Navigation

    Inedo Community Forums

    Forums

    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Groups
    1. Home
    2. Nils Nilsson
    3. Posts
    N
    • Profile
    • Following
    • Followers
    • Topics
    • Posts
    • Best
    • Groups

    Posts made by Nils Nilsson

    • RE: ProGet: implement Policies & Blocking support for Container feeds

      @gdivis

      Hello!

      I've tested containers audit a little bit and it seems to work well at first glance.
      I could easily differentiate between a vulnerable image and one with no vulnerabilities, both from output and exit code.

      Thank you for your work! :)

      // Nils

      posted in Support
      N
      Nils Nilsson
    • RE: [feature] ProGet: Send test notifications from 'Notifiers & Webhooks'

      Hi @dean-houston

      That doesn't solve what I want to test.
      My scenario is more about testing a webhook to make sure that ProGet can reach the host and that the destination receive a well formatted message.

      I don't completely buy that it's impossible to send a notification without real data, as it should be trivial to send some dummy data when using a "Try-out" button.
      But I understand that if I'm the only one who has ever wanted this feature it wouldn't make sense to implement it.

      Best regards
      Nils Nilsson

      posted in Support
      N
      Nils Nilsson
    • [feature] ProGet: Send test notifications from 'Notifiers & Webhooks'

      Hello!

      When I'm adding new notifiers I'd like to be able to send a test message to check that it works as expected.

      Best regards
      Nils Nilsson

      posted in Support
      N
      Nils Nilsson
    • RE: ProGet: implement Policies & Blocking support for Container feeds

      Hi @apxltd

      I think this looks like a good solution, as it would simultaneously allow us to disregard noise as the new risk profiles for feeds/projects allow us to do, and introduces more control mechanisms so that I can differentiate our various departments/deliverables.

      pgutil containers audit would solve most instances were we want to prohibit image download. And should easily fit into CD processes to prevent running vulnerable containers in production, which is the most important part.

      I don't have any additional opinions at this time, instead I will eagerly await more news/time estimate for when this feature will start rolling out :)

      Best regards
      Nils Nilsson

      posted in Support
      N
      Nils Nilsson
    • Project-scoped permissions not working as expected

      Hello again,

      Assigning tasks with Projects scoped permissions do not seem to be functioning as expected.

      I can not assign a group my "Manage" task for a feed/project group, The task includes only privileges marked as scopable
      08bd30cd-8736-4da0-a3a9-96c0d3914393-image.png
      ea50cf32-fc86-4719-a83e-e3f54d9d988f-image.png
      bff6c1fc-267f-40f6-bd18-f9104fd66c17-image.png

      Creating a new task with only Projects privileges experiences the same issue
      9281a4b3-53c4-470f-b6e2-f505efe957b6-image.png
      23356282-c256-4787-af5f-ca469923c5a7-image.png

      If I restrict a task to only privileges that were scopable in 2025 it again allows me to assign scoped permissions
      3a37cf7b-15dd-48cc-93cb-2eec824bdb43-image.png
      921c296d-376e-4fc6-bc9a-d67afbdbc261-image.png

      I've also tested individually the 4 privileges under the Projects category [Manage, Resolve Issue, Upload Sbom, View] and the issue is the same for all/any combination.

      This is running 2026.1 (Build 14) from the Prerelease Feed, although the issue seemed consistent in earlier Release Candidate 12, as well as 2026.1 in the Production Feed

      Best Regards
      Nils Nilsson

      posted in Support
      N
      Nils Nilsson
    • RE: [BUG] ProGet 2026 no longer able to find Active Directory Users/Groups when configuring Task/Permissions

      Post moved to Project-scoped permissions not working as expected

      posted in Support
      N
      Nils Nilsson
    • RE: [BUG] ProGet 2026 no longer able to find Active Directory Users/Groups when configuring Task/Permissions

      @atripp

      Thanks,

      I deployed 2026.1-rc.12 in my lower environment and it seems to resolve the issues I was facing.

      best regards
      Nils Nilsson

      posted in Support
      N
      Nils Nilsson
    • RE: [BUG] ProGet 2026 no longer able to find Active Directory Users/Groups when configuring Task/Permissions

      Hi,

      Thanks for investigating.

      You're right that UserNotFoundException turned out to be a cache issue.

      Eagerly awaiting the fix.

