[JIRA] (JENKINS-60303) Authorize access by group membership using keycloak-plugin

[me@brendanh.com (JIRA)]

Brendan Holmes updated an issue

Jenkins / JENKINS-60303 Authorize access by group membership using keycloak-plugin Change By: Brendan Holmes We would like to login using AD group membership.  We've added a mapper to the Keycloak client using the ["Keycloak config" here| [https://github.com/jenkinsci/oic-auth-plugin/issues/8 #issuecomment-403000284].] Authentication Authorization fails unless user is added to Project Matrix permissions rather than group.  "<user>  is missing the Overall/Read permission". This plugin gives nowhere to add a ["Token Claim Name"| [https://github.com/jenkinsci/oic-auth-plugin/issues/8 #issuecomment-403000284] defined in our Keycloak mapper. |https://github.com/jenkinsci/oic-auth-plugin/issues/8#issuecomment-403000284 ].]  Am I right that this plugin lacks ability to login by virtue of group membership?  If so this is a feature request. Add Comment

This message was sent by Atlassian Jira (v7.13.6#713006-sha1:cc4451f)

[me@brendanh.com (JIRA)]

Brendan Holmes created an issue

Jenkins / JENKINS-60303 Authorize access by group membership using keycloak-plugin

Issue Type: Bug Assignee: D. Lauer Components: keycloak-plugin Created: 2019-11-27 12:56 Environment: Jenkins version: 2.190.3 Keycloak plugin version: 2.3.0 Priority: Minor Reporter: Brendan Holmes

We would like to login using AD group membership.  We've added a mapper to the Keycloak client using the "Keycloak config" here

Authentication fails unless user is added to Project Matrix permissions rather than group.  "<user>  is missing the Overall/Read permission". This plugin gives nowhere to add a "Token Claim Name".]  Am I right that this plugin lacks ability to login by virtue of group membership?  If so this is a feature request.

Add Comment

[me@brendanh.com (JIRA)]

Brendan Holmes updated an issue

Jenkins / JENKINS-60303 Authorize access by group membership using keycloak-plugin

Change By: Brendan Holmes We would like to login using AD group membership.  We've added a mapper to the Keycloak client using the ["Keycloak config" here|#issuecomment-403000284].] Authorization fails unless user is added to Project Matrix permissions rather than group.  "<user>  is missing the Overall/Read permission". This plugin gives nowhere to add a ["Token Claim Name"|#issuecomment-403000284] defined in our Keycloak mapper. ].]   Am I right that this plugin lacks ability to login by virtue of group membership?  If so this is a feature request.

Add Comment

[me@brendanh.com (JIRA)]

Brendan Holmes updated an issue

Jenkins / JENKINS-60303 Authorize access by group membership using keycloak-plugin Change By: Brendan Holmes

We would like to login using AD group membership.  We've added a mapper to the Keycloak client using the ["Keycloak config" here | https://github.com/jenkinsci/oic-auth-plugin/issues/8 #issuecomment-403000284] .]

Authorization fails unless user is added to Project Matrix permissions rather than group.  "<user>  is missing the Overall/Read permission".

This plugin gives nowhere to add a ["Token Claim Name"| https://github.com/jenkinsci/oic-auth-plugin/issues/8 #issuecomment-403000284] defined in our Keycloak mapper.  Am I right that this plugin lacks ability to login by virtue of group membership?  If so this is a feature request.

Add Comment

[me@brendanh.com (JIRA)]

Brendan Holmes updated an issue

Jenkins / JENKINS-60303 Authorize access by group membership using keycloak-plugin Change By: Brendan Holmes

We would like to login using AD group membership.  We've synced our groups in Keycloak and then added a mapper to the Keycloak Jenkins client in Keycloak using the ["Keycloak config" here |https://github.com/jenkinsci/oic-auth-plugin/issues/8#issuecomment-403000284]

Authorization fails unless user is added to Project Matrix permissions rather than group.  "<user>  is missing the Overall/Read permission".

This plugin gives nowhere to add a ["Token Claim Name"|https://github.com/jenkinsci/oic-auth-plugin/issues/8#issuecomment-403000284] defined in our Keycloak mapper.  Am I right that this plugin lacks ability to login by virtue of group membership?  If so this is a feature request.

Add Comment

[me@brendanh.com (JIRA)]

Brendan Holmes updated an issue

Jenkins / JENKINS-60303

Authorize access by group membership using keycloak-plugin

Change By: Brendan Holmes Issue Type: Bug New Feature

Add Comment

[me@brendanh.com (JIRA)]

Brendan Holmes updated an issue

Jenkins / JENKINS-60303 Authorize access by group membership using keycloak-plugin Change By: Brendan Holmes

We would like to login using AD group membership.  We've synced our groups in Keycloak and then added a mapper to the Jenkins client in Keycloak using the ["Keycloak config" here.|https://github.com/jenkinsci/oic-auth-plugin/issues/8#issuecomment-403000284] Authorization fails unless user is added to Project Matrix permissions rather than group.  " _ <user>    is missing the Overall/Read permission permission_ ".

This plugin gives nowhere to add a ["Token Claim Name"|https://github.com/jenkinsci/oic-auth-plugin/issues/8#issuecomment-403000284] defined in our Keycloak mapper.  Am I right that this plugin lacks ability to login by virtue of group membership?  If so this is a feature request.

Add Comment

[me@brendanh.com (JIRA)]

Brendan Holmes updated an issue

Jenkins / JENKINS-60303 Authorize access by group membership using keycloak-plugin Change By: Brendan Holmes

We would like to login using AD group membership.  We've synced our groups in Keycloak and then added a mapper to the Jenkins client in Keycloak using the ["Keycloak config" here . |https://github.com/jenkinsci/oic-auth-plugin/issues/8#issuecomment-403000284] Authorization fails unless user is added to Project Matrix permissions rather than group.  "<user>  is missing the Overall/Read permission".

This plugin gives nowhere to add a ["Token Claim Name"|https://github.com/jenkinsci/oic-auth-plugin/issues/8#issuecomment-403000284] defined in our Keycloak mapper.  Am I right that this plugin lacks ability to login by virtue of group membership?  If so this is a feature request.

Add Comment

[me@brendanh.com (JIRA)]

Brendan Holmes updated an issue

Jenkins / JENKINS-60303 Authorize access by group membership using keycloak-plugin Change By: Brendan Holmes

We would like to login using AD group membership.  We've synced our groups in Keycloak and then added a mapper to the Jenkins client in Keycloak using the ["Keycloak config" here .

|https://github.com/jenkinsci/oic-auth-plugin/issues/8#issuecomment-403000284] Authorization fails unless user is added to Project Matrix permissions rather than group.  " _ <user>    is missing the Overall/Read permission_ permission ".

This plugin gives nowhere to add a ["Token Claim Name"|https://github.com/jenkinsci/oic-auth-plugin/issues/8#issuecomment-403000284] defined in our Keycloak mapper.  Am I right that this plugin lacks ability to login by virtue of group membership?  If so this is a feature request.

http://<jenkins_url>/whoAmI/  doesn't show any group memberships, but not sure if it should.

Add Comment