Jenkins Okta auth

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Jenkins Okta auth

stas
I'm trying to configure okta with saml jenkins plugin https://wiki.jenkins-ci.org/display/JENKINS/SAML+Plugin
But getting error Cannot find entity https://www.okta.com/saml2/service-provider/spibofbfpairxsdsimgc or role {urn:oasis:names:tc:SAML:2.0:metadata}

there is my metadata
<?xml version="1.0" encoding="UTF-8"?><md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" entityID="https://www.okta.com/saml2/service-provider/spibofbfpairxsdsimgc"><md:SPSSODescriptor AuthnRequestsSigned="true" WantAssertionsSigned="true" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol"><md:KeyDescriptor use="encryption"><ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#"><ds:X509Data><ds:X509Certificate>MIIDpDCCAoygAwIBAgIGAVuJmnDlMA0GCSqGSIb3DQEBCwUAMIGSMQswCQYDVQQGEwJVUzETMBEG
A1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNU2FuIEZyYW5jaXNjbzENMAsGA1UECgwET2t0YTEU
MBIGA1UECwwLU1NPUHJvdmlkZXIxEzARBgNVBAMMCmRldi03ODQxMTkxHDAaBgkqhkiG9w0BCQEW
DWluZm9Ab2t0YS5jb20wHhcNMTcwNDIwMDQyMzExWhcNMjcwNDIwMDQyNDExWjCBkjELMAkGA1UE
BhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNVBAcMDVNhbiBGcmFuY2lzY28xDTALBgNV
BAoMBE9rdGExFDASBgNVBAsMC1NTT1Byb3ZpZGVyMRMwEQYDVQQDDApkZXYtNzg0MTE5MRwwGgYJ
KoZIhvcNAQkBFg1pbmZvQG9rdGEuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA
lfVL/XL9lEftDwzL8oSWGzJq8jAWFdZgRRP0ufz7BcNhIQsUXGKnl5cf29Q7FZ5/nqybu5Pg0M3V
Y3tBgDk8L6wDvsujyCxsZLwmek8jgrAb2Kk3HZY5y0yHkQSKQ2ASUBmvvx10MpYF1hsrPaZ2ZXqk
IbWbI/XmzCsdPnWxRcPZ3AtLl1b0dB5G+vJ3TG2hlcoSHH2+MV3Zv/wRSTskBhsrpDwpHtz5BC7l
gsSvtcd4FC5lCspD1SarZ9jguXCPcUgi7JkKWSYZOHRFFLYraG21CQwlNdb6MgulCTNyfM17i9sq
IXbfIrO8YdGi0YCAoFX04p0tHP0lJbcf6KbNiQIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQAONbGS
R/E99tsSARjOJQC2RO03jeyamRrUnNZVqL4S9zw49s7P0n9HakJ4Vb8H0aiOvVqNPwrkXmMuwjP7
9KCHbMDTGogo8CGxSl3bMJ3DNo+A/ecVaI4IgM6y4bCAst6f8EBopj39a7+r69HPU1fzqaPz2Cti
CdZ07QiCt51B52eCU9TzdAdJLB1cCby3GfyAbszyTVS6ZFPoC814XF0K38u6pVz5Ab6dTQ5L1Jho
iD4JTIJFN317io/0UsPwdLak325HjT7ufNxV+cR/zTedIvj8V6GEorfIYtGGUaq8M1xSqmwiJg0o
YUEZhwOmNNHrRoqSWXGjEDzJKgtP1Fzn</ds:X509Certificate></ds:X509Data></ds:KeyInfo><md:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/><md:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes192-cbc"/><md:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes256-cbc"/><md:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc"/></md:KeyDescriptor><md:KeyDescriptor use="signing"><ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#"><ds:X509Data><ds:X509Certificate>MIIDpDCCAoygAwIBAgIGAVuJmnDlMA0GCSqGSIb3DQEBCwUAMIGSMQswCQYDVQQGEwJVUzETMBEG
A1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNU2FuIEZyYW5jaXNjbzENMAsGA1UECgwET2t0YTEU
