Configuring Jenkins Authentication with Auth0

The procedure described here is based on Jenkins 2.7.4 but I think it should also work with other (not so distant) versions.

First of all, log into your Auth0 account.

Then create a new client application (“Clients” item in left-hand menu).

auth0_1

In  the “Create Client” dialog set the name of your client application (for example “MyJenkins“) and choose the application type “Regular Web Applications“, finally click “Create“.

auth0_2

Once the application is created, go to “Settings” and set the value of the “Allowed Callback URLs” to “http://YOUR_JENKINS_URL/securityRealm/finishLogin“. Click “Save Changes“.

auth0_4

Scroll down to the “Advanced Settings” section, click on “Endpoints“. Take the SAML Metadata URL and save the content in that URL into a file (remember this file because we will use it later when configuring Jenkins).

auth0_9

Go to the “Addons” tab and enable “SAML2” option.

auth0_5

In the Addon configuration dialog edit the settings to set the “audience” and “recipient” values to “http://%5BYOUR_JENKINS_URL%5D/securityRealm/finishLogin“.

auth0_6

Click “Save” and close de dialog. Now you should see the SAML2 option is enabled.

auth0_7

 

That’s all on Auth0 size, now let’s work on Jenkins.

To perform the following steps, you need to be logged in with a user with administrator profile. I assume the reader is already familiar with Jenkins so the instructions won’t be so detailed.

First of all we need to install the “SAML Plugin“.

auth0_8

Once the installation is ready go to “Manage Jenkins > Configure Global Security“. In the “Security Realm” pick “SAML 2.0” and in the “IdP Metadata” box paste the content of metadata file you saved on before.

Scroll down to the “Authorization” section and ensure the option “Logged-in users can do anything” is selected (authorization  is something we will work on later). Scroll down to the bottom of the page and click “Save“.

That’s all.  Close the browser [*] and the next time you try to log in you will be redirected to Auth0. Now every user enabled in your Auth0 account will be able to log into Jenkins.

In the next article I will explain how to configure authorization.

[*] at the moment of this writing there is bug in the SAML plugin that affect a logout feature https://issues.jenkins-ci.org/browse/JENKINS-37311.

Responder

Introduce tus datos o haz clic en un icono para iniciar sesión:

Logo de WordPress.com

Estás comentando usando tu cuenta de WordPress.com. Cerrar sesión / Cambiar )

Imagen de Twitter

Estás comentando usando tu cuenta de Twitter. Cerrar sesión / Cambiar )

Foto de Facebook

Estás comentando usando tu cuenta de Facebook. Cerrar sesión / Cambiar )

Google+ photo

Estás comentando usando tu cuenta de Google+. Cerrar sesión / Cambiar )

Conectando a %s