      Regards
      Nils Nilsson

      posted in Support
      N
      Nils Nilsson
    • RE: [BUG] ProGet 2026 no longer able to find Active Directory Users/Groups when configuring Task/Permissions

      Service came online a few hours after the rollback, the error above persists though and LDAP integration for Task/Permissions still isn't working.
      Rollback also didn't restore my scoped permissions, all of those groups used to have different scopes.
      3b9ae545-f2c3-4ba4-9435-94b9c6979657-image.png

      posted in Support
      N
      Nils Nilsson
    • RE: [BUG] ProGet 2026 no longer able to find Active Directory Users/Groups when configuring Task/Permissions

      Additionally after doing a rollback to 2025.27 ProGet can not start the web service, with this error in event viewer

      Exception:
      Inedo.ProGet.Web.Security.UserNotFoundException: Exception of type 'Inedo.ProGet.Web.Security.UserNotFoundException' was thrown.
        at Inedo.ProGet.WebApplication.ProGetHttpModule.AuthorizeRequestAsync(AhHttpApplication app)
        at Inedo.Web.InedoHttpModule.Inedo.Web.IAhWebModule.AuthorizeRequestAsync(AhHttpApplication app)
        at Inedo.Web.AhWebMiddleware.InvokeAsync(HttpContext context)
        at Inedo.Web.AhWebMiddleware.InvokeAsync(HttpContext context)
        at Inedo.Web.AhWebMiddleware.InvokeAsync(HttpContext context)
        at Inedo.Web.AhWebHost.<>c.<<Configure>b__22_0>d.MoveNext()
      --- End of stack trace from previous location ---
        at Microsoft.AspNetCore.Server.Kestrel.Core.Internal.Http.HttpProtocol.ProcessRequest[TContext](IHttpApplication`1 application)
      
      posted in Support
      N
      Nils Nilsson
    • [BUG] ProGet 2026 no longer able to find Active Directory Users/Groups when configuring Task/Permissions

      Hi!

      I have a breaking issue in ProGet 2026, upgraded from 2025.27
      The issue is that when I try to add a new permission/restriction for ["Specific User...", "Specific Groups..."] it no longer manages to search for those defined in my Active Directory and synced through LDAP.
      bd3e7122-0f60-4e4b-8b52-b8597063a07e-image.png
      Attempting to Test Privileges of a group that is assigned(and still seems to be in effect as I'm able to log in and administer using my domain account) it is also unable to search for users/groups.
      d5704d33-c371-4077-9ba6-01147eb855ab-image.png
      I've verified that the LDAP connection is still healthy through the 'Test User Directories' dialog
      be97422f-b734-4c81-85af-4cc77385b24b-image.png

      This issue was found because after upgrading all my existing permissions that were scoped to a feed group no longer had an association to the migrated "Feed & Project Groups" that replaced them, thus leading to having to reconfigure all permissions.

      Regards
      Nils Nilsson

      posted in Support
      N
      Nils Nilsson
    • RE: ProGet: implement Policies & Blocking support for Container feeds

      Hi Alex,

      Thanks for taking the time to respond to my request.

      I fully agree that individual vulnerabilities are often not relevant for a container image.

      The problem arises when we can not make distinctions when assessing, as we might never be able to assess a vulnerability using the global scope.

      A scaled down example could be that we have two feed groups, each with their own Package Policy. 'External' which is used for the build/store of an application served to external users comprised of the general public(i.e. a web service), while 'Internal' is used for an identical but separately generated application that is run strictly for internal users with no exposure to the internet.

      External:
      Universal Feed, Nuget feed, Container feed

      Internal:
      Universal Feed, Nuget feed, Container feed

      Then we might have a vulnerability like PGV-255532C, assuming we in our application are using the functionality of sqlite which is affected.
      This would pose an unacceptable risk for an application reachable and used by external users, while it could be fine for an internal application.

      The current assessment structure for containers wouldn't allow us to continue using the container in the 'Internal' feed group, without also allowing the container in the 'External' feed group.

      I agree on the premise that an Image is more like a Build, than it is a Package. But even then sharing policies between containers and package feeds would remain relevant for our usecase.

      Best regards
      Nils Nilsson

      posted in Support
      N
      Nils Nilsson
    • ProGet: implement Policies & Blocking support for Container feeds

      Hi!

      My organization has departments/products with various risk aptite and regulatory requirements.

      We need to be able to assess vulnerabilities in containers per feed/policy, in the same way that can be done for 3rd-party components.

      Best regards
      Nils Nilsson

      posted in Support
      N
      Nils Nilsson
    • RE: ProGet: Editing Feed(s) field in a project changes the field for all projects

      Thanks!

      No immediate rush, I'll wait for mainline release :)

      Best regards
      Nils Nilsson

      posted in Support
      N
      Nils Nilsson
    • RE: ProGet: Editing Feed(s) field in a project changes the field for all projects

      @dean-houston

      Hello!

      In the "fixed" version, it no longer sets the same feed to all other projects, which is good.

      Less good is that it now instead empties the Feed(s) field for all except the most recently changed Project.