MBIGA1UECwwLU1NPUHJvdmlkZXIxEzARBgNVBAMMCmRldi03ODQxMTkxHDAaBgkqhkiG9w0BCQEW
DWluZm9Ab2t0YS5jb20wHhcNMTcwNDIwMDQyMzExWhcNMjcwNDIwMDQyNDExWjCBkjELMAkGA1UE
BhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNVBAcMDVNhbiBGcmFuY2lzY28xDTALBgNV
BAoMBE9rdGExFDASBgNVBAsMC1NTT1Byb3ZpZGVyMRMwEQYDVQQDDApkZXYtNzg0MTE5MRwwGgYJ
KoZIhvcNAQkBFg1pbmZvQG9rdGEuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA
lfVL/XL9lEftDwzL8oSWGzJq8jAWFdZgRRP0ufz7BcNhIQsUXGKnl5cf29Q7FZ5/nqybu5Pg0M3V
Y3tBgDk8L6wDvsujyCxsZLwmek8jgrAb2Kk3HZY5y0yHkQSKQ2ASUBmvvx10MpYF1hsrPaZ2ZXqk
IbWbI/XmzCsdPnWxRcPZ3AtLl1b0dB5G+vJ3TG2hlcoSHH2+MV3Zv/wRSTskBhsrpDwpHtz5BC7l
gsSvtcd4FC5lCspD1SarZ9jguXCPcUgi7JkKWSYZOHRFFLYraG21CQwlNdb6MgulCTNyfM17i9sq
IXbfIrO8YdGi0YCAoFX04p0tHP0lJbcf6KbNiQIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQAONbGS
R/E99tsSARjOJQC2RO03jeyamRrUnNZVqL4S9zw49s7P0n9HakJ4Vb8H0aiOvVqNPwrkXmMuwjP7
9KCHbMDTGogo8CGxSl3bMJ3DNo+A/ecVaI4IgM6y4bCAst6f8EBopj39a7+r69HPU1fzqaPz2Cti
CdZ07QiCt51B52eCU9TzdAdJLB1cCby3GfyAbszyTVS6ZFPoC814XF0K38u6pVz5Ab6dTQ5L1Jho
iD4JTIJFN317io/0UsPwdLak325HjT7ufNxV+cR/zTedIvj8V6GEorfIYtGGUaq8M1xSqmwiJg0o
YUEZhwOmNNHrRoqSWXGjEDzJKgtP1Fzn</ds:X509Certificate></ds:X509Data></ds:KeyInfo></md:KeyDescriptor><md:NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified</md:NameIDFormat><md:NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress</md:NameIDFormat><md:NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:persistent</md:NameIDFormat><md:NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</md:NameIDFormat><md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://dev-784119.oktapreview.com/sso/saml2/0oaa7zvi6k6kK4Rm00h7" index="0" isDefault="true"/><md:AttributeConsumingService index="0"><md:RequestedAttribute FriendlyName="First Name" Name="firstName" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true"/><md:RequestedAttribute FriendlyName="Last Name" Name="lastName" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true"/><md:RequestedAttribute FriendlyName="Email" Name="email" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true"/><md:RequestedAttribute FriendlyName="Mobile Phone" Name="mobilePhone" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="false"/></md:AttributeConsumingService></md:SPSSODescriptor><md:Organization><md:OrganizationName xmlns:xml="http://www.w3.org/XML/1998/namespace" xml:lang="en">dev-784119</md:OrganizationName><md:OrganizationDisplayName xmlns:xml="http://www.w3.org/XML/1998/namespace" xml:lang="en">Flugel.it-dev-784119</md:OrganizationDisplayName><md:OrganizationURL xmlns:xml="http://www.w3.org/XML/1998/namespace" xml:lang="en">https://flugel.it</md:OrganizationURL></md:Organization></md:EntityDescriptor>

