Versions Compared

Old Version 8

changes.mady.by.user Paul Allen

Saved on

compared with

New Version Current

changes.mady.by.user Paul Allen

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.


Note

It is much easier to configure the SAML plugin for Jenkins using the Configuration-as-Code Jenkins plugin. Configuration would be something like this:

Code Block
languageyml
jenkins
  securityRealm:
    saml:
      binding: "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
      displayNameAttributeName: "urn:oid:2.16.840.1.113730.3.1.241"
      emailAttributeName: "urn:oid:1.3.6.1.4.1.5923.1.1.1.6"
      encryptionData:
        # forceSignRedirectBindingAuthnRequest:
        #   true, for production Shibboleth
        #   false, for test Shibboleth
        forceSignRedirectBindingAuthnRequest: false
        keystorePassword: changeit
        keystorePath: "/var/jenkins_home/saml-key.jks"
        privateKeyAlias: "saml-key"
        privateKeyPassword: changeit
        # wantsAssertionsSigned:
        #   Does production Shibboleth want true or false?
        #   Test Shibboleth wants false
        wantsAssertionsSigned: false 
      groupsAttributeName: "urn:oid:1.3.6.1.4.1.5923.1.5.1.1"
      idpMetadataConfiguration:
        period: 1440
        url: "https://shibidp.cit.cornell.edu/idp/shibboleth"
        # url: "https://shibidp-test.cit.cornell.edu/idp/shibboleth"  
      maximumAuthenticationLifetime: 86400
      usernameAttributeName: "urn:oid:1.3.6.1.4.1.5923.1.1.1.6"
      usernameCaseConversion: "none"



Info

These instructions have been validated against Jenkins version 2.289.3 and SAML Plugin version 2.0.7. 

Be aware that our experience indicates a change in behavior between SAML Plugin version 1.x and 2.x. The Jenkins SAML integration broke when updating the SAML Plugin from version 1.x to 2.x if configuration isn't updated.

...