      Best regards
      Nils Nilsson

      posted in Support
      N
      Nils Nilsson
    • RE: ProGet: Editing Feed(s) field in a project changes the field for all projects

      Hi Dean,

      Thank you for the swift reply and fix :)

      Best regards
      Nils Nilsson

      posted in Support
      N
      Nils Nilsson
    • ProGet: Editing Feed(s) field in a project changes the field for all projects

      Hello.

      When I edit the Feed(s) field on a project in ProGet, to associate the project to feeds for policies and tracking, it then sets the field to the same feeds for all other projects in my organization.

      In effect I can not currently have:
      Project A - association -> nuget_A
      Project B - association -> nuget_B
      As changing the setting in the editing pane for Project B also changes the setting for Project A

      Running ProGet v25.0.23.11 on Windows Server 2022

      Best regards
      Nils Nilsson

      posted in Support
      N
      Nils Nilsson
    • [Feature] ProGet: Set initial stage on builds scan

      Hi,

      I would like to be able to set the initial stage of a build when it is created through the usage of pgutil builds scan.
      pgutil builds create includes the --stage option, the same option should be added to pgutil builds scan

      Currently the stage always defaults to 'Build' when scanning a project

      This is true even if no stage named 'Build' exists, which is the case in my organization as all stages have been replaced to match the names of our deployment environments.

      Best Regards
      Nils Nilsson

      posted in Support
      N
      Nils Nilsson
    • [Feature] Scope SCA permissions to Project or "Project Group"/Assign Project to Feed Group

      Hi!

      I would like a feature where we can control permissions to Projects & Build on a Project basis, preferably with grouping similar to how feeds work.

      Best regards
      Nils Nilsson

      posted in Support
      N
      Nils Nilsson
    • RE: User can't view [Usage & Statistics] for packages when 'Manage Feed' is scoped to Feed Group

      Thanks for the quick response!

      I'm aware that I could have made sensitive information containing PID exposed to all users with access to the feed, but that is inappropriate within my organization.

      Best regards
      Nils Nilsson

      posted in Support
      N
      Nils Nilsson
    • User can't view [Usage & Statistics] for packages when 'Manage Feed' is scoped to Feed Group

      Hi

      I have assigned a group the 'Manage Feed' task permission for a feed group.
      However when my user tries viewing the [Usage & Statistics] page for a package within one of the feeds belonging to the Feed Group, they are denied due to lacking Admin_ManageFeed privilege.
      Auditing user privileges for the feed and/or feed group does return that they do indeed possess the Admin_ManageFeed privilege.

      Most other privileges that are connected to the 'Manage Feed' role do work as expected.

      If I instead assign 'Manage Feed' for all feeds they can view the page as expected.

      I'm using an enterprise ProGet license and version 2025.11

      posted in Support
      N
      Nils Nilsson
    • RE: SAML Authentication with Microsoft Active Directory

      Hi @rhessinger

      Thanks for telling me about the debug endpoint, would have been nice if debug options was made visible in the documentation, since there is already a header for troubleshooting -> https://docs.inedo.com/docs/installation/saml-authentication/various-saml-overview#troubleshooting.

      Using the debug output we managed to figure out our issue and get it working.
      In our case NameID was being sent as an attribute instead of being part of the subject, resolving that fixed our issue.

      <AttributeStatement>
        <Attribute Name="NameID">
            <AttributeValue>User ID</AttributeValue>
        </Attribute>
      </AttributeStatement>
      

      changed to

      <Subject>
        <NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified">User ID</NameID>
      </Subject>
      

      Other information omitted for privacy.

      Thank you for your assistance in resolving this.
      Regards
      Nils

      posted in Support
      N
      Nils Nilsson
    • RE: SAML Authentication with Microsoft Active Directory

      Hi @rhessinger

      Thanks for rectifying the missing callback URL.
      Unfortunately it made no difference for our case as that was already the URL we were using.

      We made sure to verify that NameID is being sent in the claim without domain prefix.
      All other settings in our ADFS configuration looks as we would expect for a normal SAML integration.

      Currently any attempt att signing in using Single Sign-On returns this error: "ERROR: Object reference not set to an instance of an object."

      Regards,
      Nils

      posted in Support
      N
      Nils Nilsson
    • SAML Authentication with Microsoft Active Directory

      Hello.

      My organisation is attempting to configure SAML with our Microsoft Active Directory.
      We find that the documentation is lacking for this usecase and, even taking inspiration from the pages for AzureAD(EntraID) and PingID, could not produce a working integration.

      Primarily I haven't found any documentation that specify the callback urls for logon/logout.

      Thanks you for your advice,
      Nils Nilsson

      posted in Support
      N
      Nils Nilsson
    • 1 / 1