in Okta:
SAML PROTOCOL SETTINGS

IdP Issuer URI 
https://ip:8080/securityRealm/finishLogin

IdP Single Sign-On URL 
https://ip:8080/securityRealm/finishLogin

IdP Signature Certificate 
Pub cer for SSL

Request Binding 
HTTP POST

Request Signature

Sign SAML Authentication Requests
Request Signature Algorithm 
SHA-256

Response Signature Verification 
Response or Assertion

Response Signature Algorithm 
SHA-256

Destination 
https://ip:8080/securityRealm/finishLogin
Okta Assertion Consumer Service URL

Trust-specific

Organization (shared)
Max Clock Skew 
2
Minutes

Jenkins running from official docker image with options:
--httpPort=-1 --httpsPort=8080 --httpsCertificate=/var/lib/jenkins/jenkins.crt --httpsPrivateKey=/var/lib/jenkins/jenkins.key

--
You received this message because you are subscribed to the Google Groups "Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/76f577db-634b-4b2b-8c49-6f37cba3bb51%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Jenkins Okta auth

Ivan Fernandez Calvo
Hi,

To configure Okta as SAML service you have to follow this documentation http://developer.okta.com/standards/SAML/setting_up_a_saml_application_in_okta, It seems like you did that and have the IdP up and running, you have to set these setting in order to make it works

*Single Sign on Url *: http://myhostaddress.com:8080/securityRealm/finishLogin
Use this for Recipient URL and Destination URL: Checked
Audience URI (SP Entity ID)http://myhostaddress.com:8080/securityRealm/finishLogin
Name ID Fornat : EmailAdress
Application username: Okta username
Attribute Statements - I did not specify any here
Group Attribute Statements: Name=Group Nameformat=Basic Filtertype=regex Filter=.*


Jenkins:
Security Realm: SAML 2.0
IdP Metadata : Copied from Okta
Display Name Attribute: The default of (http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name)
Group Attribute: Group
Username Attribute: left blank


reviewing you configuration you set Request Binding to HTTP POST, this kind of binding it is not yet suppported by SAML Plugin you have to use HTTP Redirect Binding



El jueves, 20 de abril de 2017, 10:20:01 (UTC+2), [hidden email] escribió:
I'm trying to configure okta with saml jenkins plugin <a href="https://wiki.jenkins-ci.org/display/JENKINS/SAML+Plugin" target="_blank" rel="nofollow" onmousedown="this.href=&#39;https://www.google.com/url?q\x3dhttps%3A%2F%2Fwiki.jenkins-ci.org%2Fdisplay%2FJENKINS%2FSAML%2BPlugin\x26sa\x3dD\x26sntz\x3d1\x26usg\x3dAFQjCNHhq2FxMJUncwGLB6ziYvkWE3LnoQ&#39;;return true;" onclick="this.href=&#39;https://www.google.com/url?q\x3dhttps%3A%2F%2Fwiki.jenkins-ci.org%2Fdisplay%2FJENKINS%2FSAML%2BPlugin\x26sa\x3dD\x26sntz\x3d1\x26usg\x3dAFQjCNHhq2FxMJUncwGLB6ziYvkWE3LnoQ&#39;;return true;">https://wiki.jenkins-ci.org/display/JENKINS/SAML+Plugin
But getting error Cannot find entity <a href="https://www.okta.com/saml2/service-provider/spibofbfpairxsdsimgc" target="_blank" rel="nofollow" onmousedown="this.href=&#39;https://www.google.com/url?q\x3dhttps%3A%2F%2Fwww.okta.com%2Fsaml2%2Fservice-provider%2Fspibofbfpairxsdsimgc\x26sa\x3dD\x26sntz\x3d1\x26usg\x3dAFQjCNFvhgA5d87ck6zjFVPYu6iduE2n-w&#39;;return true;" onclick="this.href=&#39;https://www.google.com/url?q\x3dhttps%3A%2F%2Fwww.okta.com%2Fsaml2%2Fservice-provider%2Fspibofbfpairxsdsimgc\x26sa\x3dD\x26sntz\x3d1\x26usg\x3dAFQjCNFvhgA5d87ck6zjFVPYu6iduE2n-w&#39;;return true;">https://www.okta.com/saml2/service-provider/spibofbfpairxsdsimgc or role {urn:oasis:names:tc:SAML:2.0:metadata}

