Re: Jenkins with Saml 2.0 SSO Authentication

2015-02-19 Thread John Burrows 
 
org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:533)
at 
org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:231)
at 
org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1086)
at 
org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:428)
at 
org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:193)
at 
org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1020)
at 
org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:135)
at 
org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:116)
at org.eclipse.jetty.server.Server.handle(Server.java:370)
at 
org.eclipse.jetty.server.AbstractHttpConnection.handleRequest(AbstractHttpConnection.java:489)
at 
org.eclipse.jetty.server.AbstractHttpConnection.headerComplete(AbstractHttpConnection.java:949)
at 
org.eclipse.jetty.server.AbstractHttpConnection$RequestHandler.headerComplete(AbstractHttpConnection.java:1011)
at org.eclipse.jetty.http.HttpParser.parseNext(HttpParser.java:644)
at org.eclipse.jetty.http.HttpParser.parseAvailable(HttpParser.java:235)
at 
org.eclipse.jetty.server.AsyncHttpConnection.handle(AsyncHttpConnection.java:82)
at 
org.eclipse.jetty.io.nio.SelectChannelEndPoint.handle(SelectChannelEndPoint.java:668)
at 
org.eclipse.jetty.io.nio.SelectChannelEndPoint$1.run(SelectChannelEndPoint.java:52)
at winstone.BoundedExecutorService$1.run(BoundedExecutorService.java:77)
at 
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
at 
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
at java.lang.Thread.run(Thread.java:744)
Caused by: org.pac4j.saml.exceptions.SamlException: Error decoding saml message
at 
org.pac4j.saml.sso.Saml2WebSSOProfileHandler.receiveMessage(Saml2WebSSOProfileHandler.java:121)
at 
org.pac4j.saml.client.Saml2Client.retrieveCredentials(Saml2Client.java:315)
at 
org.pac4j.saml.client.Saml2Client.retrieveCredentials(Saml2Client.java:95)
at org.pac4j.core.client.BaseClient.getCredentials(BaseClient.java:211)
at 
org.jenkinsci.plugins.saml.SamlSecurityRealm.doFinishLogin(SamlSecurityRealm.java:135)
... 73 more
Caused by: org.opensaml.ws.message.decoder.MessageDecodingException:
This message deocoder only supports the HTTP POST method
at 
org.opensaml.saml2.binding.decoding.HTTPPostDecoder.doDecode(HTTPPostDecoder.java:83)
at 
org.opensaml.ws.message.decoder.BaseMessageDecoder.decode(BaseMessageDecoder.java:78)
at 
org.opensaml.saml2.binding.decoding.BaseSAML2MessageDecoder.decode(BaseSAML2MessageDecoder.java:70)
at 
org.pac4j.saml.sso.Saml2WebSSOProfileHandler.receiveMessage(Saml2WebSSOProfileHandler.java:119)
... 77 more



---

John Burrows

Supervisor Software Engineering, USA

SCM: AD Common Services <https://sites.google.com/a/aciworldwide.com/scm/>

T + 1 704 423 2531 / M + 1 864 490 1091

*Vacation Alert :*

*Feb 27 / **Mar 30-Apr 2 / Jun 29-Jul 2*


ACI Worldwide
www.aciworldwide.com
<http://www.google.com/url?q=http%3A%2F%2Fwww.aciworldwide.com%2F&sa=D&sntz=1&usg=AFrqEzfhJz2nwfsTXrBW8qgAxUBxy4eJuw>


On Wed, Feb 18, 2015 at 5:39 PM, Ben McCann  wrote:

> Btw, please let me know if you get it working! I'd love to update the docs
> with regards to anything that may be confusing.
>
> Thanks,
> Ben
>
>
> On Wed, Feb 18, 2015 at 2:38 PM, Ben McCann  wrote:
>
>> Hi John,
>>
>> Someone else recently reported a problem with a URL that they tracked
>> down to a misconfiguration. Are you having the problem described here?
>> https://github.com/connectifier/jenkins-saml-plugin/issues/4
>>
>> -Ben
>>
>>
>>
>> On Wed, Feb 18, 2015 at 8:09 AM, John Burrows <
>> john.burr...@aciworldwide.com> wrote:
>>
>>> Hi Ben,
>>>
>>> Thank you for your help, I have been trying to get the SAML plugin
>>> working with our Ping federated server and have been unsuccessful.
>>>
>>> Here is what is happening:
>>>
>>>
>>> Jenkins v 1.597 SAML plugin v 0.3
>>>
>>> We are using an internal PingFederated server and I have entered the xml
>>> metedata contents into the Security configuration of Jenkins.
>>>
>>> I have tried on two servers, one set up HTTPS (SSL) and one just HTTP.
>>>
>>> We get errors when trying to login using SSO that pertain to the
>>> *https://servername/securityRealm/finishLogin*
>>> <https://servername/securityRealm/finishLogin> redirect and the same
>>> for non-

