[JIRA] (JENKINS-51657) limit authentication to github organization

[samueloph@debian.org (JIRA)]

Samuel Henrique created an issue

Jenkins / JENKINS-51657 limit authentication to github organization Issue Type: New Feature Assignee: Sam Gleske Components: github-oauth-plugin Created: 2018-06-01 16:18 Labels: oauth github Priority: Minor Reporter: Samuel Henrique It's important to be able to limit the login for only those from an organization. This eliminates the need of manually disabling accounts of people who doesn't work at the company anymore. If their account is removed from the github org, they can't login to jenkins anymore. Add Comment

This message was sent by Atlassian JIRA (v7.3.0#73011-sha1:3c73d0e)

[me@vitalykarasik.com (JIRA)]

Vitaly Karasik commented on JENKINS-51657

Re: limit authentication to github organization Agree, current behaviour  is unsecure - every GitHub user can authenticate. I suggest to raise priority of this issue.

Add Comment

This message was sent by Atlassian Jira (v7.11.2#711002-sha1:fdc329d)

[mark@rideamigos.com (JIRA)]

Mark Stosberg commented on JENKINS-51657

Re: limit authentication to github organization

I agree the current default is a major security issue. It's reasonable to expect that logins are restricted to an organization by default. Since anyone can sign up for a free Github account, the current default is essentially to allow public access to Jenkins-- NOT SECURE.

Add Comment

[brandonshough@gmail.com (JIRA)]

Brandon Shough commented on JENKINS-51657

Re: limit authentication to github organization

Agree - This should be addressed so that only a specific organization can even login.

Add Comment

[sam.mxracer@gmail.com (JIRA)]

Sam Gleske closed an issue as Duplicate

Duplicated by JENKINS-46962

Jenkins / JENKINS-51657

limit authentication to github organization

Change By: Sam Gleske Status: Open Closed Resolution: Duplicate

Add Comment