GithubHelp home page GithubHelp logo

jenkinsci / casdoor-auth-plugin Goto Github PK

View Code? Open in Web Editor NEW
2.0 3.0 2.0 31 KB

Jenkins authentication / SSO plugin based on Casdoor

Home Page: https://plugins.jenkins.io/casdoor-auth

License: Apache License 2.0

Java 100.00%
auth cas casdoor jenkins oauth oidc plugin saml sso

casdoor-auth-plugin's Introduction

jenkins-casdoor-auth

About

This plugin incorporates SSO in Jenkins with Casdoor

Installation

TODO

Usage

You can refer to Casdoor Official Doc.

The following are some of the names in the configuration:

CASDOOR_HOSTNAME: Domain name or IP where Casdoor server is deployed.

JENKINS_HOSTNAME: Domain name or IP where Jenkins is deployed.

Step1. Deploy Casdoor and Jenkins

Firstly, the Casdoor and Jenkins should be deployed.

After a successful deployment, you need to ensure:

  1. Set Jenkins URL(Manage Jenkins -> Configure System -> Jenkins Location) to JENKINS_HOSTNAME. Jenkins URL
  2. Casdoor can be logged in and used normally.
  3. Set Casdoor's origin value (conf/app.conf) to CASDOOR_HOSTNAME. Casdoor conf

Step2. Configure Casdoor application

  1. Create or use an existing Casdoor application.
  2. Add a redirect url: http://JENKINS_HOSTNAME/securityRealm/finishLogin Casdoor Application Setting
  3. Add provider you want and supplement other settings.

Not surprisingly, you can get two values ​​on the application settings page: Client ID and Client secret like the picture above, we will use them in next step.

Open your favorite browser and visit: http://CASDOOR_HOSTNAME/.well-known/openid-configuration, you will see the OIDC configure of Casdoor.

Step3. Configure Jenkins

Now, you can install Casdoor plugin from the market or by uploading its jar file.

After completing the installation, go to Manage Jenkins -> Configure Global Security.

Suggestion: Back up the Jenkins config.xml file, and use it to recover in case of setup errors.

Jenkins' Setting

  1. In Security Realm, select "Casdoor Authentication Plugin".
  2. In Casdoor Endpoint, specify the CASDOOR_HOSTNAME noted above.
  3. In Client ID, specify the Client ID noted above.
  4. In Client secret, specify the Client secret noted above.
  5. In JWT Public Key, specify the public key used to validate JWT token. You can find the public key in Casdoor by clicking Cert at the top. After clicking edit your application, you can copy your public key in the following page. JWT Public Key
  6. Organization Name and Application Name is optional. You can specify your organization and application to verify users in other organizations and applications. If they are empty, the plugin will use the default organization and application.
  7. In the Authorization section, check “Logged-in users can do anything”. Disable “Allow anonymous read access”.
  8. Click save.

Now, Jenkins will automatically redirect you to Casdoor for authentication.

