saml-plugin/blob/master/doc/TROUBLESHOOTING.md
org.pac4j.saml.exceptions.SAMLAuthnInstantException: Authentication issue instant is too old or in the future
at org.pac4j.saml.sso.impl.SAML2AuthnResponseValidator.validateAuthenticationStatements(SAML2AuthnResponseValidator.java:623)
at org.pac4j.saml.sso.impl.SAML2AuthnResponseValidator.validateAssertion(SAML2AuthnResponseValidator.java:390)
at org.pac4j.saml.sso.impl.SAML2AuthnResponseValidator.validateSamlSSOResponse(SAML2AuthnResponseValidator.java:303)
at org.pac4j.saml.sso.impl.SAML2AuthnResponseValidator.validate(SAML2AuthnResponseValidator.java:97)
at org.pac4j.saml.profile.impl.AbstractSAML2MessageReceiver.receiveMessage(AbstractSAML2MessageReceiver.java:53)
at org.pac4j.saml.sso.impl.SAML2WebSSOProfileHandler.receive(SAML2WebSSOProfileHandler.java:35)
at org.pac4j.saml.credentials.extractor.SAML2CredentialsExtractor.receiveLogin(SAML2CredentialsExtractor.java:71)
at org.pac4j.saml.credentials.extractor.SAML2CredentialsExtractor.extract(SAML2CredentialsExtractor.java:66)
at org.pac4j.core.client.BaseClient.retrieveCredentials(BaseClient.java:71)
at org.pac4j.core.client.IndirectClient.getCredentials(IndirectClient.java:145)
at org.jenkinsci.plugins.saml.SamlProfileWrapper.process(SamlProfileWrapper.java:56)
Caused: org.springframework.security.authentication.BadCredentialsException: Authentication issue instant is too old or in the future
at org.jenkinsci.plugins.saml.SamlProfileWrapper.process(SamlProfileWrapper.java:61)
at org.jenkinsci.plugins.saml.SamlProfileWrapper.process(SamlProfileWrapper.java:35)
at org.jenkinsci.plugins.saml.OpenSAMLWrapper.get(OpenSAMLWrapper.java:68)
at org.jenkinsci.plugins.saml.SamlSecurityRealm.doFinishLogin(SamlSecurityRealm.java:318)
at java.base/java.lang.invoke.MethodHandle.invokeWithArguments(MethodHandle.java:710)
at org.kohsuke.stapler.Function$MethodFunction.invoke(Function.java:397)
at org.kohsuke.stapler.Function$InstanceFunction.invoke(Function.java:409)
at org.kohsuke.stapler.interceptor.RequirePOST$Processor.invoke(RequirePOST.java:78)
at org.kohsuke.stapler.PreInvokeInterceptedFunction.invoke(PreInvokeInterceptedFunction.java:26)
at org.kohsuke.stapler.Function.bindAndInvoke(Function.java:207)
at org.kohsuke.stapler.Function.bindAndInvokeAndServeResponse(Function.java:140)
at org.kohsuke.stapler.MetaClass$11.doDispatch(MetaClass.java:558)
at org.kohsuke.stapler.NameBasedDispatcher.dispatch(NameBasedDispatcher.java:59)
at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:762)
at org.kohsuke.stapler.Stapler.invoke(Stapler.java:894)
at org.kohsuke.stapler.MetaClass$2.doDispatch(MetaClass.java:224)
at org.kohsuke.stapler.NameBasedDispatcher.dispatch(NameBasedDispatcher.java:59)
at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:762)
at org.kohsuke.stapler.Stapler.invoke(Stapler.java:894)
at org.kohsuke.stapler.Stapler.invoke(Stapler.java:690)
at org.kohsuke.stapler.Stapler.service(Stapler.java:240)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:590)
at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:764)
at org.eclipse.jetty.servlet.ServletHandler$ChainEnd.doFilter(ServletHandler.java:1665)
at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:157)
at org.jenkinsci.plugins.ssegateway.Endpoint$SSEListenChannelFilter.doFilter(Endpoint.java:248)
at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:154)
at jenkins.telemetry.impl.UserLanguages$AcceptLanguageFilter.doFilter(UserLanguages.java:129)
at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:154)
at hudson.plugins.audit_trail.AuditTrailFilter.doFilter(AuditTrailFilter.java:112)
at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:154)
at jenkins.security.ResourceDomainFilter.doFilter(ResourceDomainFilter.java:81)
at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:154)
at io.jenkins.blueocean.ResourceCacheControl.doFilter(ResourceCacheControl.java:134)
at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:154)
at io.jenkins.blueocean.auth.jwt.impl.JwtAuthenticationFilter.doFilter(JwtAuthenticationFilter.java:60)
at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:154)
at jenkins.metrics.impl.MetricsFilter.doFilter(MetricsFilter.java:125)
at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:154)
at hudson.util.PluginServletFilter.doFilter(PluginServletFilter.java:160)
at org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:202)
at org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1635)
at org.jenkinsci.plugins.saml.SamlCrumbExclusion.process(SamlCrumbExclusion.java:25)
at hudson.security.csrf.CrumbFilter.doFilter(CrumbFilter.java:128)
at org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:202)
at org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1635)
at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:94)
at jenkins.security.AcegiSecurityExceptionFilter.doFilter(AcegiSecurityExceptionFilter.java:52)