there is my metadata
<?xml version="1.0" encoding="UTF-8"?><md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" entityID="<a href="https://www.okta.com/saml2/service-provider/spibofbfpairxsdsimgc" target="_blank" rel="nofollow" onmousedown="this.href=&#39;https://www.google.com/url?q\x3dhttps%3A%2F%2Fwww.okta.com%2Fsaml2%2Fservice-provider%2Fspibofbfpairxsdsimgc\x26sa\x3dD\x26sntz\x3d1\x26usg\x3dAFQjCNFvhgA5d87ck6zjFVPYu6iduE2n-w&#39;;return true;" onclick="this.href=&#39;https://www.google.com/url?q\x3dhttps%3A%2F%2Fwww.okta.com%2Fsaml2%2Fservice-provider%2Fspibofbfpairxsdsimgc\x26sa\x3dD\x26sntz\x3d1\x26usg\x3dAFQjCNFvhgA5d87ck6zjFVPYu6iduE2n-w&#39;;return true;">https://www.okta.com/saml2/service-provider/spibofbfpairxsdsimgc"><md:SPSSODescriptor AuthnRequestsSigned="true" WantAssertionsSigned="true" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol"><md:KeyDescriptor use="encryption"><ds:KeyInfo xmlns:ds="<a href="http://www.w3.org/2000/09/xmldsig#" target="_blank" rel="nofollow" onmousedown="this.href=&#39;http://www.google.com/url?q\x3dhttp%3A%2F%2Fwww.w3.org%2F2000%2F09%2Fxmldsig%23\x26sa\x3dD\x26sntz\x3d1\x26usg\x3dAFQjCNEmCh3s9aavT2Gx26XHNbvW9xoIeA&#39;;return true;" onclick="this.href=&#39;http://www.google.com/url?q\x3dhttp%3A%2F%2Fwww.w3.org%2F2000%2F09%2Fxmldsig%23\x26sa\x3dD\x26sntz\x3d1\x26usg\x3dAFQjCNEmCh3s9aavT2Gx26XHNbvW9xoIeA&#39;;return true;">http://www.w3.org/2000/09/xmldsig#"><ds:X509Data><ds:X509Certificate>MIIDpDCCAoygAwIBAgIGAVuJmnDlMA0GCSqGSIb3DQEBCwUAMIGSMQswCQYDVQQGEwJVUzETMBEG
A1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNU2FuIEZyYW5jaXNjbzENMAsGA1UECgwET2t0YTEU
MBIGA1UECwwLU1NPUHJvdmlkZXIxEzARBgNVBAMMCmRldi03ODQxMTkxHDAaBgkqhkiG9w0BCQEW
DWluZm9Ab2t0YS5jb20wHhcNMTcwNDIwMDQyMzExWhcNMjcwNDIwMDQyNDExWjCBkjELMAkGA1UE
BhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNVBAcMDVNhbiBGcmFuY2lzY28xDTALBgNV
BAoMBE9rdGExFDASBgNVBAsMC1NTT1Byb3ZpZGVyMRMwEQYDVQQDDApkZXYtNzg0MTE5MRwwGgYJ
KoZIhvcNAQkBFg1pbmZvQG9rdGEuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA
lfVL/XL9lEftDwzL8oSWGzJq8jAWFdZgRRP0ufz7BcNhIQsUXGKnl5cf29Q7FZ5/nqybu5Pg0M3V
Y3tBgDk8L6wDvsujyCxsZLwmek8jgrAb2Kk3HZY5y0yHkQSKQ2ASUBmvvx10MpYF1hsrPaZ2ZXqk
IbWbI/XmzCsdPnWxRcPZ3AtLl1b0dB5G+vJ3TG2hlcoSHH2+MV3Zv/wRSTskBhsrpDwpHtz5BC7l
gsSvtcd4FC5lCspD1SarZ9jguXCPcUgi7JkKWSYZOHRFFLYraG21CQwlNdb6MgulCTNyfM17i9sq
IXbfIrO8YdGi0YCAoFX04p0tHP0lJbcf6KbNiQIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQAONbGS
R/E99tsSARjOJQC2RO03jeyamRrUnNZVqL4S9zw49s7P0n9HakJ4Vb8H0aiOvVqNPwrkXmMuwjP7
9KCHbMDTGogo8CGxSl3bMJ3DNo+A/ecVaI4IgM6y4bCAst6f8EBopj39a7+r69HPU1fzqaPz2Cti
CdZ07QiCt51B52eCU9TzdAdJLB1cCby3GfyAbszyTVS6ZFPoC814XF0K38u6pVz5Ab6dTQ5L1Jho
iD4JTIJFN317io/0UsPwdLak325HjT7ufNxV+cR/zTedIvj8V6GEorfIYtGGUaq8M1xSqmwiJg0o
