JCasC - configure a hudson.security.SecurityRealm

[Roxbip]

Im trying to configure Jenkins helm chart of jenkinsci with JCasC.

this is part of my value.yml

  JCasC:
    defaultConfig: true
    securityRealm: |-
      saml:
        binding: "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
        displayNameAttributeName: "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name"
        emailAttributeName: "email"
        groupsAttributeName: "group"
        idpMetadataConfiguration:
          url: ""
          period: 0
      maximumAuthenticationLifetime: 2073600
      usernameAttributeName: "username"
      usernameCaseConversion: "none"

Im not sure what im doing wrong but im getting this error from jenkins:

java.lang.IllegalArgumentException: Single entry map expected to configure a hudson.security.SecurityRealm
    at io.jenkins.plugins.casc.impl.configurators.HeteroDescribableConfigurator.configureMapping(HeteroDescribableConfigurator.java:291)
    at io.jenkins.plugins.casc.impl.configurators.HeteroDescribableConfigurator.preConfigure(HeteroDescribableConfigurator.java:273)
    at io.jenkins.plugins.casc.impl.configurators.HeteroDescribableConfigurator.configure(HeteroDescribableConfigurator.java:83)
    at io.jenkins.plugins.casc.impl.configurators.HeteroDescribableConfigurator.check(HeteroDescribableConfigurator.java:92)
    at io.jenkins.plugins.casc.impl.configurators.HeteroDescribableConfigurator.check(HeteroDescribableConfigurator.java:55)
    at io.jenkins.plugins.casc.BaseConfigurator.configure(BaseConfigurator.java:360)
    at io.jenkins.plugins.casc.BaseConfigurator.check(BaseConfigurator.java:293)
    at io.jenkins.plugins.casc.ConfigurationAsCode.lambda$checkWith$9(ConfigurationAsCode.java:803)
    at io.jenkins.plugins.casc.ConfigurationAsCode.invokeWith(ConfigurationAsCode.java:737)
    at io.jenkins.plugins.casc.ConfigurationAsCode.checkWith(ConfigurationAsCode.java:803)
    at io.jenkins.plugins.casc.ConfigurationAsCode.configureWith(ConfigurationAsCode.java:789)
    at io.jenkins.plugins.casc.ConfigurationAsCode.configureWith(ConfigurationAsCode.java:658)
    at io.jenkins.plugins.casc.ConfigurationAsCode.configure(ConfigurationAsCode.java:315)
    at io.jenkins.plugins.casc.ConfigurationAsCode.init(ConfigurationAsCode.java:307)
Caused: java.lang.reflect.InvocationTargetException
    at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:77)
    at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
    at java.base/java.lang.reflect.Method.invoke(Method.java:568)
    at hudson.init.TaskMethodFinder.invoke(TaskMethodFinder.java:109)
Caused: java.lang.Error
    at hudson.init.TaskMethodFinder.invoke(TaskMethodFinder.java:115)
    at hudson.init.TaskMethodFinder$TaskImpl.run(TaskMethodFinder.java:185)
    at org.jvnet.hudson.reactor.Reactor.runTask(Reactor.java:305)
    at jenkins.model.Jenkins$5.runTask(Jenkins.java:1166)
    at org.jvnet.hudson.reactor.Reactor$2.run(Reactor.java:221)
    at org.jvnet.hudson.reactor.Reactor$Node.run(Reactor.java:120)
    at jenkins.security.ImpersonatingExecutorService$1.run(ImpersonatingExecutorService.java:68)
    at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1136)
    at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:635)
    at java.base/java.lang.Thread.run(Thread.java:833)
Caused: org.jvnet.hudson.reactor.ReactorException
    at org.jvnet.hudson.reactor.Reactor.execute(Reactor.java:290)
    at jenkins.InitReactorRunner.run(InitReactorRunner.java:49)
    at jenkins.model.Jenkins.executeReactor(Jenkins.java:1201)
    at jenkins.model.Jenkins.<init>(Jenkins.java:989)
    at hudson.model.Hudson.<init>(Hudson.java:86)
    at hudson.model.Hudson.<init>(Hudson.java:82)
    at hudson.WebAppMain$3.run(WebAppMain.java:247)
Caused: hudson.util.HudsonFailedToLoad
    at hudson.WebAppMain$3.run(WebAppMain.java:264)

I tried couple of changes but nothing is working.

anyone encounter an issue like this?

I did configure everything manually and its working fine but with JCasC it doesnt

[drewwaranissonos]

I'm seeing the exact same issue.

Out of curiosity, do you have JCasC.defaultConfig explicitly set to true or false? (It is set to true by default.)

I ask because I have the same issue if I don't set JCasC.defaultConfig to false.
We recently upgraded our Jenkins helm chart, so doing a quick test I found this is am issue on both 4.2.17 and 4.8.2.

Another note: I have OverrideMergeStrategy set to override and override other JCasC configs, but this is the only place this error occurs.

[drewwaranissonos]

Oh, this is the JCasC repo.

@Roxbip: I believe JCasC.defaultConfig: true value is used by https://github.com/jenkinsci/helm-charts in its wrapper of JCasC configuration.

[Roxbip]

@drewwaranissonos JCasC.defaultConfig is there because I set it to false at first but it didn't help too.

When I tried to go with default config everything is working fine, but when i change JCasC.securityRealm to saml it doesn't work. I think there is a problem with saml yaml maybe.

Did you try something else then saml?

[CptPlastic]

I have this same issue everything else seems to apply ok but saml config is not

[timja]

In the example given in the issue:

      maximumAuthenticationLifetime: 2073600
      usernameAttributeName: "username"
      usernameCaseConversion: "none"
``

isn't indented under saml so will be causing an issue.

Not sure if others are doing similar?