How to build a SSO plugin in Jenkins?
848 views
Skip to first unread message
dennys
Dec 26, 2013, 10:10:47 AM12/26/13
to jenkin...@googlegroups.com
I want to build a SSO plugin, I checked Crowd2 plugin's source code and I
think I can use a filter
to check the cookie and assign in the filter.
But I write a plugin with a filter like this, it doesn't show the log.
Is there any suggestion for it ?
--
View this message in context: http://jenkins-ci.361315.n4.nabble.com/How-to-build-a-SSO-plugin-in-Jenkins-tp4685472.html
Sent from the Jenkins dev mailing list archive at Nabble.com.
think I can use a filter
to check the cookie and assign in the filter.
But I write a plugin with a filter like this, it doesn't show the log.
Is there any suggestion for it ?
--
View this message in context: http://jenkins-ci.361315.n4.nabble.com/How-to-build-a-SSO-plugin-in-Jenkins-tp4685472.html
Sent from the Jenkins dev mailing list archive at Nabble.com.
Wilder Rodrigues
Jan 7, 2014, 9:13:13 AM1/7/14
to jenkin...@googlegroups.com
Hi,
For Single Sign-On I think you could use the Reverse Proxy Authentication+Authorization plugin. It supports user authentication via reverse proxy (with Jenkins behind Apache, for example) and authorisation is done via LDAP groups (using the Role Based Matrix authorization).
We use it here and works like a char! Have a look at the plugin site: lhttps://wiki.jenkins-ci.org/display/JENKINS/Reverse+Proxy+Auth+Plugin
Cheers,
Wilder
dennys
Jan 7, 2014, 11:21:43 AM1/7/14
to jenkin...@googlegroups.com
I use java -jar jenkins.war to run Jenkins, it seems I need to run Apache in
front of Jenkins?
btw, I already write a servlet filter and put it into Jenkins, it can get my
user credential form cookie now.
I just need to know how to put the user data into Jenkins' session, then I
have SSO.
I'm not sure what's the API to put user data, I only know I can use
org.acegisecurity.context.SecurityContextHolder to get user information.
SecurityContextHolder.getContext().getAuthentication().getName();
Then I try to create a cookie ACEGI_SECURITY_HASHED_REMEMBER_ME_COOKIE_KEY,
but it seems Jenkins clear it.
Is there any suggestion for it? I'm not sure to install an Apache in front
Jenkins is a good idea or not.
Maybe filter is simpler, but I'm not sure how to create the user session.
I try to see the source code of Crowd2 and openid plugin, but it's not easy.
--
View this message in context: http://jenkins-ci.361315.n4.nabble.com/How-to-build-a-SSO-plugin-in-Jenkins-tp4685472p4686401.html
front of Jenkins?
btw, I already write a servlet filter and put it into Jenkins, it can get my
user credential form cookie now.
I just need to know how to put the user data into Jenkins' session, then I
have SSO.
I'm not sure what's the API to put user data, I only know I can use
org.acegisecurity.context.SecurityContextHolder to get user information.
SecurityContextHolder.getContext().getAuthentication().getName();
Then I try to create a cookie ACEGI_SECURITY_HASHED_REMEMBER_ME_COOKIE_KEY,
but it seems Jenkins clear it.
Is there any suggestion for it? I'm not sure to install an Apache in front
Jenkins is a good idea or not.
Maybe filter is simpler, but I'm not sure how to create the user session.
I try to see the source code of Crowd2 and openid plugin, but it's not easy.
--
View this message in context: http://jenkins-ci.361315.n4.nabble.com/How-to-build-a-SSO-plugin-in-Jenkins-tp4685472p4686401.html
Dominik Bartholdi
Jan 8, 2014, 12:57:50 AM1/8/14
to Jenkins Developers
Have a look at the source of the script-security-realm-plugin https://wiki.jenkins-ci.org/display/JENKINS/Script+Security+Realm
Its quite simple…
/Domi
> --
> You received this message because you are subscribed to the Google Groups "Jenkins Developers" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-de...@googlegroups.com.
> For more options, visit https://groups.google.com/groups/opt_out.
Its quite simple…
/Domi
> You received this message because you are subscribed to the Google Groups "Jenkins Developers" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-de...@googlegroups.com.
> For more options, visit https://groups.google.com/groups/opt_out.
dennys
Jan 8, 2014, 8:56:59 PM1/8/14
to jenkin...@googlegroups.com
Thanks, I try to add a class to extend AbstractPasswordBasedSecurityRealm and
implement authenticate().