YUEZhwOmNNHrRoqSWXGjEDzJKgtP1Fzn</ds:X509Certificate></ds:X509Data></ds:KeyInfo><md:EncryptionMethod Algorithm="<a href="http://www.w3.org/2001/04/xmlenc#aes128-cbc" target="_blank" rel="nofollow" onmousedown="this.href=&#39;http://www.google.com/url?q\x3dhttp%3A%2F%2Fwww.w3.org%2F2001%2F04%2Fxmlenc%23aes128-cbc\x26sa\x3dD\x26sntz\x3d1\x26usg\x3dAFQjCNFeMD-iDdLMtkOcXolhK32p9ZONyQ&#39;;return true;" onclick="this.href=&#39;http://www.google.com/url?q\x3dhttp%3A%2F%2Fwww.w3.org%2F2001%2F04%2Fxmlenc%23aes128-cbc\x26sa\x3dD\x26sntz\x3d1\x26usg\x3dAFQjCNFeMD-iDdLMtkOcXolhK32p9ZONyQ&#39;;return true;">http://www.w3.org/2001/04/xmlenc#aes128-cbc"/><md:EncryptionMethod Algorithm="<a href="http://www.w3.org/2001/04/xmlenc#aes192-cbc" target="_blank" rel="nofollow" onmousedown="this.href=&#39;http://www.google.com/url?q\x3dhttp%3A%2F%2Fwww.w3.org%2F2001%2F04%2Fxmlenc%23aes192-cbc\x26sa\x3dD\x26sntz\x3d1\x26usg\x3dAFQjCNEQuabbijEX9N0pYRgk8aXv3PDHZQ&#39;;return true;" onclick="this.href=&#39;http://www.google.com/url?q\x3dhttp%3A%2F%2Fwww.w3.org%2F2001%2F04%2Fxmlenc%23aes192-cbc\x26sa\x3dD\x26sntz\x3d1\x26usg\x3dAFQjCNEQuabbijEX9N0pYRgk8aXv3PDHZQ&#39;;return true;">http://www.w3.org/2001/04/xmlenc#aes192-cbc"/><md:EncryptionMethod Algorithm="<a href="http://www.w3.org/2001/04/xmlenc#aes256-cbc" target="_blank" rel="nofollow" onmousedown="this.href=&#39;http://www.google.com/url?q\x3dhttp%3A%2F%2Fwww.w3.org%2F2001%2F04%2Fxmlenc%23aes256-cbc\x26sa\x3dD\x26sntz\x3d1\x26usg\x3dAFQjCNHVb8U9Z2BJTifGrxoWl6g3WsMwIw&#39;;return true;" onclick="this.href=&#39;http://www.google.com/url?q\x3dhttp%3A%2F%2Fwww.w3.org%2F2001%2F04%2Fxmlenc%23aes256-cbc\x26sa\x3dD\x26sntz\x3d1\x26usg\x3dAFQjCNHVb8U9Z2BJTifGrxoWl6g3WsMwIw&#39;;return true;">http://www.w3.org/2001/04/xmlenc#aes256-cbc"/><md:EncryptionMethod Algorithm="<a href="http://www.w3.org/2001/04/xmlenc#tripledes-cbc" target="_blank" rel="nofollow" onmousedown="this.href=&#39;http://www.google.com/url?q\x3dhttp%3A%2F%2Fwww.w3.org%2F2001%2F04%2Fxmlenc%23tripledes-cbc\x26sa\x3dD\x26sntz\x3d1\x26usg\x3dAFQjCNFYNYCygmDQFSklgY49jguVBuyQfA&#39;;return true;" onclick="this.href=&#39;http://www.google.com/url?q\x3dhttp%3A%2F%2Fwww.w3.org%2F2001%2F04%2Fxmlenc%23tripledes-cbc\x26sa\x3dD\x26sntz\x3d1\x26usg\x3dAFQjCNFYNYCygmDQFSklgY49jguVBuyQfA&#39;;return true;">http://www.w3.org/2001/04/xmlenc#tripledes-cbc"/></md:KeyDescriptor><md:KeyDescriptor use="signing"><ds:KeyInfo xmlns:ds="<a href="http://www.w3.org/2000/09/xmldsig#" target="_blank" rel="nofollow" onmousedown="this.href=&#39;http://www.google.com/url?q\x3dhttp%3A%2F%2Fwww.w3.org%2F2000%2F09%2Fxmldsig%23\x26sa\x3dD\x26sntz\x3d1\x26usg\x3dAFQjCNEmCh3s9aavT2Gx26XHNbvW9xoIeA&#39;;return true;" onclick="this.href=&#39;http://www.google.com/url?q\x3dhttp%3A%2F%2Fwww.w3.org%2F2000%2F09%2Fxmldsig%23\x26sa\x3dD\x26sntz\x3d1\x26usg\x3dAFQjCNEmCh3s9aavT2Gx26XHNbvW9xoIeA&#39;;return true;">http://www.w3.org/2000/09/xmldsig#"><ds:X509Data><ds:X509Certificate>MIIDpDCCAoygAwIBAgIGAVuJmnDlMA0GCSqGSIb3DQEBCwUAMIGSMQswCQYDVQQGEwJVUzETMBEG
