Hi,
i have the following problem:
We’re using the SAML Plugin to login users via SSO. The SSO Token is correct and provides AD groups, UserID, username and so on. It works fine for our team members, which are assigned to a global admin role.
For other users this does not work. When they click on their profile, there are no groups listed, and they can’t see anything in Jenkins. Their User-ID and username, provided via SAML, are displayed correctly though. The groups are correctly displayed when i look at https://.com/user/
We’re using Role Based authorization, with Global and Item roles. These roles are assigned to the active directory groups in Jenkins.
I hope anybody has an idea to help with this issue.
The roles should be mapped correctly. I have assigned myself a developer group, and it is displayed in my Jenkins user profile. The same group is not shown, when a developer opens his profile.
Ran into a simlar issue. Ours turned out to be the groups were being returned from SAML as the full DN. If you have a similar issue, go check an example user and see what groups are being returned by your SAML provider and make sure your Jenkins groups match verbatim.
Side note, from what I see on our deployments, users can’t see their groups in Jenkins, only the admins can see the users groups.