I have two Jenkins controllers that desperately need to be upgraded. They currently talk to each other via cURL and due to their age, they can only use cURL. Installing and/or upgrading Jenkins plugins is not an option (yet; see my post-script).
We prematurely switched one of the controllers to SAML 2.0 based authentication with Okta acting as the identity provider. Our Okta admins granted created a “service account” with a username and password, and turned off MFA and password expiration with the intent that controller A can simply make a cURL request to controller B with those credentials but that’s before we realized it’s a multi-step process.
All of the documentation I’ve found including Okta’s own, ultimately leads to a Stack Overflow post that is considered incomplete. Specifically, we can’t find the SAMLResponse form parameter in any of the pages Jenkins and/or Okta return. (See the SO post comments.)
I suspect what that contributor meant to say is that the SAML protocol expects us to return a certain set of parameters but Okta actually calls them something other than SAMLResponse, relayState, etc. For example, is SAML’s relayState equivalent to Okta’s fromUri?
Is there a better, and more detailed set of instructions out there tailored specifically to Okta and is not just a general “this is how you curl SAML SP resources” tutorial?
P.S. It’s a business requirement that these two apps talk to each other before we proceed any further with the Jenkins upgrade but we are allowed temporary workarounds. That is, I can do cURL today, upgrade Jenkins and then switch things over to OIDC or whatever is a better fit.
