无法 SSO 登录 Jenkins SAML 2.0 ADFS 集成

Question

We are able to login to Jenkins using SSO from the past one year without any issues.

Today, however the SSO failed for the entire team and no one can login anymore.

After providing the SSO AD credentials we are thrown to the SAMLLougout page.

Upon investigation the ADFS team informed that one of the certificates from Jenkins has expired. The sanpshot of the expired certificate as shared by the ADFS team for our Jenkins is below:

We have never created this certificate nor do we have any idea about it. Is this something that comes default with the SAML plugin or the Jenkins product? Please let me know.

Now, that we are not able to login to Jenkins how do we go about fixing the issue and updating the certificate?

I'm using the latest version of the standalone Jenkins war.

Any help guidance would be appreciated.

Answer 1

You need to remove certificates from JENKINS_HOME and restart jenkins service. Jenkins will generate new certificates:

• Delete the following file from JENKINS_HOME: saml-jenkins-keystore.jks saml-jenkins-keystore.xml jenkins.cer.
• Restart Jenkins.
• Access JENKINS via web inteface. This will generate new saml-jenkins-keystore.jks saml-jenkins-keystore.xml
• Generate jenkins.cer using the new jks keytool -export -alias saml-generated-keypair -keystore saml-jenkins-keystore.jks -rfc -file jenkins.cer
• Give this new jenkins.cer to ADFS Team which they will import and this will resolve the issue.

You can move these files to /home/ folder to restore them if everything will go wrong.