Strange SAML-jenkins certificate expired causing JENKINS-ADFS integration SSO login to fail

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

Strange SAML-jenkins certificate expired causing JENKINS-ADFS integration SSO login to fail

Shifa Shaikh

We have been login to Jenkins using SSO from the past one year without any issues.


Today, however the SSO failed for the entire team and no one can login anymore.


After providing the SSO AD credentials we are thrown to the SAMLLougout page.


SAMLLOGOUT.png


Upon investigation the ADFS team informed that one of the certificates from Jenkins with `CN=SAML-jenkins` has expired causing the login to fail. The snapshot of the expired certificate as shared by the ADFS team for our Jenkins is below:


Capture1.PNG


Capture2.PNG


We have never created this certificate nor do we have any idea about it. 


Is this something that comes default with the Jenkins SAML plugin or the Jenkins product? Please let me know.


Now, that we are not able to login to Jenkins how do we go about fixing the issue and updating the certificate ?


I'm using the latest version of the standalone Jenkins war.


Any help guidance would be appreciated.

--
You received this message because you are subscribed to the Google Groups "Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/dffbebdf-2e75-4d8d-a9be-e2a6b261e1d7o%40googlegroups.com.
Reply | Threaded
Open this post in threaded view
|

Strange SAML-jenkins certificate expired causing JENKINS-ADFS integration SSO login to fail

Ivan Fernandez Calvo
SAML plugin needs a certificate for sign and encrypt the communications with the IdP, if you no provide one the SAML plugin generate a key and a certificate for that purpose, the certificate is renewed automatically when it expires but the IdP needs the new certificate is your responsability to provide the new certificate to the IdP, all of this is in the documentation of the plugin.

--
You received this message because you are subscribed to the Google Groups "Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/9eba951c-a12d-4c85-9933-5f4c3aa05c41o%40googlegroups.com.