Then I call this class in my code, it shows the log without any exception
but the user is still not login.
But my code is not a Jenkins plugin, I put the class in WEB-INF/lib
directly.
script-security-realm-plugin is a Jenkins security plugin, I want to use
LDAP and my SSO together, is it possible?
--
View this message in context: http://jenkins-ci.361315.n4.nabble.com/How-to-build-a-SSO-plugin-in-Jenkins-tp4685472p4686683.html
implement authenticate().
Then I call this class in my code, it shows the log without any exception
but the user is still not login.
But my code is not a Jenkins plugin, I put the class in WEB-INF/lib
directly.
script-security-realm-plugin is a Jenkins security plugin, I want to use
LDAP and my SSO together, is it possible?
--
View this message in context: http://jenkins-ci.361315.n4.nabble.com/How-to-build-a-SSO-plugin-in-Jenkins-tp4685472p4686683.html
Dominik Bartholdi
Jan 9, 2014, 12:48:41 AM1/9/14
to Jenkins Developers
Sorry, but this is not how this works…
You most probably have to implement an ExtensionPoint (i guess hudson.security.SecurityRealm)
And then you need to configure Jenkins to use it (If correctly implemented, your new Realm will show up as an option on the security config page in Jenkins).
As I sad, have a look at the source of the script-security-realm - it only has two classes and the one
you need to look at is: hudson.plugins.script_realm.ScriptSecurityRealm
/Domi
You most probably have to implement an ExtensionPoint (i guess hudson.security.SecurityRealm)
And then you need to configure Jenkins to use it (If correctly implemented, your new Realm will show up as an option on the security config page in Jenkins).
As I sad, have a look at the source of the script-security-realm - it only has two classes and the one
you need to look at is: hudson.plugins.script_realm.ScriptSecurityRealm
/Domi
dennys
Jan 9, 2014, 1:42:49 AM1/9/14
to jenkin...@googlegroups.com
Thanks, I'm try to copy the code from script-security-realm.
But I want to confirm, is it possible to use LDAP and script-security-realm
at the same time?
Because I can only choose one security strategy in Jenkins configuration.
--
View this message in context: http://jenkins-ci.361315.n4.nabble.com/How-to-build-a-SSO-plugin-in-Jenkins-tp4685472p4686704.html
But I want to confirm, is it possible to use LDAP and script-security-realm
at the same time?
Because I can only choose one security strategy in Jenkins configuration.
--
View this message in context: http://jenkins-ci.361315.n4.nabble.com/How-to-build-a-SSO-plugin-in-Jenkins-tp4685472p4686704.html
Dominik Bartholdi
Jan 9, 2014, 1:22:23 PM1/9/14
to Jenkins Developers
No, thats not possible...
dennys
Jan 10, 2014, 5:37:34 AM1/10/14
to jenkin...@googlegroups.com
Finally, I download active directory plugin and add a createFilter() function
in ActiveDirectorySecurityRealm.java
In createFilter(), I new a new Filter class and implement my SSO in it.
It seems ok, I can keep both original active directory plugin and SSO.
I'm not sure this is a good solution or not, I never write Jenkins plugin
before.
If there is not better solution, please let me know.
Thanks for your kindly support.
--
View this message in context: http://jenkins-ci.361315.n4.nabble.com/How-to-build-a-SSO-plugin-in-Jenkins-tp4685472p4686964.html
in ActiveDirectorySecurityRealm.java
In createFilter(), I new a new Filter class and implement my SSO in it.
It seems ok, I can keep both original active directory plugin and SSO.
I'm not sure this is a good solution or not, I never write Jenkins plugin
before.
If there is not better solution, please let me know.
Thanks for your kindly support.
--
View this message in context: http://jenkins-ci.361315.n4.nabble.com/How-to-build-a-SSO-plugin-in-Jenkins-tp4685472p4686964.html
melnik
Aug 5, 2014, 3:36:03 PM8/5/14
to jenkin...@googlegroups.com
Hi
I'm looking for the exact same solution.
Need to implement SSO with Jenkins and AD.
can you share the source?
thanks
--
View this message in context: http://jenkins-ci.361315.n4.nabble.com/How-to-build-a-SSO-plugin-in-Jenkins-tp4685472p4713499.html
I'm looking for the exact same solution.
Need to implement SSO with Jenkins and AD.
can you share the source?
thanks
--
View this message in context: http://jenkins-ci.361315.n4.nabble.com/How-to-build-a-SSO-plugin-in-Jenkins-tp4685472p4713499.html
Reply all
Reply to author
Forward
0 new messages