Azure Active Directory Matrix-based security "we didn't find any matches"

Question

Azure Active Directory Matrix-based security "we didn't find any matches"

Closed this issue 2 years ago · 2 comments

Jenkins and plugins versions report

Environment

Jenkins: 2.387.2
OS: Windows Server 2016 - 10.0
Java: 11.0.6 - Oracle Corporation (Java HotSpot(TM) 64-Bit Server VM)
---
Office-365-Connector:4.18.0
ace-editor:1.1
active-directory:2.30
ant:481.v7b_09e538fcca
antisamy-markup-formatter:159.v25b_c67cd35fb_
apache-httpcomponents-client-4-api:4.5.14-150.v7a_b_9d17134a_5
authentication-tokens:1.53.v1c90fd9191a_b_
azure-ad:340.vdef002cf6415
azure-commons:1.1.3
azure-sdk:132.v62b_48eb_6f32f
bootstrap4-api:4.6.0-5
bootstrap5-api:5.2.2-2
bouncycastle-api:2.27
branch-api:2.1071.v1a_188a_562481
build-timeout:1.30
caffeine-api:2.9.3-65.v6a_47d0f4d1fe
checks-api:2.0.0
cloudbees-folder:6.815.v0dd5a_cb_40e0e
command-launcher:90.v669d7ccb_7c31
commons-httpclient3-api:3.1-3
commons-lang3-api:3.12.0-36.vd97de6465d5b_
commons-text-api:1.10.0-36.vc008c8fcda_7b_
config-file-provider:3.11.1
credentials:1224.vc23ca_a_9a_2cb_0
credentials-binding:604.vb_64480b_c56ca_
data-tables-api:1.13.3-3
display-url-api:2.3.7
docker-commons:419.v8e3cd84ef49c
docker-workflow:563.vd5d2e5c4007f
durable-task:504.vb10d1ae5ba2f
echarts-api:5.4.0-3
email-ext:2.96
extended-read-permission:3.2
external-monitor-job:203.v683c09d993b_9
font-awesome-api:6.3.0-2
git:5.0.0
git-client:4.2.0
git-server:99.va_0826a_b_cdfa_d
github:1.37.0
github-api:1.303-417.ve35d9dd78549
github-branch-source:1703.vd5a_2b_29c6cdc
gradle:2.4
handlebars:3.0.8
instance-identity:142.v04572ca_5b_265
ionicons-api:45.vf54fca_5d2154
jackson2-api:2.14.2-319.v37853346a_229
jakarta-activation-api:2.0.1-3
jakarta-mail-api:2.0.1-3
javadoc:233.vdc1a_ec702cff
javax-activation-api:1.2.0-6
javax-mail-api:1.6.2-9
jaxb:2.3.8-1
jdk-tool:63.v62d2fd4b_4793
jjwt-api:0.11.5-77.v646c772fddb_0
job-dsl:1.83
jobConfigHistory:1207.vd28a_54732f92
jquery:1.12.4-1
jquery-detached:1.2.1
jquery-ui:1.0.2
jquery3-api:3.6.4-1
jsch:0.1.55.61.va_e9ee26616e7
junit:1189.v1b_e593637fa_e
label-linked-jobs:6.0.1
ldap:671.v2a_9192a_7419d
lockable-resources:1141.v7c5f8f31d2ee
mailer:448.v5b_97805e3767
matrix-auth:3.1.6
matrix-project:785.v06b_7f47b_c631
mina-sshd-api-common:2.9.2-62.v199162f0a_2f8
mina-sshd-api-core:2.9.2-62.v199162f0a_2f8
momentjs:1.1.1
msbuild:1.30
okhttp-api:4.10.0-132.v7a_7b_91cef39c
pam-auth:1.10
pipeline-build-step:488.v8993df156e8d
pipeline-github-lib:42.v0739460cda_c4
pipeline-graph-analysis:202.va_d268e64deb_3
pipeline-groovy-lib:656.va_a_ceeb_6ffb_f7
pipeline-input-step:466.v6d0a_5df34f81
pipeline-milestone-step:111.v449306f708b_7
pipeline-model-api:2.2125.vddb_a_44a_d605e
pipeline-model-declarative-agent:1.1.1
pipeline-model-definition:2.2125.vddb_a_44a_d605e
pipeline-model-extensions:2.2125.vddb_a_44a_d605e
pipeline-rest-api:2.32
pipeline-stage-step:305.ve96d0205c1c6
pipeline-stage-tags-metadata:2.2125.vddb_a_44a_d605e
pipeline-stage-view:2.32
pipeline-utility-steps:2.15.1
plain-credentials:143.v1b_df8b_d3b_e48
plugin-util-api:3.2.0
popper-api:1.16.1-3
popper2-api:2.11.6-2
powershell:2.0
rebuild:1.34
release-helper:1.3.3
resource-disposer:0.22
role-strategy:625.vb_00565139872
scm-api:631.v9143df5b_e4a_a
script-security:1244.ve463715a_f89c
snakeyaml-api:1.33-95.va_b_a_e3e47b_fa_4
ssh-credentials:305.v8f4381501156
ssh-slaves:2.877.v365f5eb_a_b_eec
sshd:3.275.v9e17c10f2571
structs:324.va_f5d6774f3a_d
thinBackup:1.17
timestamper:1.24
token-macro:321.vd7cc1f2a_52c8
trilead-api:2.84.v72119de229b_7
variant:59.vf075fe829ccb
view-job-filters:364.v48a_33389553d
windows-slaves:1.8.1
workflow-aggregator:596.v8c21c963d92d
workflow-api:1208.v0cc7c6e0da_9e
workflow-basic-steps:1010.vf7a_b_98e847c1
workflow-cps:3653.v07ea_433c90b_4
workflow-cps-global-lib:609.vd95673f149b_b
workflow-durable-task-step:1244.vee71f675dee6
workflow-job:1289.vd1c337fd5354
workflow-multibranch:733.v109046189126
workflow-scm-step:408.v7d5b_135a_b_d49
workflow-step-api:639.v6eca_cd8c04a_a_
workflow-support:839.v35e2736cfd5c
ws-cleanup:0.45

What Operating System are you using (both controller, and any agents involved in the problem)?

Microsoft Windows Server 2016 Version 1607 (OS Build 14393.5850)

Reproduction steps

Azure AD Plugin Version 340.vdef002cf6415
Have the following API Permissions

Directory.Read.All/Application
email/Delegated
Group.Read.All/Application
Group.Read.All/Application
People.Read.All/Application
People.Read.All/Application
User.Read.All/Application
Directory.Read.All/Delegated

Verify app and it works with a sample username user@example.com
Verify login with Basic Authentication Matrix with user object and group object ids and login works.
Try Azure Active Directory Matrix-based security and I can't add or find users by name or object ID. It simply doesn't work.

Expected Results

With Azure Active Directory Matrix-based security I should be able to search for users and or security groups.

Actual Results

"We didn't find any matches"

Anything else?

The app registration works with the basic security matrix by adding Object ids, but would like to use Azure Active Directory Matrix-based security so we can see the group names and names without having to look for object ids.

Answer 1 · 2023-04-27T11:58:05.000Z

Check the browser console logs for any errors and the System logs.

Also try saving the page once with giving everyone admin access temporarily and then try again.

Answer 2 · 2023-04-27T18:43:02.000Z

The second option worked. I saved the page with Active Directory Matrix and giving everyone access temporarily then went back and now it is working. Thank you for your help.