A1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNU2FuIEZyYW5jaXNjbzENMAsGA1UECgwET2t0YTEU
MBIGA1UECwwLU1NPUHJvdmlkZXIxEzARBgNVBAMMCmRldi03ODQxMTkxHDAaBgkqhkiG9w0BCQEW
DWluZm9Ab2t0YS5jb20wHhcNMTcwNDIwMDQyMzExWhcNMjcwNDIwMDQyNDExWjCBkjELMAkGA1UE
BhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNVBAcMDVNhbiBGcmFuY2lzY28xDTALBgNV
BAoMBE9rdGExFDASBgNVBAsMC1NTT1Byb3ZpZGVyMRMwEQYDVQQDDApkZXYtNzg0MTE5MRwwGgYJ
KoZIhvcNAQkBFg1pbmZvQG9rdGEuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA
lfVL/XL9lEftDwzL8oSWGzJq8jAWFdZgRRP0ufz7BcNhIQsUXGKnl5cf29Q7FZ5/nqybu5Pg0M3V
Y3tBgDk8L6wDvsujyCxsZLwmek8jgrAb2Kk3HZY5y0yHkQSKQ2ASUBmvvx10MpYF1hsrPaZ2ZXqk
IbWbI/XmzCsdPnWxRcPZ3AtLl1b0dB5G+vJ3TG2hlcoSHH2+MV3Zv/wRSTskBhsrpDwpHtz5BC7l
gsSvtcd4FC5lCspD1SarZ9jguXCPcUgi7JkKWSYZOHRFFLYraG21CQwlNdb6MgulCTNyfM17i9sq
IXbfIrO8YdGi0YCAoFX04p0tHP0lJbcf6KbNiQIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQAONbGS
R/E99tsSARjOJQC2RO03jeyamRrUnNZVqL4S9zw49s7P0n9HakJ4Vb8H0aiOvVqNPwrkXmMuwjP7
9KCHbMDTGogo8CGxSl3bMJ3DNo+A/ecVaI4IgM6y4bCAst6f8EBopj39a7+r69HPU1fzqaPz2Cti
CdZ07QiCt51B52eCU9TzdAdJLB1cCby3GfyAbszyTVS6ZFPoC814XF0K38u6pVz5Ab6dTQ5L1Jho
iD4JTIJFN317io/0UsPwdLak325HjT7ufNxV+cR/zTedIvj8V6GEorfIYtGGUaq8M1xSqmwiJg0o
YUEZhwOmNNHrRoqSWXGjEDzJKgtP1Fzn</ds:X509Certificate></ds:X509Data></ds:KeyInfo></md:KeyDescriptor><md:NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified</md:NameIDFormat><md:NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress</md:NameIDFormat><md:NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:persistent</md:NameIDFormat><md:NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</md:NameIDFormat><md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="<a href="https://dev-784119.oktapreview.com/sso/saml2/0oaa7zvi6k6kK4Rm00h7" target="_blank" rel="nofollow" onmousedown="this.href=&#39;https://www.google.com/url?q\x3dhttps%3A%2F%2Fdev-784119.oktapreview.com%2Fsso%2Fsaml2%2F0oaa7zvi6k6kK4Rm00h7\x26sa\x3dD\x26sntz\x3d1\x26usg\x3dAFQjCNFCj80B0d4krGyC6xBLsDuY-vinFg&#39;;return true;" onclick="this.href=&#39;https://www.google.com/url?q\x3dhttps%3A%2F%2Fdev-784119.oktapreview.com%2Fsso%2Fsaml2%2F0oaa7zvi6k6kK4Rm00h7\x26sa\x3dD\x26sntz\x3d1\x26usg\x3dAFQjCNFCj80B0d4krGyC6xBLsDuY-vinFg&#39;;return true;">https://dev-784119.oktapreview.com/sso/saml2/0oaa7zvi6k6kK4Rm00h7" index="0" isDefault="true"/><md:AttributeConsumingService index="0"><md:RequestedAttribute FriendlyName="First