Jenkins SAML + Azure AD

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

Jenkins SAML + Azure AD

jan.gazda
Hi, I'm trying to configure SAML authentication with Jenkins via Azure AD.
Right now I'm running Jenkins in Docker on my local machine to prevent locking out myself from our prod.


I'm using this plugin: 

I did all configuration in Jenkins and I'm still receiving an exception.

My config in AAD:
Identifier: http://localhost:8888/securityRealm/finishLogin
I downloaded Metadata and pasted it in Jenkins.
Can someone please give me a tip how to debug this issue? 

The error I'm receiving is:
org.pac4j.saml.exceptions.SAMLException: No valid subject assertion found in response
	at org.pac4j.saml.sso.impl.SAML2DefaultResponseValidator.validateSamlSSOResponse(SAML2DefaultResponseValidator.java:313)
	at org.pac4j.saml.sso.impl.SAML2DefaultResponseValidator.validate(SAML2DefaultResponseValidator.java:138)
	at org.pac4j.saml.sso.impl.SAML2WebSSOMessageReceiver.receiveMessage(SAML2WebSSOMessageReceiver.java:77)
	at org.pac4j.saml.sso.impl.SAML2WebSSOProfileHandler.receive(SAML2WebSSOProfileHandler.java:35)



--
You received this message because you are subscribed to the Google Groups "Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/080658a5-35b3-4225-9b64-57411880690b%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Reply | Threaded
Open this post in threaded view
|

Jenkins SAML + Azure AD

Ivan Fernandez Calvo
It never gonna work Azurre cannot reach your service http://localhost:8888/securityRealm/finishLogin to send the SAMLResponse, both machines have to have visibility it is a basic premise for SAML

--
You received this message because you are subscribed to the Google Groups "Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/6d4b6884-f2be-4282-b36a-29bedb23bc24%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.