I posted the question already on the jenkins saml github repo, however not sure where is the exact cause of issue - https://github.com/connectifier/jenkins-saml-plugin/issues/9.
Any help is appreciated
Auth0 Configuraiton
- Created an app "Jenkins"
- Under Jenkins app > Settings, the field "Allowed Callback URLs = http://52.34.126.192:8080/securityRealm/finishLogin" (I am using AWS , so that ip might change)
- Scroll down by clicking "Advanced Settings" . Under Endpoints > SAML, copied the URL "SAML metadata URL" and pasted in browser. It downloaded an XML file . We will use this later on jenkins side
- Had an Auth0 user "[email protected]" with connection "username-password-Authentication" database
I expect that after integration , I should be able to login to Jenkins with "[email protected]"
Jenkins Config
- Installed SAML plugin -https://wiki.jenkins-ci.org/display/JENKINS/SAML+Plugin
- Enabled global security , then SAML , pasted the above XML file (step 3 above) into field "IdP MetaData", selected "Role based strategy" radio and hit save
- No effect will be observed now as it is mentioned in SAML plugin that Anonymous has to be disabled before seeing changes.
- Go to Manage and Assign roles, and then uncheck any box for anonymous (since if Anonymous is enabled, then auth will be bypassed)
- As soon as you hit save, you will be redirected to the Auth0 Login page (you can customize the login page on auth0, for now I went with defaults)
- Now I login with the Auth0 user that I created in Auth0 config
I get the error as below
LOGS
On the Auth0 side, the logs say that the user successfully logged in
Any help or thoughts are highly appreciated. Since Auth0 login says successful, I am posting this here, instead of Auth0 bugs
This error seems to occur, when you do not explicitly set the audience
setting in the auth0 SAML2 AddOn to the callback URL.
Setting it explicitly fixed the issue for me.
My guess: it is somehow related to the fact that the plugin uses a rather dated version of the pac4j libraries.