Name" Name="firstName" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true"/><md:RequestedAttribute FriendlyName="Last Name" Name="lastName" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true"/><md:RequestedAttribute FriendlyName="Email" Name="email" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true"/><md:RequestedAttribute FriendlyName="Mobile Phone" Name="mobilePhone" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="false"/></md:AttributeConsumingService></md:SPSSODescriptor><md:Organization><md:OrganizationName xmlns:xml="<a href="http://www.w3.org/XML/1998/namespace" target="_blank" rel="nofollow" onmousedown="this.href=&#39;http://www.google.com/url?q\x3dhttp%3A%2F%2Fwww.w3.org%2FXML%2F1998%2Fnamespace\x26sa\x3dD\x26sntz\x3d1\x26usg\x3dAFQjCNHVrnX5SsL_e7-TDYGmuyc8ivJiDA&#39;;return true;" onclick="this.href=&#39;http://www.google.com/url?q\x3dhttp%3A%2F%2Fwww.w3.org%2FXML%2F1998%2Fnamespace\x26sa\x3dD\x26sntz\x3d1\x26usg\x3dAFQjCNHVrnX5SsL_e7-TDYGmuyc8ivJiDA&#39;;return true;">http://www.w3.org/XML/1998/namespace" xml:lang="en">dev-784119</md:OrganizationName><md:OrganizationDisplayName xmlns:xml="<a href="http://www.w3.org/XML/1998/namespace" target="_blank" rel="nofollow" onmousedown="this.href=&#39;http://www.google.com/url?q\x3dhttp%3A%2F%2Fwww.w3.org%2FXML%2F1998%2Fnamespace\x26sa\x3dD\x26sntz\x3d1\x26usg\x3dAFQjCNHVrnX5SsL_e7-TDYGmuyc8ivJiDA&#39;;return true;" onclick="this.href=&#39;http://www.google.com/url?q\x3dhttp%3A%2F%2Fwww.w3.org%2FXML%2F1998%2Fnamespace\x26sa\x3dD\x26sntz\x3d1\x26usg\x3dAFQjCNHVrnX5SsL_e7-TDYGmuyc8ivJiDA&#39;;return true;">http://www.w3.org/XML/1998/namespace" xml:lang="en">Flugel.it-dev-784119</md:OrganizationDisplayName><md:OrganizationURL xmlns:xml="<a href="http://www.w3.org/XML/1998/namespace" target="_blank" rel="nofollow" onmousedown="this.href=&#39;http://www.google.com/url?q\x3dhttp%3A%2F%2Fwww.w3.org%2FXML%2F1998%2Fnamespace\x26sa\x3dD\x26sntz\x3d1\x26usg\x3dAFQjCNHVrnX5SsL_e7-TDYGmuyc8ivJiDA&#39;;return true;" onclick="this.href=&#39;http://www.google.com/url?q\x3dhttp%3A%2F%2Fwww.w3.org%2FXML%2F1998%2Fnamespace\x26sa\x3dD\x26sntz\x3d1\x26usg\x3dAFQjCNHVrnX5SsL_e7-TDYGmuyc8ivJiDA&#39;;return true;">http://www.w3.org/XML/1998/namespace" xml:lang="en"><a href="https://flugel.it" target="_blank" rel="nofollow" onmousedown="this.href=&#39;https://www.google.com/url?q\x3dhttps%3A%2F%2Fflugel.it\x26sa\x3dD\x26sntz\x3d1\x26usg\x3dAFQjCNFpBzYWBDTC-iLSSFCEzu2x8MsBPg&#39;;return true;" onclick="this.href=&#39;https://www.google.com/url?q\x3dhttps%3A%2F%2Fflugel.it\x26sa\x3dD\x26sntz\x3d1\x26usg\x3dAFQjCNFpBzYWBDTC-iLSSFCEzu2x8MsBPg&#39;;return true;">https://flugel.it</md:OrganizationURL></md:Organization></md:EntityDescriptor>

