[JIRA] [saml-plugin] (JENKINS-29086) User IDs are case sensitive in saml-plugin
Title: Message Title SCM/JIRA link daemon commented on JENKINS-29086 Re: User IDs are case sensitive in saml-plugin Code changed in jenkins User: Brantone Path: src/main/java/org/jenkinsci/plugins/saml/SamlSecurityRealm.java src/main/resources/org/jenkinsci/plugins/saml/SamlSecurityRealm/config.jelly src/main/webapp/help/usernameCaseConversion.html http://jenkins-ci.org/commit/saml-plugin/f276d652b7701e7b4ea08401ccc106bba3acf58b Log: JENKINS-29086 Work-around for handling SAML user id case sensitivity : provide option to convert returned value to a specific case. Add Comment This message was sent by Atlassian JIRA (v6.4.2#64017-sha1:e244265) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[JIRA] [saml-plugin] (JENKINS-29086) User IDs are case sensitive in saml-plugin
Title: Message Title SCM/JIRA link daemon commented on JENKINS-29086 Re: User IDs are case sensitive in saml-plugin Code changed in jenkins User: Michael Donohue Path: src/main/java/org/jenkinsci/plugins/saml/SamlSecurityRealm.java src/main/resources/org/jenkinsci/plugins/saml/SamlSecurityRealm/config.jelly src/main/webapp/help/usernameCaseConversion.html http://jenkins-ci.org/commit/saml-plugin/a5cd13f46ebd15baeecf3349ff6a1d2aa3c81bed Log: Merge pull request #4 from Brantone/master JENKINS-29086 Work-around for handling case sensitivity Compare: https://github.com/jenkinsci/saml-plugin/compare/898fbb509ca8...a5cd13f46ebd Add Comment This message was sent by Atlassian JIRA (v6.4.2#64017-sha1:e244265) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[JIRA] [saml-plugin] (JENKINS-29086) User IDs are case sensitive in saml-plugin
Title: Message Title Brantone commented on JENKINS-29086 Re: User IDs are case sensitive in saml-plugin Working on that aspect (more political than technical ). The PR work-around was because I could wait, needed to get it forced to lower-case. Add Comment This message was sent by Atlassian JIRA (v6.4.2#64017-sha1:e244265) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[JIRA] [saml-plugin] (JENKINS-29086) User IDs are case sensitive in saml-plugin
Title: Message Title Mikhail Tyuzin commented on JENKINS-29086 Re: User IDs are case sensitive in saml-plugin Have you tried to apply "make all lowercase" rule on SAML IdP side? Usually this could be done on per-app basis so even in in a big company this should not be a problem. Add Comment This message was sent by Atlassian JIRA (v6.4.2#64017-sha1:e244265) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[JIRA] [saml-plugin] (JENKINS-29086) User IDs are case sensitive in saml-plugin
Title: Message Title Brantone commented on JENKINS-29086 Re: User IDs are case sensitive in saml-plugin Correct, hence commit message as "work around" ... in my specific scenario where RBS is used (and even has help message of "By default user/group names are case sensitive so it needs to match with your user/group definition under Configure Global Security->Access Control->Security Realm." There's already the requirement for case-sensitivity ... furthermore utilizing an SSO SAML setup where user ids are inconsistent (25% are upper-case and rest are lower-case), having a standard of "everything lower case" at least makes it consistent. (I'm in a large org where I know forcing the upstream system to standardize is pointless). I was originally hoping for something "easier" by way of a definition in the "IdP Metadata", but my research proved that as a dead-end since SAML is authoritative ... maybe I'm wrong though. Add Comment This message was sent by Atlassian JIRA (v6.4.2#64017-sha1:e244265) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[JIRA] [saml-plugin] (JENKINS-29086) User IDs are case sensitive in saml-plugin
Title: Message Title Mikhail Tyuzin commented on JENKINS-29086 Re: User IDs are case sensitive in saml-plugin Will take a look on weekend. But as I wrote above, this will not really fix the problem mentioned by requester and this can be easily done on IdP side. If introduce such a feature, it should be possible to apply it for both user id and groups attributes separately. The reason is that starting from 0.4 release it is possible to configure all security related stuff using groups only, therefore user id case becomes absolutely non critical. And by the way, I have never seen such a setting in any system integrated with SAML IdP. Add Comment This message was sent by Atlassian JIRA (v6.4.2#64017-sha1:e244265) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[JIRA] [saml-plugin] (JENKINS-29086) User IDs are case sensitive in saml-plugin
