Btw, please let me know if you get it working! I'd love to update the docs with regards to anything that may be confusing.
Thanks, Ben On Wed, Feb 18, 2015 at 2:38 PM, Ben McCann <b...@benmccann.com> wrote: > Hi John, > > Someone else recently reported a problem with a URL that they tracked down > to a misconfiguration. Are you having the problem described here? > https://github.com/connectifier/jenkins-saml-plugin/issues/4 > > -Ben > > > > On Wed, Feb 18, 2015 at 8:09 AM, John Burrows < > john.burr...@aciworldwide.com> wrote: > >> Hi Ben, >> >> Thank you for your help, I have been trying to get the SAML plugin >> working with our Ping federated server and have been unsuccessful. >> >> Here is what is happening: >> >> >> Jenkins v 1.597 SAML plugin v 0.3 >> >> We are using an internal PingFederated server and I have entered the xml >> metedata contents into the Security configuration of Jenkins. >> >> I have tried on two servers, one set up HTTPS (SSL) and one just HTTP. >> >> We get errors when trying to login using SSO that pertain to the >> *https://servername/securityRealm/finishLogin* >> <https://servername/securityRealm/finishLogin> redirect and the same for >> non-SSL server. >> >> We are stumped on what to check here, the PingFederated administrator has >> it set for the postback to the securityRealm/finishLogin URL, which is what >> is in the code for the plugin, we just are not sure how to proceed. >> >> The contents of the xml metadata: >> >> <md:EntityDescriptor ID="MNkL_uYrUsdEca2oWqH6gdgG4t3" cacheDuration= >> "PT1440M" entityID="ENTITYIDHERE:Saml2:POC" xmlns:md= >> "urn:oasis:names:tc:SAML:2.0:metadata"><md:IDPSSODescriptor >> protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol" >> WantAuthnRequestsSigned="false"><md:KeyDescriptor use="signing" >> ><ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#";><ds:X509Data> >> <ds:X509Certificate>CERTIFICATECODE HERE >> </ds:X509Certificate></ds:X509Data> >> </ds:KeyInfo></md:KeyDescriptor><md:NameIDFormat> >> urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified >> </md:NameIDFormat><md:SingleSignOnService Binding= >> "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location=" >> https://SSOSERVERNAME/idp/SSO.saml2"/><md:SingleSignOnService Binding= >> "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location=" >> https://SSOSERVERNAME/idp/SSO.saml2"/><md:SingleSignOnService Binding= >> "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact" Location=" >> https://SSOSERVERNAME/idp/SSO.saml2"/><md:SingleSignOnService Binding= >> "urn:oasis:names:tc:SAML:2.0:bindings:SOAP" Location=" >> https://SSOSERVERNAME/idp/SSO.saml2"; >> /></md:IDPSSODescriptor><md:ContactPerson contactType="administrative" >> ><md:Company>COMPANYNAME >> </md:Company></md:ContactPerson></md:EntityDescriptor> >> >> Any suggestions or hlep would be greatly appreciated. >> >> Thanks, >> >> John >> >> >> On Friday, January 23, 2015 at 11:51:07 AM UTC-5, Ben McCann wrote: >> >>> Yes, all the contents of the xml file >>> >>> On Fri, Jan 23, 2015 at 8:29 AM, John Burrows < >>> john.b...