Re: Jenkins with Saml 2.0 SSO Authentication

2015-02-18 Thread John Burrows 
Hi Ben,
 
Thank you for your help, I have been trying to get the SAML plugin working 
with our Ping federated server and have been unsuccessful.
 
Here is what is happening:
 

Jenkins v 1.597 SAML plugin v 0.3

We are using an internal PingFederated server and I have entered the xml 
metedata contents into the Security configuration of Jenkins.

I have tried on two servers, one set up HTTPS (SSL) and one just HTTP.

We get errors when trying to login using SSO that pertain to the 
*https://servername/securityRealm/finishLogin* 
<https://servername/securityRealm/finishLogin> redirect and the same for 
non-SSL server.

We are stumped on what to check here, the PingFederated administrator has 
it set for the postback to the securityRealm/finishLogin URL, which is what 
is in the code for the plugin, we just are not sure how to proceed. 

The contents of the xml metadata:

http://www.w3.org/2000/09/xmldsig#";>   
CERTIFICATECODE HERE 
   
urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified
https://SSOSERVERNAME/idp/SSO.saml2"/>https://SSOSERVERNAME/idp/SSO.saml2"/>https://SSOSERVERNAME/idp/SSO.saml2"/>https://SSOSERVERNAME/idp/SSO.saml2";
/>COMPANYNAME


Any suggestions or hlep would be greatly appreciated.

Thanks,

John
 

On Friday, January 23, 2015 at 11:51:07 AM UTC-5, Ben McCann wrote:

> Yes, all the contents of the xml file
>
> On Fri, Jan 23, 2015 at 8:29 AM, John Burrows  > wrote:
>
>> Or is it just all the contents of the xml file?
>>
>> Thanks,
>> John
>>
>> ---
>>
>> John Burrows
>>
>> Supervisor Software Engineering, USA
>>
>> SCM: AD Common Services 
>> <https://sites.google.com/a/aciworldwide.com/scm/>
>>
>> T + 1 704 423 2531 / M + 1 864 490 1091
>>
>> *Vacation Alert :*
>>
>> *Feb 27 / **Mar 30-Apr 2 / Jun 29-Jul 2*
>>
>>
>> ACI Worldwide 
>> www.aciworldwide.com 
>> <http://www.google.com/url?q=http%3A%2F%2Fwww.aciworldwide.com%2F&sa=D&sntz=1&usg=AFrqEzfhJz2nwfsTXrBW8qgAxUBxy4eJuw>
>> ---
>>
>> For *AD Common Services: Infrastructure Services* support contact:
>>  Jeni Jones >
>> For *AD Common Services:* *ARLM *support email:
>>  grp-arlm...@aciworldwide.com 
>> For *AD Common Services: **SCM *support refer to the Google Site:
>> * SCM Contact/Request Information 
>> <https://sites.google.com/a/aciworldwide.com/scm/contact>*
>> For *AD Common Services: **Security* or *AD Tools* support contact:
>>  Andie Srivastava >
>>
>>
>> On Fri, Jan 23, 2015 at 11:27 AM, John Burrows <
>> john.b...@aciworldwide.com > wrote:
>>
>>> Ben,
>>>
>>> Thanks for the quick response, maybe I wasnt clear, but what I am 
>>> asking, is what info goes into that field and in what format?
>>>
>>> Can you send me an example?
>>>
>>> Thanks,
>>> John
>>>
>>> ---
>>>
>>> John Burrows
>>>
>>> Supervisor Software Engineering, USA
>>>
>>> SCM: AD Common Services 
>>> <https://sites.google.com/a/aciworldwide.com/scm/>
>>>
>>> T + 1 704 423 2531 / M + 1 864 490 1091
>>>
>>> *Vacation Alert :*
>>>
>>> *Feb 27 / **Mar 30-Apr 2 / Jun 29-Jul 2*
>>>
>>>
>>> ACI Worldwide 
>>> www.aciworldwide.com 
>>> <http://www.google.com/url?q=http%3A%2F%2Fwww.aciworldwide.com%2F&sa=D&sntz=1&usg=AFrqEzfhJz2nwfsTXrBW8qgAxUBxy4eJuw>
>>> ---
>>>
>>> For *AD Common Services: Infrastructure Services* support contact:
>>>  Jeni Jones >
>>> For *AD Common Services:* *ARLM *support email:
>>>  grp-arlm...@aciworldwide.com 
>>> For *AD Common Services: **SCM *support refer to the Google Site:
>>> * SCM Contact/Request Information 
>>> <https://sites.google.com/a/aciworldwide.com/scm/contact>*
>>> For *AD Common Services: **Security* or *AD Tools* support contact:
>>>  Andie Srivastava >
>>>
>>>
>>> On Fri, Jan 23, 2015 at 11:10 AM, Ben McCann >> > wrote:
>>>
>>>> Hey John,
>>>>
>>>> Ping should be able to give you a metadata file which contains all the 
>>>> configuration information you need. We set it up this way, so that you 
>>>> only 
>>>> have enter a single field instead of a few different fields.
>>>>
>>>> I haven't used Ping specifically before, but found these docs, which