casdoor-auth-plugin's People

Contributors

abingcbc avatar dependabot[bot] avatar hsluoyz avatar vandit1604 avatar

Stargazers

avatar

Watchers

avatar avatar avatar

Forkers

vandit1604 gounthar

casdoor-auth-plugin's Issues

groups field name is not effective

Jenkins and plugins versions report

Environment 
Jenkins: 2.414.1
OS: Linux - 2.6.32-754.35.1.el6.x86_64
Java: 17.0.8 - Azul Systems, Inc. (OpenJDK 64-Bit Server VM)
---
ant:497.v94e7d9fffa_b_9
antisamy-markup-formatter:162.v0e6ec0fcfcf6
apache-httpcomponents-client-4-api:4.5.14-208.v438351942757
bootstrap5-api:5.3.2-1
bouncycastle-api:2.29
branch-api:2.1128.v717130d4f816
build-name-setter:2.4.0
build-timeout:1.31
caffeine-api:3.1.8-133.v17b_1ff2e0599
casdoor-auth:18.v131a_41f5b_e2e
checks-api:2.0.2
cloudbees-folder:6.848.ve3b_fd7839a_81
command-launcher:107.v773860566e2e
commons-lang3-api:3.13.0-62.v7d18e55f51e2
commons-text-api:1.10.0-78.v3e7b_ea_d5a_fe1
config-file-provider:959.vcff671a_4518b_
credentials:1293.vff276f713473
credentials-binding:636.v55f1275c7b_27
display-url-api:2.200.vb_9327d658781
durable-task:523.va_a_22cf15d5e0
echarts-api:5.4.0-6
email-ext:2.102
fit2cloud2.0-jenkins-plugin:2.0
font-awesome-api:6.4.2-1
git:5.2.0
git-client:4.5.0
github:1.37.3
github-api:1.316-451.v15738eef3414
github-branch-source:1741.va_3028eb_9fd21
gitlab-plugin:1.7.16
gradle:2.8.2
instance-identity:173.va_37c494ec4e5
ionicons-api:56.v1b_1c8c49374e
jackson2-api:2.15.2-350.v0c2f3f8fc595
jakarta-activation-api:2.0.1-3
jakarta-mail-api:2.0.1-3
javax-activation-api:1.2.0-6
javax-mail-api:1.6.2-9
jaxb:2.3.8-1
jdk-tool:73.vddf737284550
jersey2-api:2.40-1
jjwt-api:0.11.5-77.v646c772fddb_0
jquery3-api:3.7.1-1
junit:1240.vf9529b_881428
ldap:701.vf8619de9160a_
localization-support:1.2
localization-zh-cn:371.v23851f835d6b_
mailer:463.vedf8358e006b_
mapdb-api:1.0.9-28.vf251ce40855d
matrix-auth:3.2.1
matrix-project:808.v5a_b_5f56d6966
mina-sshd-api-common:2.10.0-69.v28e3e36d18eb_
mina-sshd-api-core:2.10.0-69.v28e3e36d18eb_
multiple-scms:0.8
nodejs:1.6.1
oic-auth:2.6
oidc-provider:47.v182a_02f5b_771
okhttp-api:4.11.0-157.v6852a_a_fa_ec11
pam-auth:1.10
pipeline-build-step:505.v5f0844d8d126
pipeline-github-lib:42.v0739460cda_c4
pipeline-graph-analysis:202.va_d268e64deb_3
pipeline-groovy-lib:689.veec561a_dee13
pipeline-input-step:477.v339683a_8d55e
pipeline-milestone-step:111.v449306f708b_7
pipeline-model-api:2.2144.v077a_d1928a_40
pipeline-model-definition:2.2144.v077a_d1928a_40
pipeline-model-extensions:2.2144.v077a_d1928a_40
pipeline-rest-api:2.33
pipeline-stage-step:305.ve96d0205c1c6
pipeline-stage-tags-metadata:2.2144.v077a_d1928a_40
pipeline-stage-view:2.33
plain-credentials:143.v1b_df8b_d3b_e48
plugin-util-api:3.4.0
rebuild:320.v5a_0933a_e7d61
resource-disposer:0.23
role-strategy:689.v731678c3e0eb_
scm-api:676.v886669a_199a_a_
script-security:1275.v23895f409fb_d
snakeyaml-api:2.2-111.vc6598e30cc65
ssh-credentials:308.ve4497b_ccd8f4
ssh-slaves:2.916.vd17b_43357ce4
sshd:3.312.v1c601b_c83b_0e
structs:325.vcb_307d2a_2782
subversion:2.17.3
timestamper:1.26
token-macro:384.vf35b_f26814ec
trilead-api:2.84.v72119de229b_7
uno-choice:2.7.2
variant:60.v7290fc0eb_b_cd
workflow-aggregator:596.v8c21c963d92d
workflow-api:1283.v99c10937efcb_
workflow-basic-steps:1042.ve7b_140c4a_e0c
workflow-cps:3802.vd42b_fcf00b_a_c
workflow-durable-task-step:1289.v4d3e7b_01546b_
workflow-job:1348.v32a_a_f150910e
workflow-multibranch:756.v891d88f2cd46
workflow-scm-step:415.v434365564324
workflow-step-api:639.v6eca_cd8c04a_a_
workflow-support:865.v43e78cc44e0d
ws-cleanup:0.45

What Operating System are you using (both controller, and any agents involved in the problem)?

CentOS release 6.10 (Final)
Jenkins Version 2.414.1

when i use casdoor integrated Jenkins ,i find group field name is not effective,
The user who login from casdoor always show group 'authenticated', even though i changed the group field name to 'name' or other keys.

Reproduction steps

1

Expected Results

1

Actual Results

1

Anything else?

1

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.