After an Upgrade to CloudBees CI (CloudBees Core) the SAML Plugin is broken

Article ID:360038534211
1 minute readKnowledge base


  • The SAML plugin started failing after migrating to version or greater.

  • CloudBees Core is using https.

  • In the log you should see traces resembling:

 INFO    o.p.s.m.SAML2ServiceProviderMetadataResolver#<init>: Using SP entity ID https://<domain>/cjoc/securityRealm/finishLogin


The explanation for this failure is that the CloudBees Core default scheme for the Jenkins location was changed from https to http. The SAML plugin is using the Jenkins location (http) to listen for the answer of the SAML provider, which itself answers use the real scheme (https).

The solution is to make sure the Jenkins location is correct. You can do so by editing the cjoc-configure-jenkins-groovy ConfigMap: kubectl edit configmap cjoc-configure-jenkins-groovy.

In the data section of the ConfigMap locate the jenkins.model.JenkinsLocationConfiguration.get().setUrl call and make sure it uses https.

Tested product/plugin versions

  • CloudBees Core version

  • SAML Plugin in the envelope of this version.