Re: Jenkins with Saml 2.0 SSO Authentication

2015-01-23 Thread John Burrows 
Or is it just all the contents of the xml file?

Thanks,
John

---

John Burrows

Supervisor Software Engineering, USA

SCM: AD Common Services <https://sites.google.com/a/aciworldwide.com/scm/>

T + 1 704 423 2531 / M + 1 864 490 1091

*Vacation Alert :*

*Feb 27 / **Mar 30-Apr 2 / Jun 29-Jul 2*


ACI Worldwide
www.aciworldwide.com
<http://www.google.com/url?q=http%3A%2F%2Fwww.aciworldwide.com%2F&sa=D&sntz=1&usg=AFrqEzfhJz2nwfsTXrBW8qgAxUBxy4eJuw>
---

For *AD Common Services: Infrastructure Services* support contact:
 Jeni Jones 
For *AD Common Services:* *ARLM *support email:
 grp-arlm-supp...@aciworldwide.com
For *AD Common Services: **SCM *support refer to the Google Site:
* SCM Contact/Request Information
<https://sites.google.com/a/aciworldwide.com/scm/contact>*
For *AD Common Services: **Security* or *AD Tools* support contact:
 Andie Srivastava 


On Fri, Jan 23, 2015 at 11:27 AM, John Burrows <
john.burr...@aciworldwide.com> wrote:

