Hi,
Thanks for investigating.
You're right that UserNotFoundException turned out to be a cache issue.
Eagerly awaiting the fix.
Regards
Nils Nilsson
N
Posts made by Nils Nilsson
-
RE: [BUG] ProGet 2026 no longer able to find Active Directory Users/Groups when configuring Task/Permissionsposted in Support
-
RE: [BUG] ProGet 2026 no longer able to find Active Directory Users/Groups when configuring Task/Permissionsposted in Support
Service came online a few hours after the rollback, the error above persists though and LDAP integration for Task/Permissions still isn't working.
Rollback also didn't restore my scoped permissions, all of those groups used to have different scopes.
-
RE: [BUG] ProGet 2026 no longer able to find Active Directory Users/Groups when configuring Task/Permissionsposted in Support
Additionally after doing a rollback to 2025.27 ProGet can not start the web service, with this error in event viewer
Exception: Inedo.ProGet.Web.Security.UserNotFoundException: Exception of type 'Inedo.ProGet.Web.Security.UserNotFoundException' was thrown. at Inedo.ProGet.WebApplication.ProGetHttpModule.AuthorizeRequestAsync(AhHttpApplication app) at Inedo.Web.InedoHttpModule.Inedo.Web.IAhWebModule.AuthorizeRequestAsync(AhHttpApplication app) at Inedo.Web.AhWebMiddleware.InvokeAsync(HttpContext context) at Inedo.Web.AhWebMiddleware.InvokeAsync(HttpContext context) at Inedo.Web.AhWebMiddleware.InvokeAsync(HttpContext context) at Inedo.Web.AhWebHost.<>c.<<Configure>b__22_0>d.MoveNext() --- End of stack trace from previous location --- at Microsoft.AspNetCore.Server.Kestrel.Core.Internal.Http.HttpProtocol.ProcessRequest[TContext](IHttpApplication`1 application) -
[BUG] ProGet 2026 no longer able to find Active Directory Users/Groups when configuring Task/Permissionsposted in Support
Hi!
I have a breaking issue in ProGet 2026, upgraded from 2025.27
The issue is that when I try to add a new permission/restriction for ["Specific User...", "Specific Groups..."] it no longer manages to search for those defined in my Active Directory and synced through LDAP.
Attempting to Test Privileges of a group that is assigned(and still seems to be in effect as I'm able to log in and administer using my domain account) it is also unable to search for users/groups.
I've verified that the LDAP connection is still healthy through the 'Test User Directories' dialog
This issue was found because after upgrading all my existing permissions that were scoped to a feed group no longer had an association to the migrated "Feed & Project Groups" that replaced them, thus leading to having to reconfigure all permissions.
Regards
Nils Nilsson -
RE: ProGet: implement Policies & Blocking support for Container feedsposted in Support
Hi Alex,
Thanks for taking the time to respond to my request.
I fully agree that individual vulnerabilities are often not relevant for a container image.
The problem arises when we can not make distinctions when assessing, as we might never be able to assess a vulnerability using the global scope.
A scaled down example could be that we have two feed groups, each with their own Package Policy. 'External' which is used for the build/store of an application served to external users comprised of the general public(i.e. a web service), while 'Internal' is used for an identical but separately generated application that is run strictly for internal users with no exposure to the internet.
External:
Universal Feed, Nuget feed, Container feedInternal:
Universal Feed, Nuget feed, Container feedThen we might have a vulnerability like PGV-255532C, assuming we in our application are using the functionality of sqlite which is affected.
This would pose an unacceptable risk for an application reachable and used by external users, while it could be fine for an internal application.The current assessment structure for containers wouldn't allow us to continue using the container in the 'Internal' feed group, without also allowing the container in the 'External' feed group.
I agree on the premise that an Image is more like a Build, than it is a Package. But even then sharing policies between containers and package feeds would remain relevant for our usecase.
Best regards
Nils Nilsson -
ProGet: implement Policies & Blocking support for Container feedsposted in Support
Hi!
My organization has departments/products with various risk aptite and regulatory requirements.
We need to be able to assess vulnerabilities in containers per feed/policy, in the same way that can be done for 3rd-party components.
Best regards
Nils Nilsson -
RE: ProGet: Editing Feed(s) field in a project changes the field for all projectsposted in Support
Thanks!