@aciworldwide.com> wrote: >>> >>>> Or is it just all the contents of the xml file? >>>> >>>> Thanks, >>>> John >>>> >>>> --------------- >>>> >>>> John Burrows >>>> >>>> Supervisor Software Engineering, USA >>>> >>>> SCM: AD Common Services >>>> <https://sites.google.com/a/aciworldwide.com/scm/> >>>> >>>> T + 1 704 423 2531 / M + 1 864 490 1091 >>>> >>>> *Vacation Alert :* >>>> >>>> *Feb 27 / **Mar 30-Apr 2 / Jun 29-Jul 2* >>>> >>>> >>>> ACI Worldwide >>>> www.aciworldwide.com >>>> <http://www.google.com/url?q=http%3A%2F%2Fwww.aciworldwide.com%2F&sa=D&sntz=1&usg=AFrqEzfhJz2nwfsTXrBW8qgAxUBxy4eJuw> >>>> ----------------------- >>>> >>>> For *AD Common Services: Infrastructure Services* support contact: >>>> Jeni Jones <jennife...@aciworldwide.com> >>>> For *AD Common Services:* *ARLM *support email: >>>> grp-arlm...@aciworldwide.com >>>> For *AD Common Services: **SCM *support refer to the Google Site: >>>> * SCM Contact/Request Information >>>> <https://sites.google.com/a/aciworldwide.com/scm/contact>* >>>> For *AD Common Services: **Security* or *AD Tools* support contact: >>>> Andie Srivastava <andie.sr...@aciworldwide.com> >>>> >>>> >>>> On Fri, Jan 23, 2015 at 11:27 AM, John Burrows < >>>> john.b...@aciworldwide.com> wrote: >>>> >>>>> Ben, >>>>> >>>>> Thanks for the quick response, maybe I wasnt clear, but what I am >>>>> asking, is what info goes into that field and in what format? >>>>> >>>>> Can you send me an example? >>>>> >>>>> Thanks, >>>>> John >>>>> >>>>> --------------- >>>>> >>>>> John Burrows >>>>> >>>>> Supervisor Software Engineering, USA >>>>> >>>>> SCM: AD Common Services >>>>> <https://sites.google.com/a/aciworldwide.com/scm/> >>>>> >>>>> T + 1 704 423 2531 / M + 1 864 490 1091 >>>>> >>>>> *Vacation Alert :* >>>>> >>>>> *Feb 27 / **Mar 30-Apr 2 / Jun 29-Jul 2* >>>>> >>>>> >>>>> ACI Worldwide >>>>> www.aciworldwide.com >>>>> <http://www.google.com/url?q=http%3A%2F%2Fwww.aciworldwide.com%2F&sa=D&sntz=1&usg=AFrqEzfhJz2nwfsTXrBW8qgAxUBxy4eJuw> >>>>> ----------------------- >>>>> >>>>> For *AD Common Services: Infrastructure Services* support contact: >>>>> Jeni Jones <jennife...@aciworldwide.com> >>>>> For *AD Common Services:* *ARLM *support email: >>>>> grp-arlm...@aciworldwide.com >>>>> For *AD Common Services: **SCM *support refer to the Google Site: >>>>> * SCM Contact/Request Information >>>>> <https://sites.google.com/a/aciworldwide.com/scm/contact>* >>>>> For *AD Common Services: **Security* or *AD Tools* support contact: >>>>> Andie Srivastava <andie.sr...@aciworldwide.com> >>>>> >>>>> >>>>> On Fri, Jan 23, 2015 at 11:10 AM, Ben McCann <b...@benmccann.com> >>>>> wrote: >>>>> >>>>>> Hey John, >>>>>> >>>>>> Ping should be able to give you a metadata file which contains all >>>>>> the configuration information you need. We set it up this way, so that >>>>>> you >>>>>> only have enter a single field instead of a few different fields. >>>>>> >>>>>> I haven't used Ping specifically before, but found these docs, which >>>>>> may help you if this is the right Ping product: >>>>>> http://documentation.pingidentity.com/display/PF66/Exporting+Metadata >>>>>> >>>>>> -Ben >>>>>> >>>>>> >>>>>> On Fri, Jan 23, 2015 at 2:30 AM, John Burrows < >>>>>> john.b...