Issue
- The SAML plugin started failing after migrating to version 2.176.4.3 or greater.
- CloudBees Core is using
https
. - In the log you should see traces resembling:
INFO o.p.s.m.SAML2ServiceProviderMetadataResolver#<init>: Using SP entity ID https://<domain>/cjoc/securityRealm/finishLogin
Environment
- CloudBees CI (CloudBees Core)
- CloudBees CI (CloudBees Core) on modern cloud platforms - Managed Master
- CloudBees CI (CloudBees Core) on modern cloud platforms - Operations Center
- SAML Plugin
Resolution
The explanation for this failure is that the CloudBees Core default scheme for the Jenkins location was changed from https
to http
.
The SAML plugin is using the Jenkins location (http
) to listen for the answer of the SAML provider, which itself answers use the real scheme (https
).
The solution is to make sure the Jenkins location is correct.
You can do so by editing the cjoc-configure-jenkins-groovy
ConfigMap
: kubectl edit configmap cjoc-configure-jenkins-groovy
.
In the data section of the ConfigMap
locate the jenkins.model.JenkinsLocationConfiguration.get().setUrl
call and make sure it uses https
.
Tested product/plugin versions
- CloudBees Core version
2.176.4.3
- SAML Plugin in the envelope of this version.
0 Comments