No immediate rush, I'll wait for mainline release :)
Best regards
Nils Nilsson -
RE: ProGet: Editing Feed(s) field in a project changes the field for all projectsposted in Support
Hello!
In the "fixed" version, it no longer sets the same feed to all other projects, which is good.
Less good is that it now instead empties the Feed(s) field for all except the most recently changed Project.
Best regards
Nils Nilsson -
RE: ProGet: Editing Feed(s) field in a project changes the field for all projectsposted in Support
Hi Dean,
Thank you for the swift reply and fix :)
Best regards
Nils Nilsson -
ProGet: Editing Feed(s) field in a project changes the field for all projectsposted in Support
Hello.
When I edit the
Feed(s)field on a project in ProGet, to associate the project to feeds for policies and tracking, it then sets the field to the same feeds for all other projects in my organization.In effect I can not currently have:
Project A - association -> nuget_A
Project B - association -> nuget_B
As changing the setting in the editing pane for Project B also changes the setting for Project ARunning ProGet v25.0.23.11 on Windows Server 2022
Best regards
Nils Nilsson -
[Feature] ProGet: Set initial stage on builds scanposted in Support
Hi,
I would like to be able to set the initial stage of a build when it is created through the usage of
pgutil builds scan.
pgutil builds createincludes the--stageoption, the same option should be added topgutil builds scanCurrently the stage always defaults to 'Build' when scanning a project
This is true even if no stage named 'Build' exists, which is the case in my organization as all stages have been replaced to match the names of our deployment environments.
Best Regards
Nils Nilsson -
[Feature] Scope SCA permissions to Project or "Project Group"/Assign Project to Feed Groupposted in Support
Hi!
I would like a feature where we can control permissions to Projects & Build on a Project basis, preferably with grouping similar to how feeds work.
Best regards
Nils Nilsson -
RE: User can't view [Usage & Statistics] for packages when 'Manage Feed' is scoped to Feed Groupposted in Support
Thanks for the quick response!
I'm aware that I could have made sensitive information containing PID exposed to all users with access to the feed, but that is inappropriate within my organization.
Best regards
Nils Nilsson -
User can't view [Usage & Statistics] for packages when 'Manage Feed' is scoped to Feed Groupposted in Support
Hi
I have assigned a group the 'Manage Feed' task permission for a feed group.
However when my user tries viewing the [Usage & Statistics] page for a package within one of the feeds belonging to the Feed Group, they are denied due to lacking Admin_ManageFeed privilege.
Auditing user privileges for the feed and/or feed group does return that they do indeed possess the Admin_ManageFeed privilege.Most other privileges that are connected to the 'Manage Feed' role do work as expected.
If I instead assign 'Manage Feed' for all feeds they can view the page as expected.
I'm using an enterprise ProGet license and version 2025.11
-
RE: SAML Authentication with Microsoft Active Directoryposted in Support
Hi @rhessinger
Thanks for telling me about the debug endpoint, would have been nice if debug options was made visible in the documentation, since there is already a header for troubleshooting -> https://docs.inedo.com/docs/installation/saml-authentication/various-saml-overview#troubleshooting.
Using the debug output we managed to figure out our issue and get it working.
In our case NameID was being sent as an attribute instead of being part of the subject, resolving that fixed our issue.<AttributeStatement> <Attribute Name="NameID"> <AttributeValue>User ID</AttributeValue> </Attribute> </AttributeStatement>changed to
<Subject> <NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified">User ID</NameID> </Subject>Other information omitted for privacy.
Thank you for your assistance in resolving this.
Regards
Nils -
RE: SAML Authentication with Microsoft Active Directoryposted in Support
Hi @rhessinger
Thanks for rectifying the missing callback URL.
Unfortunately it made no difference for our case as that was already the URL we were using.We made sure to verify that NameID is being sent in the claim without domain prefix.
All other settings in our ADFS configuration looks as we would expect for a normal SAML integration.Currently any attempt att signing in using Single Sign-On returns this error: "ERROR: Object reference not set to an instance of an object."
Regards,
Nils -
SAML Authentication with Microsoft Active Directoryposted in Support
Hello.
My organisation is attempting to configure SAML with our Microsoft Active Directory.
We find that the documentation is lacking for this usecase and, even taking inspiration from the pages for AzureAD(EntraID) and PingID, could not produce a working integration.Primarily I haven't found any documentation that specify the callback urls for logon/logout.
Thanks you for your advice,
Nils Nilsson