in Okta:
SAML PROTOCOL SETTINGS

IdP Issuer URI 
<a href="https://ip:8080/securityRealm/finishLogin" target="_blank" rel="nofollow" onmousedown="this.href=&#39;https://www.google.com/url?q\x3dhttps%3A%2F%2Fip%3A8080%2FsecurityRealm%2FfinishLogin\x26sa\x3dD\x26sntz\x3d1\x26usg\x3dAFQjCNEIuJv_vU_mzQAHWfs5kYnJB75tcg&#39;;return true;" onclick="this.href=&#39;https://www.google.com/url?q\x3dhttps%3A%2F%2Fip%3A8080%2FsecurityRealm%2FfinishLogin\x26sa\x3dD\x26sntz\x3d1\x26usg\x3dAFQjCNEIuJv_vU_mzQAHWfs5kYnJB75tcg&#39;;return true;">https://ip:8080/securityRealm/finishLogin

IdP Single Sign-On URL 
<a href="https://ip:8080/securityRealm/finishLogin" target="_blank" rel="nofollow" onmousedown="this.href=&#39;https://www.google.com/url?q\x3dhttps%3A%2F%2Fip%3A8080%2FsecurityRealm%2FfinishLogin\x26sa\x3dD\x26sntz\x3d1\x26usg\x3dAFQjCNEIuJv_vU_mzQAHWfs5kYnJB75tcg&#39;;return true;" onclick="this.href=&#39;https://www.google.com/url?q\x3dhttps%3A%2F%2Fip%3A8080%2FsecurityRealm%2FfinishLogin\x26sa\x3dD\x26sntz\x3d1\x26usg\x3dAFQjCNEIuJv_vU_mzQAHWfs5kYnJB75tcg&#39;;return true;">https://ip:8080/securityRealm/finishLogin

IdP Signature Certificate 
Pub cer for SSL

Request Binding 
HTTP POST

Request Signature

Sign SAML Authentication Requests
Request Signature Algorithm 
SHA-256

Response Signature Verification 
Response or Assertion

Response Signature Algorithm 
SHA-256

Destination 
<a href="https://ip:8080/securityRealm/finishLogin" target="_blank" rel="nofollow" onmousedown="this.href=&#39;https://www.google.com/url?q\x3dhttps%3A%2F%2Fip%3A8080%2FsecurityRealm%2FfinishLogin\x26sa\x3dD\x26sntz\x3d1\x26usg\x3dAFQjCNEIuJv_vU_mzQAHWfs5kYnJB75tcg&#39;;return true;" onclick="this.href=&#39;https://www.google.com/url?q\x3dhttps%3A%2F%2Fip%3A8080%2FsecurityRealm%2FfinishLogin\x26sa\x3dD\x26sntz\x3d1\x26usg\x3dAFQjCNEIuJv_vU_mzQAHWfs5kYnJB75tcg&#39;;return true;">https://ip:8080/securityRealm/finishLogin
Okta Assertion Consumer Service URL

Trust-specific

Organization (shared)
Max Clock Skew 
2
Minutes

Jenkins running from official docker image with options:
--httpPort=-1 --httpsPort=8080 --httpsCertificate=/var/lib/jenkins/jenkins.crt --httpsPrivateKey=/var/lib/jenkins/jenkins.key

--
You received this message because you are subscribed to the Google Groups "Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/4dd9bce5-b18a-46f3-8dc0-da234f096a27%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Loading...