search

jenkinsci / azure-ad-plugin

Authentication and Authorization with Azure AD
https://plugins.jenkins.io/azure-ad/
MIT License
29 stars 58 forks source link

Issuer (iss) claim value doesn't match expected value. #189

Closed b2234913 closed 5 months ago

b2234913 commented 2 years ago

Jenkins and plugins versions report

Environment ```text Jenkins: 2.319.3 OS: Linux - 4.15.0-1002-azure-fips --- ace-editor:1.1 ant:1.13 antisamy-markup-formatter:2.7 apache-httpcomponents-client-4-api:4.5.13-1.0 azure-ad:191.vfc8019068670 azure-sdk:85.v4817a_b_8a_7124 bootstrap4-api:4.6.0-3 bootstrap5-api:5.1.3-4 bouncycastle-api:2.25 branch-api:2.7.0 build-timeout:1.20 caffeine-api:2.9.2-29.v717aac953ff3 checks-api:1.7.2 cloudbees-folder:6.17 command-launcher:1.6 credentials:1074.v60e6c29b_b_44b_ credentials-binding:1.27.1 display-url-api:2.3.5 durable-task:493.v195aefbb0ff2 echarts-api:5.2.2-2 email-ext:2.87 font-awesome-api:6.0.0-1 git:4.10.3 git-client:3.11.0 git-server:1.10 github:1.34.2 github-api:1.301-378.v9807bd746da5 github-branch-source:2.11.4 gradle:1.38 handlebars:3.0.8 jackson2-api:2.13.1-246.va8a9f3eaf46a javax-activation-api:1.2.0-2 javax-mail-api:1.6.2-5 jaxb:2.3.0.1 jdk-tool:1.5 jjwt-api:0.11.2-9.c8b45b8bb173 jnr-posix-api:3.1.7-1 jquery3-api:3.6.0-2 jsch:0.1.55.2 junit:1.54 ldap:2.7 lockable-resources:2.14 mailer:408.vd726a_1130320 matrix-auth:3.0.1 matrix-project:1.20 momentjs:1.1.1 okhttp-api:4.9.3-105.vb96869f8ac3a pam-auth:1.7 pipeline-build-step:2.15 pipeline-github-lib:36.v4c01db_ca_ed16 pipeline-graph-analysis:188.v3a01e7973f2c pipeline-input-step:446.vf27b_0b_83500e pipeline-milestone-step:100.v60a_03cd446e1 pipeline-model-api:1.9.3 pipeline-model-definition:1.9.3 pipeline-model-extensions:1.9.3 pipeline-rest-api:2.21 pipeline-stage-step:291.vf0a8a7aeeb50 pipeline-stage-tags-metadata:1.9.3 pipeline-stage-view:2.21 plain-credentials:1.8 plugin-util-api:2.13.0 popper-api:1.16.1-2 popper2-api:2.11.2-1 resource-disposer:0.17 scm-api:595.vd5a_df5eb_0e39 script-security:1131.v8b_b_5eda_c328e snakeyaml-api:1.29.1 ssh-credentials:1.19 ssh-slaves:1.33.0 sshd:3.1.0 structs:308.v852b473a2b8c timestamper:1.17 token-macro:277.v7c8f82a_d66b_3 trilead-api:1.0.13 workflow-aggregator:2.6 workflow-api:1136.v7f5f1759dc16 workflow-basic-steps:2.24 workflow-cps:2648.va9433432b33c workflow-cps-global-lib:552.vd9cc05b8a2e1 workflow-durable-task-step:1121.va_65b_d2701486 workflow-job:1145.v7f2433caa07f workflow-multibranch:706.vd43c65dec013 workflow-scm-step:2.13 workflow-step-api:622.vb_8e7c15b_c95a_ workflow-support:813.vb_d7c3d2984a_0 ws-cleanup:0.40 ```

What Operating System are you using (both controller, and any agents involved in the problem)?

NAME="Ubuntu" VERSION="18.04.6 LTS (Bionic Beaver)"

Reproduction steps

  1. Input the Client ID, Client Secret, Tenant and select Azure US Gov L4
  2. After saving settings. Try to login with User Account of Azure Gov.
  3. Login console will pop up the errors.
  4. We can check the Jenkins logs: 
    Additional details: [[12] Issuer (iss) claim value (https://login.microsoftonline.us/00000000-0000-0000-0000-000000000000/v2.0) doesn't match expected value of https://login.microsoftonline.com/00000000-0000-0000-0000-000000000000/v2.0]
  5. The Issuer is not expected.

Expected Results

The Issuer should be expected, and login successful with Microsoft account.

Actual Results

Jenkins login console pops up unexpected error.

Anything else?

Maybe this line need to fix.

timja commented 2 years ago

Indeed it looks like there’s the problem nice find :)

wraak commented 6 months ago

i am having this issue, is there a workaround? i had to revert to local data base after this plugin was loaded