[JENKINS-76255] Security differs in matrix based security for username@email and username - same ad account

[jenkins-infra-bot]

When configuring matrix based security on a folder, which selected do not inherit from parent acl's. I discovered that if the user used user@​email to login, the permissions I had setup in the matrix with simply user did not apply.

Adding an additional entry to the matrix with user@​email allowed the permissions to apply.
Likewise, using the username to login to the controller did not show the permissions from user@​email.

 

Steps to recreate.

Startup controller with ad
Create folder, setup matrix auth with no inherit from parent

Give permissions to example@​userdomain, sign in with example user, validate you are unable to use permissions.
Likewise, if you give permissions to example, then sign in with example@​userdomain

 

---

Originally reported by cs166068, imported from: Security differs in matrix based security for username@email and username - same ad account

• assignee: fbelzunc
• status: Open
• priority: Minor
• component(s): active-directory-plugin
• resolution: Unresolved
• votes: 0
• watchers: 1
• imported: 2025-12-07

Raw content of original issue

When configuring matrix based security on a folder, which selected do not inherit from parent acl's. I discovered that if the user used user@email to login, the permissions I had setup in the matrix with simply user did not apply.

Adding an additional entry to the matrix with user@email allowed the permissions to apply.
Likewise, using the username to login to the controller did not show the permissions from user@email.

 

Steps to recreate.

Startup controller with ad
Create folder, setup matrix auth with no inherit from parent

Give permissions to example@userdomain, sign in with example user, validate you are unable to use permissions.
Likewise, if you give permissions to example, then sign in with example@userdomain

 

• environment: jenkins 2.528.1, plugin version 2.41