at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:99)
at hudson.security.UnwrapSecurityExceptionFilter.doFilter(UnwrapSecurityExceptionFilter.java:54)
at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:99)
at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:122)
at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:116)
at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:99)
at org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:109)
at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:99)
at org.springframework.security.web.authentication.rememberme.RememberMeAuthenticationFilter.doFilter(RememberMeAuthenticationFilter.java:141)
at org.springframework.security.web.authentication.rememberme.RememberMeAuthenticationFilter.doFilter(RememberMeAuthenticationFilter.java:97)
at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:99)
at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:223)
at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:217)
at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:99)
at jenkins.security.BasicHeaderProcessor.doFilter(BasicHeaderProcessor.java:97)
at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:99)
at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:112)
at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:82)
at hudson.security.HttpSessionContextIntegrationFilter2.doFilter(HttpSessionContextIntegrationFilter2.java:63)
at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:99)
at hudson.security.ChainedServletFilter.doFilter(ChainedServletFilter.java:111)
at hudson.security.HudsonFilter.doFilter(HudsonFilter.java:172)
at org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:202)
at org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1635)
at org.kohsuke.stapler.compression.CompressionFilter.doFilter(CompressionFilter.java:53)
at org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:202)
at org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1635)
at hudson.util.CharacterEncodingFilter.doFilter(CharacterEncodingFilter.java:86)
at org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:202)
at org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1635)
at org.kohsuke.stapler.DiagnosticThreadNameFilter.doFilter(DiagnosticThreadNameFilter.java:30)
at org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:202)
at org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1635)
at jenkins.security.SuspiciousRequestFilter.doFilter(SuspiciousRequestFilter.java:38)
at org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:202)
at org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1635)
at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:527)
at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:131)
at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:549)
at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:122)
at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:223)
at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:1571)
at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:221)
at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1383)
at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:176)
at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:484)
at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:1544)
at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:174)
at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1305)
at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:129)
at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:122)
at org.eclipse.jetty.server.Server.handle(Server.java:563)
at org.eclipse.jetty.server.HttpChannel.lambda$handle$0(HttpChannel.java:505)
at org.eclipse.jetty.server.HttpChannel.dispatch(HttpChannel.java:762)
at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:497)
at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:282)
at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:314)
at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:100)
at org.eclipse.jetty.io.SelectableChannelEndPoint$1.run(SelectableChannelEndPoint.java:53)
at org.eclipse.jetty.util.thread.strategy.AdaptiveExecutionStrategy.runTask(AdaptiveExecutionStrategy.java:421)
at org.eclipse.jetty.util.thread.strategy.AdaptiveExecutionStrategy.consumeTask(AdaptiveExecutionStrategy.java:390)
at org.eclipse.jetty.util.thread.strategy.AdaptiveExecutionStrategy.tryProduce(AdaptiveExecutionStrategy.java:277)
at org.eclipse.jetty.util.thread.strategy.AdaptiveExecutionStrategy.lambda$new$0(AdaptiveExecutionStrategy.java:139)
at org.eclipse.jetty.util.thread.ReservedThreadExecutor$ReservedThread.run(ReservedThreadExecutor.java:411)
at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:933)
at org.eclipse.jetty.util.thread.QueuedThreadPool$Runner.run(QueuedThreadPool.java:1077)
at java.base/java.lang.Thread.run(Thread.java:829)