Title: Message Title Brantone commented on JENKINS-29086 Re: User IDs are case sensitive in saml-plugin Submitted PR https://github.com/jenkinsci/saml-plugin/pull/4 to provide a config option that "converts" the returned user id from SAML into a specific case. Add Comment This message was sent by Atlassian JIRA (v6.4.2#64017-sha1:e244265) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[JIRA] [saml-plugin] (JENKINS-29086) User IDs are case sensitive in saml-plugin
Title: Message Title Mikhail Tyuzin commented on JENKINS-29086 Re: User IDs are case sensitive in saml-plugin Well, case sensitivity is context of SAML plugin makes sense only when it comes down to RBS. When SAML plugin receives a response, it does several things: 1) Creates local session for the user with ID=Subject from SAML response (original case from SAML is preserved) 2) Updates user name if necessary (original case from SAML is preserved) 3) Creates authorities collection from groups attribute of SAML message if any (original case from SAML is preserved) Then, information from #2 becomes visible on UI as user name, case sensitivity here is ok. As for #1 and #3, this data can be used in RBA and that is where case sensitivity plays negative role because it forces users to write case sensitive user ids and group names. Regarding case sensitivity for SAML data - no, there is no way for SP to tell IdP how to format the data, however most IdPs can control that on their side. But, no matter where/on what side toLower or toUpper is executed for "user id" and "group" attributes, this will not solve original problem. Even if plugin or IdP transform everything to lower case, when user gives some rights in RBS to user "petr_ina...@company.com", this rule simply wan't work whereas requester wanted this rule to be ok. Add Comment This message was sent by Atlassian JIRA (v6.4.2#64017-sha1:e244265) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[JIRA] [saml-plugin] (JENKINS-29086) User IDs are case sensitive in saml-plugin
Title: Message Title Brantone commented on JENKINS-29086 Re: User IDs are case sensitive in saml-plugin Well, it can use Role-based strategy ... Authentication (is the user who they say they is), is something like SAML ... whereas Authorization (can the user do what they can) is something like Role-based strategy. At most, SAML might be able to take the response from the end-point and convert it to a specific case and store that, then RBS would have to ensure it's using the same case. Unless anyone knows of a way to tell SAML to respond in a specific case (like via the Idp Metadata), but I have yet to find out how to control that, so I'm working on a new config to specify case. Add Comment This message was sent by Atlassian JIRA (v6.4.2#64017-sha1:e244265) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[JIRA] [saml-plugin] (JENKINS-29086) User IDs are case sensitive in saml-plugin
Title: Message Title Mikhail Tyuzin commented on JENKINS-29086 Re: User IDs are case sensitive in saml-plugin Then most probably SAML should also be cases sensitive as it uses Role-Based strategy to enforce security. Add Comment This message was sent by Atlassian JIRA (v6.4.2#64017-sha1:e244265) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[JIRA] [saml-plugin] (JENKINS-29086) User IDs are case sensitive in saml-plugin
Title: Message Title Brantone commented on JENKINS-29086 Re: User IDs are case sensitive in saml-plugin Is this an issue of SAML coming back case-sensitive ... or the authorization strategy doing a case-sensitive comparison? For example Role-Based is case sensitive for matching. Add Comment This message was sent by Atlassian JIRA (v6.4.2#64017-sha1:e244265) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[JIRA] [saml-plugin] (JENKINS-29086) User IDs are case sensitive in saml-plugin
Title: Message Title Mikhail Tyuzin commented on JENKINS-29086 Re: User IDs are case sensitive in saml-plugin The same is true for groups in newly added groups support so probably both should be fixed at once. For groups this issue is much more significant. Add Comment This message was sent by Atlassian JIRA (v6.4.2#64017-sha1:e244265) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[JIRA] [saml-plugin] (JENKINS-29086) User IDs are case sensitive in saml-plugin
Title: Message Title Artur Mihura updated an issue Jenkins / JENKINS-29086 User IDs are case sensitive in saml-plugin Change By: Artur Mihura Summary: User ID's IDs are case sensitive in saml-plugin Add Comment This message was sent by Atlassian JIRA (v6.4.2#64017-sha1:e244265) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
