Jenkins does not process AD groups via SAML Plugin

lukas · September 6, 2024, 7:41am

Hi,
i have the following problem:
We’re using the SAML Plugin to login users via SSO. The SSO Token is correct and provides AD groups, UserID, username and so on. It works fine for our team members, which are assigned to a global admin role.
For other users this does not work. When they click on their profile, there are no groups listed, and they can’t see anything in Jenkins. Their User-ID and username, provided via SAML, are displayed correctly though. The groups are correctly displayed when i look at https://.com/user/
We’re using Role Based authorization, with Global and Item roles. These roles are assigned to the active directory groups in Jenkins.
I hope anybody has an idea to help with this issue.

Jenkins Version: 2.462.1
SAML Plugin Version: 4.464.vea_cb_75d7f5e0 (SAML)

poddingue · September 10, 2024, 9:37am

Hello @lukas,

Could it be that your SAML groups aren’t correctly mapped to the Jenkins roles for non-admin users?

lukas · September 12, 2024, 11:28am

The roles should be mapped correctly. I have assigned myself a developer group, and it is displayed in my Jenkins user profile. The same group is not shown, when a developer opens his profile.

Topic		Replies	Views
Group name is not visible in Jenkins for SAML with AzureAD Using Jenkins	2	989	June 13, 2024
Parsing SAML Group Attribute in Jenkins for Project-Based Matrix Authorization Ask a question	0	223	April 13, 2024
Introducing the Jenkins SAML SSO plugin - Simplifying Authentication for Jenkins Users Showing Off	0	4058	February 8, 2023
Switching from local user database to SAML login Using Jenkins question	0	775	January 21, 2022
Authorization - AAD matrix-based security issue Ask a question question , events	0	481	January 30, 2022

Jenkins does not process AD groups via SAML Plugin

Related topics