Just got Jenkins configured with OpenID Connect but was wondering how it gets userInfoServerUrl. Is it retrieved from IdP metadata (/fss/.well-known/openid-configuration)?
If not, is there anyway to configure it?
The reason I am asking is that when I invoke the user info url manually, I do see token keys but Jenkins complains that the key is not supplied in the payload. The other issue is that it's not reading/populating mail and full name from the payload.
java.lang.Exception: no field 'uid' was suppied in the token payload to be used as the username
at org.kohsuke.stapler.HttpResponses.error(HttpResponses.java:83)
at org.jenkinsci.plugins.oic.OicSecurityRealm$2.onSuccess(OicSecurityRealm.java:206)
at org.jenkinsci.plugins.oic.OicSession.doFinishLogin(OicSession.java:98)
at org.jenkinsci.plugins.oic.OicSecurityRealm.doFinishLogin(OicSecurityRealm.java:294)
at java.lang.invoke.MethodHandle.invokeWithArguments(Unknown Source)
Looks like the option to set userInfoServerUrl will be available in the next release. See github
Related
i try to run wso2 idenitity on IIS server, all work normally but when i try it on server i get wrong signin-callback.
The following is a picture of the callback-uri that I registered with the service provider
registered callback uri like this regexp=(http://localhost:4003/api/oauth2/v2/signin-callback)
what I get next when I try to login using the service provider:
callback url like this https://host/api/oauth2/v2/signin-callback?code=d3d16661-0312-3be1-bebb-5940dd267000&session_state=1331111359c3f5029f733f196037241203bc22c164f7910572d38647c4269a16.6KtgBQ2Z7AIOjVALA6UYdQ
authorize payload when logging in:
payload redirect uri when authorized
Please check the properties file of your service provider and change the value of callBackUrl property to http://localhost:4003/api/oauth2/v2/signin-callback. For example if its pickup-dispatch app[1] hosted in tomcat, you can find the properties file in <TOMCAT_HOME>/webapps/pickup-dispatch/WEB-INF/classes/dispatch.properties file.
If this doesn't solve your issue, please provide any error logs printed and the SP properties file for further analysis.
[1] https://is.docs.wso2.com/en/latest/guides/login/sso-for-oidc/#pickup-dispatch_1
I am trying to set up the "Extended E-mail Notification" in jenkins. My plugin version is 2.89
However in the setup i dont see the SMTP Authentication checkbox, instead it just has this credentials tab. Credentials
I tried to use my office365 credentials but it is just using the jenkins user for some reason.
Error message
Does anyone know how to set up the plugin?
I want to upload attachments to a page in Confluence in a post build action using a pipeline job.
I downloaded the Confluence Publisher plugin. Im trying to use my email id as username and API Token as password to test login. (tried with both http and https)
Keeps giving Authentication Error (401)
I tried from postman with same token and username (Auth method as API Authentication). Works like a charm.
What am I doing wrong?
Had the same problem here with version 0.12.0.
Problem is fixed for me with changing to version 0.17.1
I'm using https://github.com/jenkinsci/ghprb-plugin plugin for my Jenkins to initiate job build when pull request is raised.
I'm getting below error
"Unable to connect to GitHub API: org.kohsuke.github.HttpException: {"message":"Requires authentication","documentation_url":"https://docs.github.com/rest/reference/users#get-the-authenticated-user"}"
Tried with multiple user on 2 different Jenkins, issue remains same.
Right now you are using github username and password. But you need to use github access token instead of password for authentication. You can create an access token from settings -> Developer Settings -> Personal Access tokens -> Generate new token.
I read the Google Oauth2 documentation and it seems that I can send a login_hint parameter as part of the authorization request, similar to specifying access_type.
I am using an offline access_type for a web server application (Rails application).
I tried setting the parameter on the Client's authorization object as well as passing it as an option when initializing the client but it never auto-fills the login box nor is sent as a query parameter.
All I'm trying to do is, if the user is logged in to Gmail already with a different account then they should be prompted to login / select a different account (which is specified in the login_hint).
I got it working by setting the login_hint parameter using the additional_parameters hash which is available on Signet::OAuth2::Client.
Basically, doing the following:
client = Google::APIClient.new(application_name: 'test application', application_version: '0.0.1')
client.authorization.additional_parameters[:login_hint] = 'some_address#gmail.com'
If you get an error about additional_parameters not being defined then make sure you are using a recent version of the signet gem or use the latest from the master branch.