@aciworldwide.com> wrote: >>>>>> >>>>>>> Ben, >>>>>>> >>>>>>> I am trying to get the SAML plugin to work, but the configuration in >>>>>>> Security is confusing. >>>>>>> >>>>>>> All I see when clicking SAML in the security configuration is: >>>>>>> >>>>>>> >>>>>>> <https://lh4.googleusercontent.com/-TX1s_WUN4zg/VMIihJA5fpI/AAAAAAAACC8/DTB_uw1_HP0/s1600/SAML.jpg> >>>>>>> >>>>>>> Any ideas or help on how to properly configure it? >>>>>>> >>>>>>> We use an internal Ping Federated server for SSO authentication. >>>>>>> >>>>>>> Thanks >>>>>>> >>>>>>> John >>>>>>> >>>>>>> >>>>>>> On Sunday, August 17, 2014 at 12:18:55 AM UTC-4, Ben McCann wrote: >>>>>>>> >>>>>>>> I've created a SAML 2.0 plugin for Jenkins >>>>>>>> https://wiki.jenkins-ci.org/display/JENKINS/SAML+Plugin >>>>>>>> >>>>>>>> >>>>>>>> On Tuesday, January 21, 2014 5:39:21 AM UTC-8, St. Georgiou wrote: >>>>>>>>> >>>>>>>>> Hey there, >>>>>>>>> >>>>>>>>> I'm looking for a jenkins plugin to enable sso authetication using >>>>>>>>> shibboleth2. >>>>>>>>> Is there such a thing? I can only find the CAS Plugin >>>>>>>>> <https://wiki.jenkins-ci.org/display/JENKINS/CAS+Plugin> that >>>>>>>>> only goes up >>>>>>>>> to saml 1.1. >>>>>>>>> >>>>>>>>> Cheers >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> -- >>>>>>>>> View this message in context: http://jenkins-ci.361315.n4.na >>>>>>>>> bble.com/Jenkins-with-Saml-2-0-SSO-Authentication-tp4687801.html >>>>>>>>> Sent from the Jenkins users mailing list archive at Nabble.com. >>>>>>>>> >>>>>>>> >>>>>>> <http://www.aciworldwide.com> >>>>>>> >>>>>>> This email message and any attachments may contain confidential, >>>>>>> proprietary or non-public information. The information is intended >>>>>>> solely >>>>>>> for the designated recipient(s). If an addressing or transmission error >>>>>>> has >>>>>>> misdirected this email, please notify the sender immediately and destroy >>>>>>> this email. Any review, dissemination, use or reliance upon this >>>>>>> information by unintended recipients is prohibited. Any opinions >>>>>>> expressed >>>>>>> in this email are those of the author personally. >>>>>>> >>>>>>> -- >>>>>>> You received this message because you are subscribed to a topic in >>>>>>> the Google Groups "Jenkins Users" group. >>>>>>> To unsubscribe from this topic, visit https://groups.google.com/d/ >>>>>>> topic/jenkinsci-users/L_5ACUwtJpM/unsubscribe. >>>>>>> To unsubscribe from this group and all its topics, send an email to >>>>>>> jenkinsci-use...@googlegroups.com. >>>>>>> To view this discussion on the web visit >>>>>>> https://groups.google.com/d/msgid/jenkinsci-users/ >>>>>>> 5a68a1a6-220c-4b6c-8035-7172d87ae000%40googlegroups.com >>>>>>> <https://groups.google.com/d/msgid/jenkinsci-users/5a68a1a6-220c-4b6c-8035-7172d87ae000%40googlegroups.com?utm_medium=email&utm_source=footer> >>>>>>> . >>>>>>> >>>>>>> For more options, visit https://groups.google.com/d/optout. >>>>>>> >>>>>> >>>>>> >>>>>> >>>>>> -- >>>>>> about.me/benmccann >>>>>> >>>>>> -- >>>>>> You received this message because you are subscribed to a topic in >>>>>> the Google Groups "Jenkins Users" group. >>>>>> To unsubscribe from this topic, visit https://groups.google.com/d/ >>>>>> topic/jenkinsci-users/L_5ACUwtJpM/unsubscribe. >>>>>> To unsubscribe from this group and all its topics, send an email to >>>>>> jenkinsci-use...