> Ben,
>
> Thanks for the quick response, maybe I wasnt clear, but what I am asking,
> is what info goes into that field and in what format?
>
> Can you send me an example?
>
> Thanks,
> John
>
> ---
>
> John Burrows
>
> Supervisor Software Engineering, USA
>
> SCM: AD Common Services <https://sites.google.com/a/aciworldwide.com/scm/>
>
> T + 1 704 423 2531 / M + 1 864 490 1091
>
> *Vacation Alert :*
>
> *Feb 27 / **Mar 30-Apr 2 / Jun 29-Jul 2*
>
>
> ACI Worldwide
> www.aciworldwide.com
> <http://www.google.com/url?q=http%3A%2F%2Fwww.aciworldwide.com%2F&sa=D&sntz=1&usg=AFrqEzfhJz2nwfsTXrBW8qgAxUBxy4eJuw>
> ---
>
> For *AD Common Services: Infrastructure Services* support contact:
>  Jeni Jones 
> For *AD Common Services:* *ARLM *support email:
>  grp-arlm-supp...@aciworldwide.com
> For *AD Common Services: **SCM *support refer to the Google Site:
> * SCM Contact/Request Information
> <https://sites.google.com/a/aciworldwide.com/scm/contact>*
> For *AD Common Services: **Security* or *AD Tools* support contact:
>  Andie Srivastava 
>
>
> On Fri, Jan 23, 2015 at 11:10 AM, Ben McCann  wrote:
>
>> Hey John,
>>
>> Ping should be able to give you a metadata file which contains all the
>> configuration information you need. We set it up this way, so that you only
>> have enter a single field instead of a few different fields.
>>
>> I haven't used Ping specifically before, but found these docs, which may
>> help you if this is the right Ping product:
>> http://documentation.pingidentity.com/display/PF66/Exporting+Metadata
>>
>> -Ben
>>
>>
>> On Fri, Jan 23, 2015 at 2:30 AM, John Burrows <
>> john.burr...@aciworldwide.com> wrote:
>>
>>> Ben,
>>>
>>> I am trying to get the SAML plugin to work, but the configuration in
>>> Security is confusing.
>>>
>>> All I see when clicking SAML in the security configuration is:
>>>
>>>
>>> <https://lh4.googleusercontent.com/-TX1s_WUN4zg/VMIihJA5fpI/CC8/DTB_uw1_HP0/s1600/SAML.jpg>
>>>
>>> Any ideas or help on how to properly configure it?
>>>
>>> We use an internal Ping Federated server for SSO authentication.
>>>
>>> Thanks
>>>
>>> John
>>>
>>>
>>> On Sunday, August 17, 2014 at 12:18:55 AM UTC-4, Ben McCann wrote:
>>>>
>>>> I've created a SAML 2.0 plugin for Jenkins
>>>> https://wiki.jenkins-ci.org/display/JENKINS/SAML+Plugin
>>>>
>>>>
>>>> On Tuesday, January 21, 2014 5:39:21 AM UTC-8, St. Georgiou wrote:
>>>>>
>>>>> Hey there,
>>>>>
>>>>> I'm looking for a jenkins plugin to enable sso authetication using
>>>>> shibboleth2.
>>>>> Is there such a thing? I can only find the  CAS Plugin
>>>>> <https://wiki.jenkins-ci.org/display/JENKINS/CAS+Plugin>   that only
>>>>> goes up
>>>>> to saml 1.1.
>>>>>
>>>>> Cheers
>>>>>
>>>>>
>>>>>
>>>>> --
>>>>> View this message in context: http://jenkins-ci.361315.n4.
>>>>> nabble.com/Jenkins-with-Saml-2-0-SSO-Authentication-tp4687801.html
>>>>> Sent from the Jenkins users mailing list archive at Nabble.com.
>>>>>
>>>>
>>>  <http://www.aciworldwide.com>
>>>
>>> This email message and any attachments may contain co

Re: Jenkins with Saml 2.0 SSO Authentication

2015-01-23 Thread John Burrows 
Ben,

Thanks for the quick response, maybe I wasnt clear, but what I am asking,
is what info goes into that field and in what format?

Can you send me an example?

Thanks,
John

---

John Burrows

Supervisor Software Engineering, USA

SCM: AD Common Services <https://sites.google.com/a/aciworldwide.com/scm/>

T + 1 704 423 2531 / M + 1 864 490 1091

*Vacation Alert :*

*Feb 27 / **Mar 30-Apr 2 / Jun 29-Jul 2*


ACI Worldwide
www.aciworldwide.com
<http://www.google.com/url?q=http%3A%2F%2Fwww.aciworldwide.com%2F&sa=D&sntz=1&usg=AFrqEzfhJz2nwfsTXrBW8qgAxUBxy4eJuw>
---

For *AD Common Services: Infrastructure Services* support contact:
 Jeni Jones 
For *AD Common Services:* *ARLM *support email:
 grp-arlm-supp...@aciworldwide.com
For *AD Common Services: **SCM *support refer to the Google Site:
* SCM Contact/Request Information
<https://sites.google.com/a/aciworldwide.com/scm/contact>*
For *AD Common Services: **Security* or *AD Tools* support contact:
 Andie Srivastava 


On Fri, Jan 23, 2015 at 11:10 AM, Ben McCann  wrote:

> Hey John,
>
> Ping should be able to give you a metadata file which contains all the
> configuration information you need. We set it up this way, so that you only
> have enter a single field instead of a few different fields.
>
> I haven't used Ping specifically before, but found these docs, which may
> help you if this is the right Ping product:
> http://documentation.pingidentity.com/display/PF66/Exporting+Metadata
>
> -Ben
>
>
> On Fri, Jan 23, 2015 at 2:30 AM, John Burrows <
> john.burr...@aciworldwide.com> wrote:
>
>> Ben,
>>
>> I am trying to get the SAML plugin to work, but the configuration in
>> Security is confusing.
>>
>> All I see when clicking SAML in the security configuration is:
>>
>>
>> <https://lh4.googleusercontent.com/-TX1s_WUN4zg/VMIihJA5fpI/CC8/DTB_uw1_HP0/s1600/SAML.jpg>
>>
>> Any ideas or help on how to properly configure it?
>>
>> We use an internal Ping Federated server for SSO authentication.
>>
>> Thanks
>>
>> John
>>
>>
>> On Sunday, August 17, 2014 at 12:18:55 AM UTC-4, Ben McCann wrote:
>>>
>>> I've created a SAML 2.0 plugin for Jenkins
>>> https://wiki.jenkins-ci.org/display/JENKINS/SAML+Plugin
>>>
>>>
>>> On Tuesday, January 21, 2014 5:39:21 AM UTC-8, St. Georgiou wrote:
>>>>
>>>> Hey there,
>>>>
>>>> I'm looking for a jenkins plugin to enable sso authetication using
>>>> shibboleth2.
>>>> Is there such a thing? I can only find the  CAS Plugin
>>>> <https://wiki.jenkins-ci.org/display/JENKINS/CAS+Plugin>   that only
>>>> goes up
>>>> to saml 1.1.
>>>>
>>>> Cheers
>>>>
>>>>
>>>>
>>>> --
>>>> View this message in context: http://jenkins-ci.361315.n4.
>>>> nabble.com/Jenkins-with-Saml-2-0-SSO-Authentication-tp4687801.html
>>>> Sent from the Jenkins users mailing list archive at Nabble.com.
>>>>
>>>
>>  <http://www.aciworldwide.com>
>>
>> This email message and any attachments may contain confidential,
>> proprietary or non-public information. The information is intended solely
>> for the designated recipient(s). If an addressing or transmission error has
>> misdirected this email, please notify the sender immediately and destroy
>> this email. Any review, dissemination, use or reliance upon this
>> information by unintended recipients is prohibited. Any opinions expressed
>> in this email are those of the author personally.
>>
>> --
>> You received this message because you are subscribed to a topic in the
>> Google Groups "Jenkins Users" group.
>> To unsubscribe from this topic, visit
>> https://groups.google.com/d/topic/jenkinsci-users/L_5ACUwtJpM/unsubscribe
>> .
>> To unsubscribe from this group and all its topics, send an email to
>> jenkinsci-users+unsubscr...@googlegroups.com.
>> To view this discussion on the web visit
>> https://groups.google.com/d/msgid/jenkinsci-users/5a68a1a6-220c-4b6c-8035-7172d87ae000%40googlegroups.com
>> <https://groups.google.com/d/msgid/jenkinsci-users/5a68a1a6-220c-4b6c-8035-7172d87ae000%40googlegroups.com?utm_medium=email&utm_source=footer>
>> .
>>
>> For more options, visit https://groups.google.com/d/optout.
>>
>
>
>
> --
> about.me/benmccann
>
> --
> You received this message because you are subscribed to a topic in the
> Google Groups "Jenkin

Re: Jenkins with Saml 2.0 SSO Authentication

2015-01-23 Thread John Burrows 
Ben,

I am trying to get the SAML plugin to work, but the configuration in 
Security is confusing.

All I see when clicking SAML in the security configuration is:



Any ideas or help on how to properly configure it?

We use an internal Ping Federated server for SSO authentication.

Thanks

John


On Sunday, August 17, 2014 at 12:18:55 AM UTC-4, Ben McCann wrote:
>
> I've created a SAML 2.0 plugin for Jenkins
> https://wiki.jenkins-ci.org/display/JENKINS/SAML+Plugin
>
>
> On Tuesday, January 21, 2014 5:39:21 AM UTC-8, St. Georgiou wrote:
>>
>> Hey there, 
>>
>> I'm looking for a jenkins plugin to enable sso authetication using 
>> shibboleth2. 
>> Is there such a thing? I can only find the  CAS Plugin 
>>    that only 
>> goes up 
>> to saml 1.1. 
>>
>> Cheers 
>>
>>
>>
>> -- 
>> View this message in context: 
>> http://jenkins-ci.361315.n4.nabble.com/Jenkins-with-Saml-2-0-SSO-Authentication-tp4687801.html
>>  
>> Sent from the Jenkins users mailing list archive at Nabble.com. 
>>
>
-- 
 

This email message and any attachments may contain confidential, 
proprietary or non-public information. The information is intended solely 
for the designated recipient(s). If an addressing or transmission error has 
misdirected this email, please notify the sender immediately and destroy 
this email. Any review, dissemination, use or reliance upon this 
information by unintended recipients is prohibited. Any opinions expressed 
in this email are those of the author personally.

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-users/5a68a1a6-220c-4b6c-8035-7172d87ae000%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.