@googlegroups.com. >>>>>> To view this discussion on the web visit https://groups.google.com/d/ >>>>>> msgid/jenkinsci-users/CAH3cagNzcaax5BNUpVNnoTOn3FbaP >>>>>> URmkyFdw3h9Mqmj5ngiOw%40mail.gmail.com >>>>>> <https://groups.google.com/d/msgid/jenkinsci-users/CAH3cagNzcaax5BNUpVNnoTOn3FbaPURmkyFdw3h9Mqmj5ngiOw%40mail.gmail.com?utm_medium=email&utm_source=footer> >>>>>> . >>>>>> >>>>>> For more options, visit https://groups.google.com/d/optout. >>>>>> >>>>> >>>>> >>>> >>>> <http://www.aciworldwide.com> >>>> >>>> This email message and any attachments may contain confidential, >>>> proprietary or non-public information. The information is intended solely >>>> for the designated recipient(s). If an addressing or transmission error has >>>> misdirected this email, please notify the sender immediately and destroy >>>> this email. Any review, dissemination, use or reliance upon this >>>> information by unintended recipients is prohibited. Any opinions expressed >>>> in this email are those of the author personally. >>>> >>>> -- >>>> You received this message because you are subscribed to a topic in the >>>> Google Groups "Jenkins Users" group. >>>> To unsubscribe from this topic, visit https://groups.google.com/d/ >>>> topic/jenkinsci-users/L_5ACUwtJpM/unsubscribe. >>>> To unsubscribe from this group and all its topics, send an email to >>>> jenkinsci-use...@googlegroups.com. >>>> To view this discussion on the web visit https://groups.google.com/d/ >>>> msgid/jenkinsci-users/CAJrD%3D%2BZptr49OxCwS%3DsJPnaGobN- >>>> F7ffK0%3DTvnO6u-SqukXvyQ%40mail.gmail.com >>>> <https://groups.google.com/d/msgid/jenkinsci-users/CAJrD%3D%2BZptr49OxCwS%3DsJPnaGobN-F7ffK0%3DTvnO6u-SqukXvyQ%40mail.gmail.com?utm_medium=email&utm_source=footer> >>>> . >>>> >>>> For more options, visit https://groups.google.com/d/optout. >>>> >>> >>> >>> >>> -- >>> about.me/benmccann >>> >> >> <http://www.aciworldwide.com> >> >> This email message and any attachments may contain confidential, >> proprietary or non-public information. The information is intended solely >> for the designated recipient(s). If an addressing or transmission error has >> misdirected this email, please notify the sender immediately and destroy >> this email. Any review, dissemination, use or reliance upon this >> information by unintended recipients is prohibited. Any opinions expressed >> in this email are those of the author personally. >> >> -- >> You received this message because you are subscribed to a topic in the >> Google Groups "Jenkins Users" group. >> To unsubscribe from this topic, visit >> https://groups.google.com/d/topic/jenkinsci-users/L_5ACUwtJpM/unsubscribe >> . >> To unsubscribe from this group and all its topics, send an email to >> jenkinsci-users+unsubscr...@googlegroups.com. >> To view this discussion on the web visit >> https://groups.google.com/d/msgid/jenkinsci-users/d93be1b3-49c8-4c4f-a1a2-75305999f904%40googlegroups.com >> <https://groups.google.com/d/msgid/jenkinsci-users/d93be1b3-49c8-4c4f-a1a2-75305999f904%40googlegroups.com?utm_medium=email&utm_source=footer> >> . >> >> For more options, visit https://groups.google.com/d/optout. >> > > > > -- > about.me/benmccann > -- about.me/benmccann -- You received this message because you are subscribed to the Google Groups "Jenkins Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/CAH3cagOrcHGRmzvfFMwvB_t%3D4e6%3DggfQP_OCFF54uvj9SCiDqg%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
